Microservices are not the holy grail of software development as many devs and managers see them. They don’t solve all your problems at once, not even the tech ones. Yet, they follow a fad blindly again. Yesterday it was Agile and SOA, today it’s still microservices and cloud. Instead of solutions, many find themselves facing new problems; worse problems.
The API will expose endpoints for login and register new users.
Now, we are ready to set up the user and configure Spring Security to protect our API.
Now we are ready to add users. We can do it two ways.
In this episode, we are adjusting the model.
Yesterday we updated the endpoints in the API and today I was going to implement it in RAML and let the generator we use to create the Spring MVC code. However, I had another problem with the generator again as it wasn’t generating the createTask method anymore because I put the boardId in the path. Besides that, the code started to get messy with no added benefit anymore.
Before we implement any security, let’s step back and add multiple kanban boards for a user.
Last time we started talking about security and I asked you how you would advise me as your client.
It is time for thinking about the securing our API. Right now, it is open to everyone, which we don’t want. So, what choices do we have?
When we return error messages, and along, we should not expose too much information. Same goes for normal data. More, especially detailed is not always better. It depends on the type of API and what the clients do with it and who the clients are.