Files
spring-graphql/spring-graphql-docs/modules/ROOT/pages/security.adoc
2023-08-04 15:38:28 +01:00

24 lines
865 B
Plaintext

[[security]]
= Security
The path to a xref:transports.adoc#server.transports.http[Web] GraphQL endpoint can be secured with HTTP
URL security to ensure that only authenticated users can access it. This does not,
however, differentiate among different GraphQL requests on such a shared endpoint on
a single URL.
To apply more fine-grained security, add Spring Security annotations such as
`@PreAuthorize` or `@Secured` to service methods involved in fetching specific parts of
the GraphQL response. This should work due to xref:request-execution.adoc#execution.context[Context Propagation] that aims to make
Security, and other context, available at the data fetching level.
The 1.0.x branch of this repository contains samples for
{github-10x-branch}/samples/webmvc-http-security[Spring MVC] and for
{github-10x-branch}/samples/webflux-security[WebFlux].