Spring Security and Non-flat Roles Inheritance Architecture

Table of contents

1. Business requirements and domain model


2. Roles, enums, and inheritance


3. Unit testing roles inheritance


4. Defining JPA entities


5. Creating custom Authentication implementation
   
   
   
   
   1. Why does getAuthorities() return empty set?
   
   
   2. UserId, and volatile authenticated flag
   
   
   
   


6. Creating custom AuthenticationProvider


7. Defining Spring Security config


8. Declaring REST API methods


9. Creating custom role checking service


10. Combining PreAuthorize and custom role checking service


11. Short and elegant enum references in SpEL expressions


12. Integration testing and validating security

Then it comes to authorization, roles always come into …

api architecture authentication business domain entities flag integration java non programming requirements rest rest api return role roles security service spel spring spring security testing volatile