Spring Roo Add Ons: Typical Security

Spring Roo Add Ons: Typical Security

The idea behind Spring Roo is that you tell it what you want, and it gives you a Java and Spring framework for developing such a tool. Typically the app you are building is a website (though it doesn't have to be).

One of the most common features of a web application framework is some kind of role based permissioning mechanism. As well as the ability to store users details, we also want to store jobs (or "Roles") that users might do, and record which users are authorised for which roles.

Spring Roo is designed with a basic minimum of functionality because it doesn't want to assume what sort of work you are doing - or what sort of website you are building. It is left to other people to build "add ons" which conform to a specific set of interfaces to enhance Spring Roo.

One such add on I have been looking at is the "spring-roo-addon-typical-security"

Basically it gives the Spring Roo user a single command which generates the add-on framework in the Spring Roo generated app. That framework consists of several more jspx template pages, some more java code using Spring Security, some more controllers, but most important of all - some new entities. It adds new JPA Entities (and thus database tables) for roles, users, and the map between the two.

It shows a lot of promise, but is by no means a finished product. There are bunch of bugs which need fixing but you can do that yourself afterwards. For instance - although it creates config files with sensible defaults you will almost certainly want to check them and change them.

So what now? I am not happy that the author(s) of this code are actively maintaining it. Unless I see some progress soon I will probably fork it off onto my own googlecode project. We shall see if we can contact any of the committers in the next few weeks.

However what is there is quite clear and I recommend it as an example if you are learning how to write your own Spring Roo add ons.



What next? Well I think I will look at http://code.google.com/p/spring-roo-addon-audit-timestamp since this is an important task: "Addon adds created and lastUpdated fields to the entity and these fields will not be part of model Pojo but managed as aspect.". to be honest I really want changes to certain tables to be logged as well.


Also of interest is http://code.google.com/p/spring-roo-addon-portletmvc/ which is (I think) written by the author of the SpringRoo cookbook.

Interesting YouTube Video about creating add ons

http://www.youtube.com/watch?v=iw4acBcKJkA and

I created a new account from scratch, and it looks like I can comment. Its still asking be for a captcha

Thanks for testing. I don't think I'll switch off the extra captcha just yet as I still have real life users triying to spam me.