robdbirch (8) [Avatar] Offline
A couple of items:
* The user/pw security properties are deprecated don't seem to work (security.user.[name, password])
* Standard Password Encoder is Deprecated but still works
* Security now seems to use the login web page by default no longer the basic dialogue box
* h2-console can still be accessed with security see:

Knowing your user Code Feedback:
I converted my interpretation of the JPA example ( to use security. In order to have the JPA understand the relationship between Order and Users I needed the following additions in the Order class and added user_id to the taco_order table:

	private User user;

Using User Address in Order Form

This was an interesting example exercise, pre-populating the Order form with the user address info that the user defined at registration.This should be displayed in the Order form as a default address but could be also changed by the user when ordering.

	public String orderForm(Order order, @AuthenticationPrincipal User user) {
		return "orderForm";

When the form is submitted the order address will be filled and the user set
	public String processOrder(@Valid Order order,
			Errors errors, 
			SessionStatus sessionStatus, 
			@AuthenticationPrincipal User user) {
		if(errors.hasErrors()) {
			return "orderForm";
		order.setUser(user);;"Order submitted: " + order);
		return "redirect:/";

GitHub Code Contains

This attempted interpretation of the example code from the book is at GitHub in a security branch:

  • Schema changes

  • DB Seeder class

  • Seeded DB with the user "brubble" and password "dino"

  • Setup with a usable h2-console

  • Looking at the code in the book, it appears there is nice package partitioning for security and data, which is missing from my GitHub interpretation.