LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How do you implement role-based access control middleware?

Use a centralized middleware/interceptor that checks roles before the request reaches the controller.

Spring Security example (Java):

@Configuration
public class SecurityConfig {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) {
        http.authorizeHttpRequests(auth -> auth
            .requestMatchers("/admin/**").hasRole("ADMIN")
            .requestMatchers("/api/users/**").hasAnyRole("ADMIN", "USER")
            .requestMatchers("/public/**").permitAll()
            .anyRequest().authenticated()  // Closed policy: deny by default
        );
        return http.build();
    }
}

Why middleware, not manual checks?

Approach Pros Cons
Middleware/Interceptor Centralized, can't forget, consistent Less flexible per-endpoint
Manual per-endpoint Fine-grained control Easy to forget on one endpoint

Best practice: Use middleware for role-level access, add manual checks for ownership/resource-level access within the controller.

From Quiz: SPRG / Authorization | Updated: Jul 14, 2026