Code Room
Code reviewHardcr-g557
Subject Security missing authorization adminLevel Senior–Staff~18 minCommon in Security interviewsIndustries Software development, IT services

Question

Review this Spring MVC admin endpoint.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjava
@RestController@RequestMapping("/admin")public class AdminController {     @PostMapping("/users/{id}/delete")    public ResponseEntity<Void> deleteUser(@PathVariable Long id,                                           @RequestHeader("Authorization") String auth) {        if (auth == null || auth.isEmpty()) {            return ResponseEntity.status(401).build();        }        userService.delete(id);        return ResponseEntity.ok().build();    }}
Run or narrate your approach, then ask the coach.