In this liveProject, you’ll implement HTTP authentication so that leave requests can be authorized based on user role. You will set up three Role Based Access Control (RBAC) functionalities for the REST API. The first RBAC will allow a reportee user account to access its own leave requests while keeping other data secure. The second RBAC will allow managers to see all the leave requests of employees they are responsible for. Finally, you’ll establish an RBAC for approving leave requests.
This liveProject was implemented by Natan Streppel.
This project is designed for learning purposes and is not a complete, production-ready application or solution.
The liveProject is for Java programmers familiar with the basics of REST APIs. To begin this project you will need to be familiar with:
- Basics of Java, min. version 11 (classes, interfaces)
- Basics of Spring MVC (POST of GET requests)
- Basics of JDBC or Spring Data (insert or retrieve data from a database)
- Java IDEs such as Eclipse or IntelliJ IDEA
- Testing APIs via Postman
- Gradle, min. version 6.4.1
- Docker, min. version 17.03, and Docker Compose, min. version 1.22.0
- Basic debugging
- Code reviews
- Code refactoring
- Unit testing
- Security testing
you will learn
In this series of liveProjects, you’ll learn how to add essential security features to a REST API.
- Understanding an API specified in Open API Specification 3.0 using Swagger
- Setting up an environment to implement the API specification provided using Java Spring
- Authorizing requests based on user role
- Testing the functionality of the reference API implementation using Postman
- Access control testing