How To Secure Your Spring Application

When developing an API for a business, one of the key requirements often revolves around managing different user types and their respective permissions. In this scenario, we'll focus on three user types: admin, individual user, and corporate user.

User Roles Overview:

• Admin: Has all the privileges of the individual and corporate users, plus additional administrative capabilities.
• Individual User: Accesses standard user features.
• Corporate User: Similar to the individual user but may have access to additional resources or features tailored for corporate use.

In this post, we’ll focus on implementing the authentication and authorization mechanisms necessary to enforce these roles, ensuring the system adheres to the statelessness principle of REST.

Understanding Authentication and Authorization

Authentication vs Authorization image from javatpoint.com

 

 

Event Sourcing Pattern

An architectural pattern that models the state changes made by applications as an immutable sequence or “log” of events. Instead of modifying the state of the application in-place.

Generally with crud applications we hold only current state not how we got there. That might be issue for some applications. For example lets think an online banking application. If only thing they can see is current balance not how they got to that balance, no withdrawal, deposit or fee history.

Immutability

Immutability refers to the property of an object or data structure that is can not be modified or changed after it is initialized. Once an object created, its state can not be altered, if there is a need for a change than new object created with those changes and first one will be stay unchanged. This is valuable design choise for data integrity concurreny in multi threaded applications. Immutable objects are useful in scenarios where consistency and predictability are crucial. In some applications you wouldnt want your same data be changed simultaneously by different parts of the application.

Why?
When a data leaves a source, it passes through many different systems, each system uses a point of this data and transfers it to another system. For example, a data coming out of the database gets the first shape on a programming language, then it is kept in the necessary "stacks" and "queues" on various "pipelines", then different "threads" use the data, various "message queues" send the data to "microservices" on servers running in different locations, they use something from the data and the data ends its journey at some point. But during this journey, many different pieces of code compete to process this data, and some access and process this data first, some later.
 
Thats where immutability shines. If this data is not immutable, we will be dealing with possible problems during the entire journey of the data. If the first code runs a few milliseconds late for very different reasons, and the second code handles that data before and deletes the required value, it is possible that we will encounter a problem at that moment.