I’ve generally found security requirements are easy to state but hard to implement. So, I've been wondering if I can autogenerate my Spring Security configuration.
Common security requirements are:
- Access controls on files/directories based on roles, IP address, etc.
- Validation of credentials from an authentication provider
The problem with coding yourself is:
- Security is complex, and you need to know what you're doing — there is a lot of information in the Spring Security manual.
- Upgrades: Spring Security could upgrade and you could miss out on new features to improve your security.
- Bugs: You could introduce a bug in your code.
It would be easier if I could define my security requirements into a website and autogenerate my security configuration.
I see this idea evolving to include:
- Tutorial — soon to be released.
- REST API security.
- Automate creation of unit tests, login pages.
- Best practice — what are the best practice for configurations of spring security?
- Storing security configuration.