-
🕒 Estimated Time: 6–7 hours total
Subtask Estimates
Task Estimated Time Add Spring Security dependencies and config base ~30 mins Configure basic auth or form login ~1 hour Secure endpoints with annotations + test access rules ~1.5 hours Integrate DB-based user + role authentication ~1.5 hours Password encoding and secure admin setup ~1 hour Optional: stub for JWT future use ~30 mins Tests and validation (login + access control) ~1 hour
Type |
New Feature
|
Priority |
Normal
|
Assignee | |
Version |
none
|
Sprints |
n/a
|
Customer |
n/a
|
Issue Votes (0)
Implement AuthN/AuthZ with Spring Security
Goal:
Introduce basic authentication and authorization mechanisms for securing the Sztab backend. Protect endpoints based on user roles stored in the database.
Estimated Time: 6–7 hours
Task Breakdown
1. Add Spring Security Dependencies
spring-boot-starter-security
topom.xml
2. Configure Basic Auth or Form-Based Login (MVP)
/api/**
while allowing unrestricted access to/actuator
,/health
, etc.3. Secure Endpoints Using Role-Based Access
@PreAuthorize
or@Secured
SecurityFilterChain
for fine-grained config4. Connect Authentication to Database
User
andRole
from PostgreSQLUserDetailsService
or use Spring Data integrationGrantedAuthority
objects5. Password Handling
BCryptPasswordEncoder
for hashing and comparison6. Optional: JWT Stub (For Future)
7. Tests and Validation
Output Artifacts