cookies are maintaining token information and username and password informatino,
So, principal user details are obtained from the cookie information
a clever user can easily manipulate the cookie information and claim as another user
also can edit authorities information in the cookie and can claim additional accesses.
Also, multiple users can have same role.
role specific accesses keep restrictions on the columns in a table
row wise filterin is supposed to be handled by Prncipal details.
Although the word Principal is used many places but functionally it is just retrieving this information from cookies instead of token.
Also, authentication server is not implemented as an independent spring boot application and keeping the controller web accesses in a separate application
generic authorities like read_all add_all etc are not handled altogether compromising on usability of the application.
it slows down drastically when number of users are more than 100 and
number of controller classes and number of authorities more than 500.
Usually for micro controller architecture this count is high and no efficiency considerations are addressed
It seems, requires lots of changes and require a new solution altogether to address all above issues
cookies are maintaining token information and username and password informatino,
So, principal user details are obtained from the cookie information
a clever user can easily manipulate the cookie information and claim as another user
also can edit authorities information in the cookie and can claim additional accesses.
Also, multiple users can have same role.
role specific accesses keep restrictions on the columns in a table
row wise filterin is supposed to be handled by Prncipal details.
Although the word Principal is used many places but functionally it is just retrieving this information from cookies instead of token.
Also, authentication server is not implemented as an independent spring boot application and keeping the controller web accesses in a separate application
generic authorities like read_all add_all etc are not handled altogether compromising on usability of the application.
it slows down drastically when number of users are more than 100 and
number of controller classes and number of authorities more than 500.
Usually for micro controller architecture this count is high and no efficiency considerations are addressed
It seems, requires lots of changes and require a new solution altogether to address all above issues