Description
User story:
As a unauthorized user, I should not have access to secured resources that require valid authentication credentials
Acceptance criteria:
-
An authorization plugin for route protection should be integrated into the application’s routing system.
-
When a user attempts to access a protected route, then the authorization plugin should verify the user’s authentication status and access rights.
-
The authorization plugin should inject the user’s signed identity into the request.
-
It should implement the white-listing feature in the authorization plugin.
-
White-listed routes should be accessible to all users, regardless of authentication status.
-
When a request is made without proper authorization, then the application should respond with “401 Unauthorized” error status code and You do not have the necessary authorization to access this resource. Please log in.”