Spring Security

Bookstore Project

The access to the public functions of the bookstore application shall be restricted to different user roles according to the following table:

Service	Function	Authentication required	Access granted to role
Service	Function	Authentication required	CUSTOMER	EMPLOYEE
Catalog	Add book Find book Search books Update book	yes no no yes	no no	yes yes
Customer	Register customer Find customer Search customers Update customer	no/yes¹⁾ yes yes yes	yes yes²⁾ no yes²⁾	no yes yes yes
Order	Place order Find order Search orders Cancel order	yes yes yes yes	yes²⁾ yes²⁾ yes²⁾ yes²⁾	no yes yes yes

¹⁾ no with basic authentication, yes with OIDC authentication
²⁾ access is restricted to the customer's own data