Spring Applications
Project: Order Service Security
The objective of this exercise is to secure the order service of the bookstore application using basic authentication and access control.
-
Add the starter
spring-boot-starter-security and org.springframework.security:spring-security-test as Maven dependencies.
-
Add a
password property to the customer entity and a corresponding column to the customer table of the database schema.
-
Implement a user details service that can load a fixed user with the role
EMPLOYEE and customers with their email address as username, their passwords and the role CUSTOMER.
-
Implement a security configuration class that creates a security filter chain such that basic authentication is used and access to the REST endpoints is restricted as follows:
| Service | Function | Authentication
required | Grant access to role |
| CUSTOMER | EMPLOYEE |
| Customer |
Register customer
Find customer
Search customers
Update customer |
no
yes
yes
yes |
yes
no
yes |
yes
yes
yes |
| Order |
Place order
Find order
Search orders
Cancel order |
yes
yes
yes
yes |
yes
yes
yes
yes |
no
yes
yes
yes |
-
Use the AccessController component in the customer and order service to ensure that customers can only access their own data.
-
Test the security constraints using the Postman utility and run the OrderSecurityIT integration test.
