Can Spring Security be auto-generated?

I’ve generally found Security requirements are easy to state, but hard to implement. So have been wondering if I can autogenerate my Spring Security configuration.

Security Requirements

Common security requirements are –

  • Access controls on files/directories based on roles, IP address
  • Validation of credentials from a authentication provider

 

Coding

The problem with coding yourself is –

  • Security is complex and you need to know what your doing – there is a lot of information in the Spring Security manual
  • Upgrades – Spring Security could upgrade and you could miss out on new features to improve your security
  • Bugs – you introduce a bug in your code

It would be easier if I could define my security requirements into a website and autogenerate my security configuration.

Prototype

I’ve created a prototype of this idea at spring-security-generator, with the code released on github

2016-10-02-21_51_07-spring-security-generator

Future

I see this idea evolving to include –

  • Tutorial – soon to be released
  • REST API security
  • Automate creation of unit tests, login pages
  • Best practice – what are the best practice for configurations of spring security?
  • Storing security configuration

About the Author Martin Farrell

Leave a Comment: