Spring Applications
Project: Basic Authentication and Authorization
The objective of this exercise is to secure the bookstore application with user authentication and access control.
-
Add the the starter
spring-boot-starter-security as Maven dependency.
-
In the catalog and order micoservice, implement a user details service
BookstoreUsersService that can load a user with username employee, password 12345 and role EMPLOYEE.
-
In the order microservice, the user details service can additionally load customers with their email address as the username, the fixed password
12345 and the role CUSTOMER.
-
Implement configuration classes
SecurityConfig with bean methods that create security filter chains such that basic authentication is used and access to the REST endpoints is restricted as follows:
| Service | Function | Authentication
required | Grant access to role |
| CUSTOMER | EMPLOYEE |
| Catalog |
Add book
Update book
Find book
Search books |
yes
yes
no
no |
no
no |
yes
yes |
| Customer |
Register customer
Find customer
Update customer |
no
yes
yes |
yes
yes |
yes
yes |
| Order |
Place order
Find order
Search orders
Cancel order |
yes
yes
yes
yes |
yes
yes
yes
yes |
no
yes
yes
yes |
-
In the order microservice, use the AccessController component to ensure that customers can only access their own data.
