The login authentication of the previous projects was just implemented through using database lookup tables and database validation. The user logs in and asks for their username and password credentials, then controllers call a service that checks if there is a match in the login table or none. No authorization mechanism has been made yet so far at this point.
OCS implementation in project Ch07-Activiti
uses a third-party plugin for both its authentication and authorization rules. This plugin is called Spring Security which works like this:
First, the user opens the /ch07/index.html
URL of OCS. There is a filter
class that checks the URL accessed by the user. If there is no existing session, the filter will automatically redirect any page to the custom login page /ch07/ocs/login.html
. It is always the custom login page that becomes the façade of OCS whenever there is no existing valid session. When the user logs in with their username and password credentials...