Book Image

Full Stack Development with JHipster,

By : Deepu K Sasidharan, Sendil Kumar Nellaiyapen
Book Image

Full Stack Development with JHipster,

By: Deepu K Sasidharan, Sendil Kumar Nellaiyapen

Overview of this book

JHipster is a development platform to generate, develop, and deploy Spring Boot and Angular/React applications and Spring microservices. It provides you with a variety of tools that will help you quickly build modern web applications. This book will be your guide to building full stack applications with Spring and Angular using the JHipster tool set. You will begin by understanding what JHipster is and the various tools and technologies associated with it. You will learn the essentials of a full stack developer before getting hands-on and building a monolithic web application with JHipster. From here you will learn the JHipster Domain Language with entity modeling and entity creation using JDL and JDL studio. Moving on, you will be introduced to client side technologies such as Angular and Bootstrap and will delve into technologies such as Spring Security, Spring MVC, and Spring Data. You will learn to build and package apps for production with various deployment options such as Heroku and more. During the course of the book, you will be introduced to microservice server-side technologies and how to break your monolithic application with a database of your choice. Next, the book takes you through cloud deployment with microservices on Docker and Kubernetes. Going forward, you will learn to build your client side with React and master JHipster best practices. By the end of the book, you will be able to leverage the power of the best tools available to build modern web applications.
Table of Contents (23 chapters)
Title Page
Copyright and Credits
Dedication
Packt Upsell
Foreword
Contributors
Preface
Index

Authorization with Spring Security


As you may have noticed, when it comes to generated code, JHipster doesn't provide much in terms of role-based security, authorization management, and so on. This is intentional, as these heavily depend on the use case and most often associated with the business logic of the application. So, it would be better if this was hand-coded by the developers as part of the business code.

Normal users have ROLE_USER and admin users have ROLE_ADMIN assigned in user management. For our use case there are few security holes that we need to take care of: 

  • Normal users should only have access to view the product listing, product order, order item, invoice, and shipment 
  • Normal users should not have access to create/edit/delete entities via the CRUD API
  • Normal users should not be able to access the product order, order item, invoice, and shipment of other users

We could overcome these issues using features provided by Spring Security.

Limiting access to entities

First, let's...