Setting up security is easy, maintaining users isn't...

[sbirnie]

All the demo's and examples I've seen for setting up Spring Security are great. How to protect your url's and methods, and even using ACL's isn't that bad once you read up on it and look at a few examples.

The issue is all the examples use hard coded username and passwords. Even my site is using id's I inserted into the database manually right now.

Spring Security doesn't have anything for easily maintaining the user information. Don't get me wrong, there's so many different options out there for storing user information it's so big a scope to implement I don't expect it to.

Is there anything out there pre-built to help with this, or do I need to create the pages and code for adding new users, confirming and changing email addresses, resetting passwords, etc myself?

Or is this just another reason I should be using OpenId/Google/or some other vendor for id's/authentication? With that as a possible answer - does anyone have an example of setting up Google authentication with cloudfoundry? <edit>Or at least one without using Roo!</edit>

[Marten Deinum]

There is some support but limited. There is an interface UserDetailsManager which has some implementations (memory, jdbc, ldap) and it expects a more or less default setup. But you still have to write the front-end stuff yourself...

I suggest a read of the book Spring Security 3, by Peter Mularien that explains how to setup spring security for open id... It should not matter if you use cloud foundry or not...