refer: https://www.baeldung.com/security-spring
How do I verify the email addresses of new users?
How do I properly and safely store user credentials?
What if a user forgets their password?
What about users changing their own password?
How strong should passwords be? How can I enforce some sensible defaults in the app so that my users have good, strong passwords?
What if I have more than one type of user? I need a good way to store roles and privileges.
What about security questions? Should I even have them?
How do I do all of this with good localization support? There are a lot of messages involved.
[1] Çağdaş Cirit and Feza Buzluca. 2009. A UML profile for role-based access control. In Proceedings of the 2nd international conference on Security of information and networks (SIN '09). Association for Computing Machinery, New York, NY, USA, 83–92. https://doi.org/10.1145/1626195.1626217
[2] Koch, M., Parisi-Presicce, F. UML specification of access control policies and their formal verification. Softw Syst Model 5, 429–447 (2006). https://doi.org/10.1007/s10270-006-0030-z
[3] Indrakshi Ray, Na Li, Robert France, and Dae-Kyoo Kim. 2004. Using uml to visualize role-based access control constraints. In Proceedings of the ninth ACM symposium on Access control models and technologies (SACMAT '04). Association for Computing Machinery, New York, NY, USA, 115–124. https://doi.org/10.1145/990036.990054
[1] Secure your API using Spring Security 5 and Auth0. https://auth0.com/docs/quickstart/backend/java-spring-security5/interactive?download=true or https://github.com/auth0-samples/auth0-spring-security-api-sample/blob/master/01-Authorization/TUTORIAL.md
[2] Authorization with Spring MVC. https://github.com/auth0-samples/auth0-spring-security5-api-sample/tree/master/01-Authorization-MVC
[3] B2C. https://auth0.com/docs/get-started/architecture-scenarios/business-to-consumer
[4] Delivering a CIAM Project - An Auth0 Planning Guide to Customer Identity & Access Management. https://cdn2.auth0.com/docs/media/articles/architecture-scenarios/planning/B2C-Project-Planning.pdf?_gl=1*18rmt4z*_gcl_au*NjE3MjAyNTE5LjE2ODQ2NDc3OTU.*rollup_ga*NzQ0OTE4MDQ1LjE2ODQ2NDc3OTU.*rollup_ga_F1G3E656YZ*MTY4NzQ0NzY4My4xMy4xLjE2ODc0NDc3ODEuNDQuMC4w&_ga=2.79192274.736234882.1687416743-744918045.1684647795
[1] https://github.com/AnoyiX/spring-security-demos
[2] https://github.com/Snailclimb/spring-security-jwt-guide
[3] https://github.com/ali-bouali/spring-boot-3-jwt-security
[4] https://github.com/shabbirdwd53/spring-security-tutorial/tree/main