When we need to make our own custom filter chain in spring security and what's actually it's use case ?
#Spring Security Suggestions
trail shale
real daggerBOT
<@&1004656351647117403> please have a look, thanks.
Here is an AI assisted attempt to answer your question ๐ค. Maybe it helps! In any case, a human is on the way ๐. To continue talking to the AI, you can use </chatgpt:1108714622413963314>.
TJ-Bot
twin nexus
When you need some custom mechanisms/influence the request/...
inner zephyr
I know what description do u want
But i think nobody give u it
Only ai will write u that what u want
Cause people give u only overall description
trail shale
Hm
inner zephyr
Ai will make it more precisely and more
trail shale
How did u learn about Spring security?
inner zephyr
All people will write u something like simon
U asked me before ๐
I wrote u precisely
Then
trail shale
Ohh sorry
inner zephyr
Briefly u need it when u want to customize default spring solutions
trail shale
I forgot about that
trail shale
So right now I want to authenticate the user and Authorize it according to the role for making a registration page where user automatically get a user role then which topics I have to cover
inner zephyr
Default form is loginForm() if u want to change for, maybe json enpoint
U can do this
U turn off formlogin
Do endpoint with credentials object in request body
And then u customize filterchain
Cause of turning off default loginform
If u want to use ur custom cors bean
U also customizing smth in chain
And others and others
There are many examples
inner zephyr
So right now I want to authenticate the user and Authorize it according to the r...
Overall spring security flow
From filter to response
Things like an authmanager, authprovider, userdetails, userdetailsservice, passwordencoder, filters, securityfilterchain, endpoint lvl authorization, method lvl authorization, securitycontext, authentication object
This will allow u to do "basic", stuff like authorization, authentication
Cause if u know flow
U only need to use brain and logic, so this is only programming
And u achieve all u want
Ofc except another things like oauth2 cause this have another flow to understand
trail shale
Hmm
inner zephyr
And alsou need JWT. If u want stateless ofc, but u will know about this when u finish learn security fundamentals
trail shale
So how could I make the relationship between 2 entities like user and roles that user can have multiple roles and roles can be assigned to many users . Many to many things via jpa and hibernate
trail shale
Yehh but every user should have a role right without giving them the role we can't authenticate them so how to achieve it
inner zephyr
User entity store his role or roles
trail shale
So how
trail shale
My SQL
inner zephyr
Hibernate mapping is not recomendend in real world apps, for example iam not using this for a pong time
I recommend u to use clear mysql
In moment i will describe u
How to achieve ur goal
Like 15 mins
trail shale
Oh yehh sure
inner zephyr
U can also teach smth about db migration like liquibase or smth but idk on what lvl ure in programming
But this is also needed knowledge
But if u novice
U can for now do this normal way
To dont complicate
If u want to get on next lvl u can upgrade ur projects
U know its obvious
trail shale
Yehh that's why I am making a project and I need it to set roles for every user so I can authenticate them
inner zephyr
if u asking how to integrate app with db
ofc properties file
and u creating schema with use of workbench or cli what u want and what i using ofc
and u need to reflect schema that u created with sql with JPA in ur app entities
and set ddl-auto to validate or none/off i dont remember how it is named
but validate is good cause it validating jpa with ur db schema
and if u asking how to create tables structure
u have an user table, and role table, and u creating pivot table that store user id and role id
and in JPA u only creating roles list in user entity
if u want to users know about roles, and ofc if u want roles know about auser u creating users list in role entity
this is ur choic what u want to do
to reflect this pivot table with jpa
u doing smth like this:
ofc this is annotation used for smth like: private List<Role> roles; filed in ur user entity
trail shale
Yehh but when we are adding the users to the then we don't give the access to the user to set its role right then how we gonna set its role by ourself for example we have a registration form and we want to add the user then the user add it's details like name , password and more then how we gonna decide it's role by ourself
That's my question @inner zephyr
inner zephyr
basic role u can add to user in create method
if u want a basic role
if not u have endpoints with only authenticated()
not hasRole/Authority
trail shale
Hmm ok
trail shale
What is lvl by the way ? @inner zephyr
inner zephyr
Endpoint lvl is when u definein filter chain. Authorization did before controller
Method u define by annotations in controller methods
Like preauthorize or smth
Then data ca be reached
But not returned
Briefly
Endpoint lvl is more global cause u can controll all request on endpoint, u can also define specify methods like GET POST PUT...
Method lvl, u only control the specific method call
In laur spilca playlist that i was send u
Its described very well too
trail shale
ok thanks