Spring Security

Project: Order Security

The objective of this exercise is to secure the order microservice of the bookstore application using basic authentication and access control.

1. Add the starters spring-boot-starter-security and spring-boot-starter-security-test as Maven dependencies.
2. Add a password property to the customer entity and a matching column to the corresponding database table, and use a password encoder in the customer service to encode customer passwords during registration or updates.
3. Implement a security configuration class with bean methods that create
   • a password encoder that uses the Bcrypt hashing function
   • an in-memory user details service that knows users with the role EMPLOYEE and CUSTOMER
   • a security filter chain that uses basic authentication and restricts access to the REST endpoints according to requirements
4. Implement a component that uses the security context to verify that the authenticated user is authorized to access a specific customer, and use this component in the customer and order service to ensure that customers can only access their own data.
5. Implement an integration test using the MockMvc bean to verify security constraints of the service.