@@ -110,16 +110,20 @@ application, just for conciseness.)
110110== Generating a 401 in the Server
111111
112112A 401 response will already be coming from Spring Security if the user
113- cannot or does not want to login with Github. What we set out to do
114- was extend that rule to reject users that are not in the right
115- origanization. It is easy to use the Github API to find out more about
116- the user, including his organizations, so we just need to plug that
117- into the right part of the authentication process. Fortunately, for
118- such a simple use case, Spring Boot has provided an easy extension
119- point: if we declare a `@Bean` of type `AuthoritiesExtractor` it will
120- be used to construct the authorities (typically "roles") of an
121- authenticated user. We can use that hook to assert the the user is in
122- the correct orignization, and throw an exception if not:
113+ cannot or does not want to login with Github, so the app is already
114+ working if you fail to authenticate with Github (e.g. by rejecting the
115+ token grant).
116+
117+ To spice things up a bit we will extend the authentication rule to
118+ reject users that are not in the right organization. It is easy to use
119+ the Github API to find out more about the user, so we just need to
120+ plug that into the right part of the authentication
121+ process. Fortunately, for such a simple use case, Spring Boot has
122+ provided an easy extension point: if we declare a `@Bean` of type
123+ `AuthoritiesExtractor` it will be used to construct the authorities
124+ (typically "roles") of an authenticated user. We can use that hook to
125+ assert the the user is in the correct orignization, and throw an
126+ exception if not:
123127
124128.SocialApplication.java
125129[source,java]
0 commit comments