Expression-Based Access Control (#517)

* Expression-Based Access Control

PermitAll, hasRole, hasAnyRole etc.
I modified classes regards to Security

* Added test cases for Spring Security Expressions

spring-security-rest-full/src/main/java/org/baeldung/spring/SecurityWithoutCsrfConfig.java

@@ -44,8 +44,9 @@ public class SecurityWithoutCsrfConfig extends WebSecurityConfigurerAdapter {
         http
         .csrf().disable()
         .authorizeRequests()
-        .antMatchers("/admin/*").hasAnyRole("ROLE_ADMIN")
-        .anyRequest().authenticated()
+        .antMatchers("/auth/admin/*").hasRole("ADMIN")
+        .antMatchers("/auth/*").hasAnyRole("ADMIN","USER")
+        .antMatchers("/*").permitAll()
         .and()
         .httpBasic()
         .and()