In late 2017, JHipster was nominated for / won several awards in the tech innovation space. It is easy to see why. This tool automatically generates not only boiler plate code for full stack applications based on spring boot + front end (either react or angular at the time of this writing), but it also generates boiler plate for connecting to a number of databases, tools for front end authentication, and even user management. Each of these things is a somewhat time consuming task, and having a tool that connects all of these dots out the gate can be extremely useful. While I suspect many enterprises will struggle to use all of the abilities of a tool like this due to legacy systems, small projects, startups, and people looking to learn about how some of these technologies could definitely benefit from JHipster. I will hopefully see about tackling a project using JHipster soon.
I have spent a lot of time recently trying to understand the difference between Authority and Role in Spring Security. This is a brief review of what I found. When creating a UserDetailsService or overriding configure(AuthenticationManagerBuilder auth) in the security config class that extends WebSecurityConfigurerAdapter, I basically get complete control over what I populate inside of the UserDetails that is used/returned. This is important because the UserDetails interface really only cares about how to return one thing: Collection<? extends GrantedAuthority> getAuthorities(); A GrantedAuthority just seems like a glorified String wrapper that names some thing. The question is... what is that thing? This is where the subtle difference between Authority and Role comes into play. I think that Role is an older thought/construct that automatically gets plugged into Authority if we just create a user with a Role. But completely forget about the code a...
Comments
Post a Comment