Spring Security(Third Edition)
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

A little bit of polish

Stop at this point and think about what we've just built. You may have noticed some obvious issues that will require some additional work and knowledge of the Spring Security product before our application is production-ready. Try to make a list of the changes that you think are required before this security implementation is ready to roll out on the public-facing website.

Applying the Hello World Spring Security implementation was blindingly fast and has provided us with a login page, username, and password-based authentication, as well as the automatic interception of URLs in our calendar application. However, there are gaps between what the automatic configuration setup provides and what our end goal is, which are listed as follows:

  • While the login page is helpful, it's completely generic and doesn't look like the rest of our JBCP calendar application. We should add a login form that's integrated with our application's look and feel.
  • There is no obvious way for a user to log out. We've locked down all pages in the application, including the Welcome page, which a potential user may want to browse anonymously. We'll need to redefine the roles required to accommodate anonymous, authenticated, and administrative users.
  • We do not display any contextual information to indicate to the user that they are authenticated. It would be nice to display a greeting similar to welcome user1@example.com.
  • We've had to hardcode the username, password, and role information of the user in the SecurityConfig configuration file. Recall this section of the configure(AuthenticationManagerBuilder) method we added:
        auth.inMemoryAuthentication().withUser("user1@example.com")
        .password("user1").roles("USER");
  • You can see that the username and password are right there in the file. It's unlikely that we'd want to add a new declaration to the file for every user of the system! To address this, we'll need to update the configuration with another type of authentication.

We'll explore different authentication options throughout the first half of the book.

上一章目录下一章