all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Spring Security and Non-flat Roles Inheritance Architecture

Add to bookmarks
Feb. 23, 2023, 5:15 p.m. | Semyon Kirekov

DEV Community dev.to




Table of contents



  1. Business requirements and domain model

  2. Roles, enums, and inheritance

  3. Unit testing roles inheritance

  4. Defining JPA entities

  5. Creating custom Authentication implementation


    1. Why does getAuthorities() return empty set?

    2. UserId, and volatile authenticated flag



  6. Creating custom AuthenticationProvider

  7. Defining Spring Security config

  8. Declaring REST API methods

  9. Creating custom role checking service

  10. Combining PreAuthorize and custom role checking service

  11. Short and elegant enum references in SpEL expressions

  12. Integration testing and validating security


Then it comes to authorization, roles always come into …

api architecture authentication business domain entities flag integration java non programming requirements rest rest api return role roles security service spel spring spring security testing volatile

Visit resource

More from dev.to / DEV Community

Publish Status Others X Space Recap: Web3 Users’ Crypto Asset Security in the New Asset … 54 minutes ago | dev.to
asset assets asset security can +19
𝗪𝗵𝗮𝘁 𝗠𝗮𝗸𝗲𝘀 𝗮 𝗚𝗿𝗲𝗮𝘁 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗘𝗻𝗴𝗶𝗻𝗲𝗲𝗿 12 hours ago | dev.to
blog engineers great identity +14
API 101 using POSTMAN 13 hours ago | dev.to
api apis application application programming interface +15
Bitcoin Whitepaper but easier 14 hours ago | dev.to
aliens balloon bitcoin bitcoinwhitepaper +14
HackTheBox - Writeup Builder [Retired] 15 hours ago | dev.to
builder cve cve-2024 cve-2024-23897 +22
HackTheBox - Writeup Devvortex [Retired] 16 hours ago | dev.to
cms cve cybersecurity easy +11
How to get the verified badge on GitHub with SSH key signing 18 hours ago | dev.to
article articles badge git +12
Authentication and Authorization in Web Applications 21 hours ago | dev.to
app applications authentication authorization +14
Latest Newsletter: Space, Blogging, & Bitcoin (Issue #161) 22 hours ago | dev.to
amp bitcoin bitcoin halving blogging +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Associate Compliance Advisor

@ SAP | Budapest, HU, 1031
View on infosec-jobs.com

DevSecOps Engineer

@ Qube Research & Technologies | London
View on infosec-jobs.com

Software Engineer, Security

@ Render | San Francisco, CA or Remote (USA & Canada)
View on infosec-jobs.com

Associate Consultant

@ Control Risks | Frankfurt, Hessen, Germany
View on infosec-jobs.com

Senior Security Engineer

@ Activision Blizzard | Work from Home - CA
View on infosec-jobs.com
View more jobs