Reputation: 315
What are the differences between spring security providers? (Spring Roo 2 M3)
Well i'm building some personal project to learn spring roo 2. Now i'm struggling with spring security. There is little information about spring roo 2 in google and many relatively useful information on spring boot relating to spring roo.
with the command "security setup" you got the "--provider" option.
This is the description that the help gives you:
optional --provider: The Spring Security provider to install. Possible values are:
DEFAULT(default Spring Security configuration provided by Spring Boot will be used), andSPRINGLETS_JPA(advanced Spring Security configuration will be included using Springlets JPA Authentication).; default: 'DEFAULT'
I couldn't find the difference between these two options, even on the spring roo M3 reference documentation. Even searching for "Springlets JPA Authentication" gives no information about it.
Anyone has any clue about this?
Thanks
Upvotes: 1
Views: 608
Answers (1)
Reputation: 3882
These are the main differences between this two providers:
DEFAULT: Is the default Spring Security auto-configuration provided by Spring Boot when you include thespring-boot-starter-securityin your project classpath. This is the default option because Spring Roo always tries to generate applications that use the auto-configuration provided by Spring Boot.- Selecting this provided the following changes will be applied to your project:
spring-boot-starter-securitydependency will be included to your pom.xml file
- If you want to know more information about this configuration you should check the spring boot reference guide
- Selecting this provided the following changes will be applied to your project:
SPRINGLETS_JPA: If you select this provider, the default Spring Security auto-configuration provided by Spring Boot will be used. In addition, this provider will include the Springlets library to your classpath that provides you some extra starters to auto-configure advanced Spring Security properties. Also, configures the security authentication to use and user from the database instead of the default in-memory authentication provided by Spring Boot auto-configuration. You will be able to manage these configuration using theapplication.propertiesfile and including the propertiesspringlets.security.auth.in-memory.enabledandspringlets.security.auth.in-memory.erase-credentials.- Selecting this provided the following changes will be applied to your project:
springlets-boot-starter-authenticationdependency will be included to your pom.xml filesecurity.enable-csrf=trueproperty will be included to enableCSRF. Know more about CSRF and Spring Security here
- To know more about the Springlets Security project check the Springlets project page
- Selecting this provided the following changes will be applied to your project:
Hope it helps,
Upvotes: 5
Related Questions
- What is the difference between Spring and Spring Boot?
- What is the difference between spring-boot-starter-oauth2-client, spring-cloud-starter-oauth2 and spring-security-oauth2
- Confusion In Spring Security in Spring Boot
- spring security AuthenticationManager vs AuthenticationProvider?
- Spring cloud security vs Spring security
- Spring @EnableResourceServer vs @EnableOAuth2Sso
- Difference in AuthenticationManager and AuthenticationProvider Authenticate method in Spring Security
- What are the differences between values: ADMIN, USER, SUPERUSER for management.security.roles for spring boot applications?
- what is difference between spring framework and spring roo
- what Spring Security make it worth to use?