24 lines
865 B
Plaintext
24 lines
865 B
Plaintext
[[security]]
|
|
= Security
|
|
|
|
The path to a xref:transports.adoc#server.transports.http[Web] GraphQL endpoint can be secured with HTTP
|
|
URL security to ensure that only authenticated users can access it. This does not,
|
|
however, differentiate among different GraphQL requests on such a shared endpoint on
|
|
a single URL.
|
|
|
|
To apply more fine-grained security, add Spring Security annotations such as
|
|
`@PreAuthorize` or `@Secured` to service methods involved in fetching specific parts of
|
|
the GraphQL response. This should work due to xref:request-execution.adoc#execution.context[Context Propagation] that aims to make
|
|
Security, and other context, available at the data fetching level.
|
|
|
|
The 1.0.x branch of this repository contains samples for
|
|
{github-10x-branch}/samples/webmvc-http-security[Spring MVC] and for
|
|
{github-10x-branch}/samples/webflux-security[WebFlux].
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|