docs: document RegistrationGuard SPI demo (closes #58)#73
Conversation
Completes the outstanding documentation task from #58. The demo's DomainRegistrationGuard (and the framework's RegistrationGuard SPI) was only described in CLAUDE.md / Javadoc, not the README. - Add a "Registration Guard (restricting who can register)" section under Configuration: what the SPI is, how the sample domain guard works, how to enable it (registration-guard profile + registration.guard.allowed-domain), and how to write a custom guard, with a link to the framework's REGISTRATION-GUARD.md. - List the mfa and registration-guard opt-in profiles in the Configuration Profiles table. - Add Features bullets for MFA and the RegistrationGuard SPI.
There was a problem hiding this comment.
Pull request overview
Updates the demo app’s README to document the existing RegistrationGuard SPI demo so users can understand and enable the sample guard without relying on CLAUDE.md/Javadoc.
Changes:
- Added README documentation for the
RegistrationGuardSPI and the demoDomainRegistrationGuard, including enablement via theregistration-guardprofile and configuration property. - Expanded the Configuration Profiles table to include the
mfaandregistration-guardadd-on profiles. - Added feature bullets for MFA and the
RegistrationGuardSPI.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ./gradlew bootRun --args='--spring.profiles.active=local,registration-guard' \ | ||
| -Dregistration.guard.allowed-domain=@mycompany.com |
…args A -Dregistration.guard.allowed-domain=... placed after the bootRun task sets the property on the Gradle JVM, which is not forwarded to the forked Spring Boot application, so the override silently no-ops. Pass it as a Spring Boot command-line argument inside --args instead (same mechanism used for --spring.profiles.active). Addresses PR review feedback.
|
Good catch — fixed in 783a9aa. A ./gradlew bootRun \
--args='--spring.profiles.active=local,registration-guard --registration.guard.allowed-domain=@mycompany.com'These land in Spring Boot's |
Summary
Completes the remaining task from #58 — documenting the
RegistrationGuardSPI demo in the README. The sampleDomainRegistrationGuard, its enabling profile, and the SPI itself were previously only described inCLAUDE.mdand Javadoc.The guard implementation, unit test (
DomainRegistrationGuardTest), and the library dependency (SPI shipped in ds-spring-user-framework 4.4.0) were already in place; only the docs were outstanding.Changes (docs only)
registration-guardprofile +registration.guard.allowed-domain), and a worked example of writing a custom guard. Links to the framework'sREGISTRATION-GUARD.md.mfaandregistration-guardopt-in profiles to the Configuration Profiles table.All SPI references (
RegistrationSource{FORM,PASSWORDLESS,OAUTH2,OIDC},RegistrationContext(email, source, providerName),RegistrationDecision.allow()/deny()) were verified against the framework source.Note on #58
The implementation diverged from the original issue spec: it uses a
registration-guardSpring profile +registration.guard.allowed-domainproperty rather than the issue's proposeddemo.registration.restricted=true+ hardcoded domain set. The README documents the actual (profile-based) behavior.Closes #58.