robdbirch (8) [Avatar] Offline
#1
A couple of items:
* The user/pw security properties are deprecated don't seem to work (security.user.[name, password])
* Standard Password Encoder is Deprecated but still works
* Security now seems to use the login web page by default no longer the basic dialogue box
* h2-console can still be accessed with security see: https://springframework.guru/using-the-h2-database-console-in-spring-boot-with-spring-security


Knowing your user Code Feedback:
I converted my interpretation of the JPA example (https://github.com/robdbirch/spia5/tree/jpa) to use security. In order to have the JPA understand the relationship between Order and Users I needed the following additions in the Order class and added user_id to the taco_order table:

    @ManyToOne(fetch=FetchType.LAZY)
    @JoinColumn(name="user_id")
	private User user;


Using User Address in Order Form

This was an interesting example exercise, pre-populating the Order form with the user address info that the user defined at registration.This should be displayed in the Order form as a default address but could be also changed by the user when ordering.

	@GetMapping("/current")
	public String orderForm(Order order, @AuthenticationPrincipal User user) {
		order.setStreet(user.getStreet());
		order.setCity(user.getCity());
		order.setState(user.getState());
		order.setZip(user.getZip());
		return "orderForm";
	}


When the form is submitted the order address will be filled and the user set
	@PostMapping
	public String processOrder(@Valid Order order,
			Errors errors, 
			SessionStatus sessionStatus, 
			@AuthenticationPrincipal User user) {
		if(errors.hasErrors()) {
			return "orderForm";
		}
		order.setUser(user);
		orderRepo.save(order);
		log.info("Order submitted: " + order);
		sessionStatus.setComplete();
		return "redirect:/";
	}




GitHub Code Contains

This attempted interpretation of the example code from the book is at GitHub in a security branch: https://github.com/robdbirch/spia5/tree/security

  • Schema changes

  • DB Seeder class

  • Seeded DB with the user "brubble" and password "dino"

  • Setup with a usable h2-console


  • Looking at the code in the book, it appears there is nice package partitioning for security and data, which is missing from my GitHub interpretation.