Skip to content

arnosthavelka/security-poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

104 Commits
.github/workflows
.github/workflows
 
 
src/main
src/main
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

security-poc

Java CI with Maven Sonar quality gate Sonar coverage Sonar bugs Sonar vulnerabilities MIT licensed

The project demonstrates several different approaches to use Spring Security (see table bellow). These approaches are usable by Spring profiles.

Pre-requisities

  • JDK 17
  • Maven 3.8

Features

  • authentication (different profiles) & authorization
  • JSP + JSTL
  • Actuator
  • (currently) no testing -> therefore quality gate is failing

Profiles

Type Maven Profile Spring Profile Password encoder Note
In-Memory (default) MEM IN_MEMORY delegating Default profile (no PasswordEncoder used)
Database DB JDBC none via jdbcAuthentication method (maven dependencies for embbeded DB)
Custom service USER_SERVICE USER_DETAIL_SERVICE custom service via User Detail Service (maven dependencies for embbeded DB)
LDAP LDAP LDAP BCrypt hashing with UnboundId
Authentication provider AD AD native with Active Directory

Profile usage:

java spring-boot:run --spring.profiles.active=JDBC

Note: some dependencies have to be added on the classpath manually in IDE. It applies only to profiles USER_DETAIL_SERVICE & LDAP. However, it's working correctly outside IDE (running the WAR).

About

Playing with Spring Security

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages