Package eu.rarogsoftware.rarog.platform.api.security

Annotation Interface OrganicAuthOnly

@Target({METHOD,TYPE})
@Retention(RUNTIME)
@Inherited
@Documented
@PreAuthorize("hasAuthority(\'AUTH_ORGANIC\')")
public @interface OrganicAuthOnly

Enforces access restriction to endpoint(s) to users that logged-in using "organic means" aka login to system by user like using login form, session stored authentication, SSO, etc. It will exclude all kinds of logins from secondary sources like using access tokens, JWT OAuth2 (when Rarog is identity provider), etc. which are designed to be used by automations and external systems.

It enforce role requirements with PreAuthorize using Spring login.

Code annotated with OrganicAuthOnly

          @GetMapping("test")
          @OrganicAuthOnly
          ResponseEntity testMethod()
     

is equivalent of code annotated with both PreAuthorize

          @GetMapping("test")
          @PreAuthorize("hasRole('AUTH_ORGANIC')")
          ResponseEntity testMethod()