1 00:00:00,180 --> 00:00:06,660 In the previous lecture we had discussed about metal level security, how to implement using invocation 2 00:00:06,660 --> 00:00:07,480 authorization. 3 00:00:07,620 --> 00:00:14,820 So now in this lecture, let's try to understand how to implement metal level security using filtering 4 00:00:14,820 --> 00:00:15,620 authorization. 5 00:00:15,840 --> 00:00:22,430 So think of a scenario where you don't want to stop the invocation of the method blindly. 6 00:00:22,650 --> 00:00:29,160 Instead, you want to relay on the parameters that is being passed to the method are that are coming 7 00:00:29,430 --> 00:00:31,330 after the execution of the method. 8 00:00:31,470 --> 00:00:39,960 So based upon the parameters to and fro to the matter, you want to apply some authorization rules in 9 00:00:39,960 --> 00:00:40,980 such scenarios. 10 00:00:41,280 --> 00:00:44,760 We will go to filtering authorization again. 11 00:00:44,760 --> 00:00:48,090 Filtering authorization has two approaches. 12 00:00:48,090 --> 00:00:51,720 One is with the pre filter and the other one is with the post filter. 13 00:00:52,050 --> 00:00:59,220 As you can see here, there is a lawn service class which has a method update law and details which 14 00:00:59,220 --> 00:01:03,690 will accept the loan details from the user and it will be updating that database. 15 00:01:03,900 --> 00:01:13,380 But here I apply the pre filter authorization condition where if the current authenticated user is the 16 00:01:13,380 --> 00:01:18,910 same as whatever username present inside the loan, then only invoke this method. 17 00:01:19,050 --> 00:01:25,910 That means I should be able to update my own loan details, but not other loan details. 18 00:01:26,250 --> 00:01:33,660 So this is how you can apply pre filter by checking the parameters that the method receive to decide 19 00:01:33,810 --> 00:01:36,760 whether the method should be invoked or not. 20 00:01:37,200 --> 00:01:39,330 Similarly, paused to filter. 21 00:01:40,020 --> 00:01:44,910 Also, we can leverage in the scenarios where I want to execute my method. 22 00:01:45,150 --> 00:01:51,060 Whatever the user logged in, I don't care about his or her authorization details. 23 00:01:51,420 --> 00:01:59,910 But after executing while sharing the results to the user, I want to apply some filtering conditions 24 00:02:00,030 --> 00:02:06,080 are apply some authorization rules, then only the results will be shared by the user. 25 00:02:06,210 --> 00:02:12,630 Otherwise the results should not be shared and the four zero three error should come in such scenarios. 26 00:02:12,870 --> 00:02:14,220 I can use post filter. 27 00:02:14,520 --> 00:02:21,090 You can see here there is a lawn service class which has a method get lawn details which will return 28 00:02:21,090 --> 00:02:23,850 the lawn details of an user. 29 00:02:24,270 --> 00:02:33,090 But we can leverage post filter to make sure the loan details has the user name, same as the current 30 00:02:33,090 --> 00:02:41,130 logged in user, which means I should be able to get the loan details from me only, but not other details. 31 00:02:41,460 --> 00:02:47,670 We can also use post filter in spring data repositories like if you are getting hundreds of records, 32 00:02:47,910 --> 00:02:54,410 but I want to share the user only the record specific to him in such scenarios. 33 00:02:54,420 --> 00:02:58,270 Also, I can use post filter to filter the unwanted data. 34 00:02:58,500 --> 00:03:05,060 Of course we can add to that using where conditions are also, but that is also possible using post 35 00:03:05,070 --> 00:03:05,780 filter. 36 00:03:05,940 --> 00:03:11,970 So now we have a basic understanding of what is filtering alteration in metal level security. 37 00:03:12,310 --> 00:03:18,400 Next, will you let us try to do some hands on inside our application to understand them? 38 00:03:18,690 --> 00:03:19,140 Thank you. 39 00:03:19,140 --> 00:03:20,700 And see you in the next lecture by.