1
00:00:00,300 --> 00:00:05,670
In the previous video, we looked at what's the difference between authority and roles now in this region?

2
00:00:05,700 --> 00:00:13,470
Let's try to understand how to configure rules and perform a transition using them similar to authorities.

3
00:00:13,500 --> 00:00:15,780
We also have three different methods.

4
00:00:15,930 --> 00:00:23,040
Has rule has any rule access methods which will allow you to perform some configurations based upon

5
00:00:23,040 --> 00:00:31,590
the rules, as you can expect, has will allow you to configure a single rule based upon which the user

6
00:00:31,590 --> 00:00:35,370
will be allowed to access a particular endpoint.

7
00:00:35,730 --> 00:00:43,190
Whereas has any rule you can mention any number of rules and the user has to have at least one of that

8
00:00:43,200 --> 00:00:46,020
rule, which we configured using has any rule.

9
00:00:46,320 --> 00:00:50,640
And accordingly he will be allowed to access the endpoints.

10
00:00:50,790 --> 00:00:56,430
And like authorities, access method also is very better way of configuring.

11
00:00:56,430 --> 00:01:02,760
If you have a complex requirements like based upon some conditions or conditions.

12
00:01:02,760 --> 00:01:05,510
In that scenario we can go with the access method.

13
00:01:05,730 --> 00:01:13,830
But while we are configuring the rules, we should have a rule underscore prefix added in the database.

14
00:01:14,040 --> 00:01:18,860
And this is an indication for us and for the spring security.

15
00:01:19,030 --> 00:01:21,330
OK, this is not a normal authority.

16
00:01:21,540 --> 00:01:24,000
It is a role based access.

17
00:01:24,150 --> 00:01:29,640
And at the same time, you don't have to mention the specifics while you're configuring these rules

18
00:01:29,760 --> 00:01:31,760
inside your security code.

19
00:01:32,070 --> 00:01:37,650
We can see that when we are checking the code and when what you do with the access method is it's not

20
00:01:37,650 --> 00:01:44,970
only about the user authorities and rules, you can control the access to that particular API based

21
00:01:44,970 --> 00:01:46,050
upon any condition.

22
00:01:46,260 --> 00:01:53,250
Like you may have a scenario where the users from a particular country are where the users should be

23
00:01:53,250 --> 00:02:00,410
able to access this, but only during certain time frame or certain date in all the scenarios.

24
00:02:00,420 --> 00:02:09,210
Also, you can go ahead and leverage access method, whereas TasRail has any has a has any authority

25
00:02:09,389 --> 00:02:12,470
that tied up with your authorities and rules.

26
00:02:12,690 --> 00:02:16,120
So that's the main advantage of the access method.

27
00:02:16,350 --> 00:02:23,240
Now let's try to go to the court and understand how we can configure our tradition based upon Royds.

28
00:02:23,550 --> 00:02:25,080
First, I'll go to the database.

29
00:02:25,530 --> 00:02:32,100
What I have done is previously we used to have read and write authorities, but I have already them

30
00:02:32,100 --> 00:02:35,250
with the rules for the happy user.

31
00:02:35,490 --> 00:02:38,480
There are two rules that we are configured for the happy customer.

32
00:02:38,730 --> 00:02:42,630
One is role and the user and the other one is role and the score.

33
00:02:43,200 --> 00:02:51,450
So whenever you want to use a role, has a role, has any role methods, we should definitely have this

34
00:02:51,450 --> 00:02:54,300
role prefix attached in the database.

35
00:02:54,540 --> 00:03:01,590
The reason is, while performing these comparison checks, spring security automatically will add a

36
00:03:01,590 --> 00:03:04,450
prefix overall to the value that you provide.

37
00:03:04,680 --> 00:03:10,760
That is why we should not configure the to prefix in the code, but only in the database.

38
00:03:11,100 --> 00:03:12,630
So now we have it in the database.

39
00:03:12,990 --> 00:03:15,300
Let's try to go to the court here.

40
00:03:15,300 --> 00:03:23,070
You can see previously we used to have authorities, but now I have used a has rule, has any rule and

41
00:03:23,400 --> 00:03:27,060
rules like user admin drut I have used here.

42
00:03:27,060 --> 00:03:33,420
You can understand I am not prefixing anything with a rule underscored with this names.

43
00:03:33,630 --> 00:03:38,400
The reason is spring security automatically will add a prefix rule.

44
00:03:38,400 --> 00:03:39,030
Underscore Oscar.

45
00:03:39,390 --> 00:03:42,320
We are using rule based methods.

46
00:03:42,780 --> 00:03:48,660
So here you can clearly understand my account can be accessed by the users who has a role user.

47
00:03:48,990 --> 00:03:54,040
My balance will be accessed by a user who has another user.

48
00:03:54,060 --> 00:03:58,650
Admin role and influence will be accessed by the users who has a role.

49
00:03:59,100 --> 00:04:01,190
And my card users are.

50
00:04:01,680 --> 00:04:06,570
They are accessed by anyone who are authenticate with this configuration.

51
00:04:06,570 --> 00:04:13,350
We should be able to access my account, my balance, my cards, but not the loans because my loans

52
00:04:13,350 --> 00:04:16,260
need a brutal role and are happy.

53
00:04:16,260 --> 00:04:17,700
Customer does not have that.

54
00:04:17,880 --> 00:04:19,709
Let's try to go and validate that.

55
00:04:19,890 --> 00:04:23,130
I'm trying to log in to the application and checking account.

56
00:04:23,130 --> 00:04:24,470
I'm able to see the response.

57
00:04:24,470 --> 00:04:27,090
Same with balance, same with cards.

58
00:04:27,360 --> 00:04:34,290
But if I go on loans, we are not able to get the data that the reason for zero three at a.

59
00:04:34,590 --> 00:04:41,790
So in this way we can configure authorization using rules and also authorities.

60
00:04:42,030 --> 00:04:48,870
I hope now you understand how to perform authorization inside your application based upon authorities

61
00:04:48,870 --> 00:04:55,530
roles and different ways to configure the same in your spring security code as well enough of authorization

62
00:04:55,980 --> 00:04:57,120
in the next years.

63
00:04:57,480 --> 00:04:59,870
Let's try to understand how to.

64
00:04:59,970 --> 00:05:07,190
Perform restrictions on the EPA, but using different matches available inside out springs accurately,

65
00:05:07,400 --> 00:05:15,260
as of now, we are only using and matches always, but we also have various methods and matches available

66
00:05:15,260 --> 00:05:23,060
in spring security that we can easily leverage to perform restrictions on the EPA parts beyond the rules

67
00:05:23,150 --> 00:05:24,350
and authorities.

68
00:05:24,500 --> 00:05:24,950
Thank you.

69
00:05:24,950 --> 00:05:26,190
And see you in the next video by.