Update sectraining.md

2024-02-05 12:07:49 +01:00 · 2024-02-05 12:07:49 +01:00 · becb68794d
commit becb68794d
parent a83bc196e3
1 changed files with 29 additions and 0 deletions
--- a/sectraining.md
+++ b/sectraining.md
@ -125,3 +125,32 @@ private static boolean isLocal(String path) {
    return path.startsWith("/") && !path.startsWith("//");
 }
 ```
+
+### Broken Authorization
+
+#### prevention in java (spring boot)
+
+```java
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+    @Override
+    protected void configure(HttpSecurity security) throws Exception {
+        http
+          .authorizeRequests()
+          .antMatchers("/admin/**").hasRole("ROLE_ADMIN");
+    }
+    ...
+}
+```
+
+and
+
+```java
+@Service
+public class AdminService {
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public List<Organization> findAllOrganizations() { ... }
+    ...
+}
+```