I’ve generally found Security requirements are easy to state, but hard to implement. So have been wondering if I can autogenerate my Spring Security configuration.
Common security requirements are –
- Access controls on files/directories based on roles, IP address
- Validation of credentials from a authentication provider
The problem with coding yourself is –
- Security is complex and you need to know what your doing – there is a lot of information in the Spring Security manual
- Upgrades – Spring Security could upgrade and you could miss out on new features to improve your security
- Bugs – you introduce a bug in your code
It would be easier if I could define my security requirements into a website and autogenerate my security configuration.
I’ve created a prototype of this idea at spring-security-generator, with the code released on github
I see this idea evolving to include –
- Tutorial – soon to be released
- REST API security
- Automate creation of unit tests, login pages
- Best practice – what are the best practice for configurations of spring security?
- Storing security configuration