security-poc
The project demonstrates several different approaches to use Spring Security (see table bellow). These approaches are usable by Spring profiles.
Pre-requisities
- JDK 17
- Maven 3.8
Features
- authentication (different profiles) & authorization
- JSP + JSTL
- Actuator
- (currently) no testing -> therefore quality gate is failing
Profiles
| Type | Maven Profile | Spring Profile | Password encoder | Note |
|---|---|---|---|---|
| In-Memory (default) | MEM | IN_MEMORY | delegating | Default profile (no PasswordEncoder used) |
| Database | DB | JDBC | none | via jdbcAuthentication method (maven dependencies for embbeded DB) |
| Custom service | USER_SERVICE | USER_DETAIL_SERVICE | custom service | via User Detail Service (maven dependencies for embbeded DB) |
| LDAP | LDAP | LDAP | BCrypt hashing | with UnboundId |
| Authentication provider | AD | AD | native | with Active Directory |
Profile usage:
java spring-boot:run --spring.profiles.active=JDBC
_Note: some dependencies have to be added on the classpath manually in IDE. It applies only to profiles USER_DETAIL_SERVICE & LDAP. However, it's working correctly outside IDE (running the WAR)._