How to Make Your Security Policy Auditable
Too Long; Didn't Read
The Spring Boot application offers a REST endpoint to check employees' salaries. We need a way to:1. Authenticate an HTTP request as coming from a known user2. Check whether the user has access to the salary data. I won't rely on a dedicated authentication/authorization backend, such as Keycloak.