12.4. Authorization
PicketLink supports different authorization methods for paths, they are:
-
RBAC
, Role-Based Access Control -
GBAC
, Group-Based Access Control -
Realm-Based Access Control
-
Expression Language
-
Write Your Authorization Method
When you configure the authorization policies to a specific path you just need to provide any of the available options available from the
authorizeWith()
method provided by the HttpSecurityBuilder
.
httpBuilder .forPath("/admin/*") .authorizeWith() .role("Administrator")
In the next sections we'll cover each of them in more details.
12.4.1. Role-Based Authorization
This method allows you to perform authorization based on the roles granted for your users. Access is granted only if they were granted with a specific set of roles.
To configure this method of authorization for a specific path just do:
httpBuilder .forPath("/admin/*") .authorizeWith() .role("Administrator");
Here, the
role
method expects one or more role names.