kotlin-web-maven-spring-thyme-challenge-question-aes-encoded-scrypt-encode

Description

A springboot secure web app with thymeleaf support. Three roles are defined; USER, ADMIN, and SUPER. All roles can access pages /home, /login, and /about. Only USER can access /user and ADMIN only /admin whereas SUPER can navigate to either and have its own /super. Each role has an action USER=VIEW ONLY, ADMIN=READ/WRITE, SUPER=CREATE. All password are AES encrypted and encoded with scrypt.

Presents a register form to create an inMemoryUser. Once the user is created it is given the USER role by default and auto logged in.

Presents a challenge-question form to challenge-question passwords on any user, by default the user is reassigned USER role and auto logged in. Only restriction on passwords are they match; all validation is done client side.

Uses a challenge question on password rest and user register to verify user. Customizes user data class by extending the UserDetailService.

Tech stack

• kotlin
• maven

Docker stack

• maven:3-openjdk-17

To run

sudo ./install.sh -u Available at http://localhost

• Login with id: user and password: pass
• Login with id: admin and password: pass
• Login with id: super and password: pass

To stop (optional)

sudo ./install.sh -d

For help

sudo ./install.sh -h

Credits

• https://hellokoding.com/spring-security-login-logout-thymeleaf/
• https://www.javainterviewpoint.com/spring-security-inmemoryuserdetailsmanager/