diff --git a/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc b/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc index efc29212f51..7cb7fab3217 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc @@ -258,7 +258,7 @@ void endpointWhenNotUserAuthorityThenForbidden() { @Test void anyWhenUnauthenticatedThenUnauthorized() { this.mvc.perform(get("/any")) - .andExpect(status().isUnauthorized()) + .andExpect(status().isUnauthorized()); } ---- ====== @@ -387,7 +387,7 @@ void endpointWhenNotUserAuthorityThenForbidden() { @Test void anyWhenUnauthenticatedThenUnauthorized() { this.mvc.perform(get("/any")) - .andExpect(status().isUnauthorized()) + .andExpect(status().isUnauthorized()); } ---- ====== @@ -521,7 +521,7 @@ void getWhenNoReadAuthorityThenForbidden() { @Test void postWhenWriteAuthorityThenAuthorized() { this.mvc.perform(post("/any").with(csrf())) - .andExpect(status().isOk()) + .andExpect(status().isOk()); } @WithMockUser(authorities="read") @@ -737,7 +737,7 @@ SecurityFilterChain web(HttpSecurity http) throws Exception { .dispatcherTypeMatchers(FORWARD, ERROR).permitAll() // <2> .requestMatchers("/static/**", "/signup", "/about").permitAll() // <3> .requestMatchers("/admin/**").hasRole("ADMIN") // <4> - .requestMatchers("/db/**").access(allOf(hasAuthority('db'), hasRole('ADMIN'))) // <5> + .requestMatchers("/db/**").access(allOf(hasAuthority("db"), hasRole("ADMIN"))) // <5> .anyRequest().denyAll() // <6> ); @@ -805,7 +805,7 @@ Xml:: ---- ====== -<1> We specified a URL patters that any user can access. +<1> We specified a URL pattern that any user can access. Specifically, any user can access a request if the URL starts with "/static/". <2> Any URL that starts with "/admin/" will be restricted to users who have the role "ROLE_ADMIN". You will notice that since we are invoking the `hasRole` method we do not need to specify the "ROLE_" prefix.