We often return partially filled objects from our controller methods.
For example, when returning the current user data, you’d not like the password and other sensitive fields to be returned. You may create a new user object, only fill the fields that you’d like returned, and then return that...
When developing an application, we sometimes reuse the entity classes as command objects. In other words, we use the same entity classes to receive user inputs. See this class for example:
@Entity
public class Employee {
@Id
private Long id;
@Size(min=1, max=50)
...
A common way to restrict access to URLs when using Spring Security is to configure mvcMatchers (or the old antMatchers).
For example, say you have an e-commerce application with the products visible at the URL http://www.example.com/products/{id}, which should be accessible to everyone.
To...
This post assumes that you are already familiar with Spring Data Repositories. Here, I’ll share a handy tip on using Spring Data.
For accessing data using Spring Data, we code repository interfaces, as below:
public interface UserRepository extends JpaRepository<User, Long> {
...
Sometimes we may need to intercept the requests received by our Spring MVC application. For example, we may be running a paid service and like to count the requests per user.
Spring MVC handler-interceptors come in handy in such cases. Using handler interceptors, you can execute custom code...
In last post, we discussed how to secure domain objects using Spring’s PermissionEvaluator. In this post, we’ll take that forward, and see how to code a clean pattern for coding the access rules. Specifically, we will see how to have different PermissionChecker classes, one per domain...
We often need to restrict access to our domain objects based on who has logged in. Take this business rule for example – “an employee record could be edited only by her department head.”
Spring Security does support ACL to handle this kind of domain object security requirments, but that often...
In an earlier post, we discussed how to externalize application properties in Spring Boot applications.
That would work well for single, standalone applications. However, when we have more than one application, say in a microservice architecture, a better alternative would be to manage the...