Spring 4 MVC and JDBC authenticated Spring Security – 100% java annotation based configuration

I feel pleasure to introduce you another post on this spring 4 development environment series. So far we have done the following steps.

This post would be an extension to my earlier post Spring 4 MVC and Spring Security 100% java annotation based configuration. We have used in-memory authentication, which is suitable for a beginner. But my next project has already a database designed and I need to authenticate against it. So here would be the jdbc based authentication. Please add MySQL and Commons DBCP in your maven dependencies.

Modify WebSecurityConfig

The in-memory configuration has been defined in WebSecurityConfig.java in our earlier example. Lets modify it slightly to handle the authentication with JDBC. Pls look at the method public void configAuthentication(AuthenticationManagerBuilder auth).

package org.grassfield.conf;

import org.apache.commons.dbcp2.BasicDataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

@SuppressWarnings("deprecation")
@Configuration
@EnableWebMvcSecurity
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    /*@Autowired
    private DataSource datasource;*/

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.authorizeRequests().antMatchers("/", "/home").permitAll()
                .anyRequest().authenticated().and().formLogin()
                .loginPage("/login").permitAll().and().logout().permitAll();
    }

    
    @Autowired
    public void configAuthentication(AuthenticationManagerBuilder auth)
            throws Exception {
        BasicDataSource ds = new BasicDataSource();
        ds.setDriverClassName("com.mysql.jdbc.Driver");
        ds.setUrl("jdbc:mysql://localhost:3306/vriksha");
        ds.setUsername("root");
        ds.setPassword("");
        
        auth.jdbcAuthentication()
        .dataSource(ds)
        .usersByUsernameQuery(
                "select u.user_name, u.password, true from user_info u, user_role r where u.user_role_id=r.id and u.user_name=?")
        .authoritiesByUsernameQuery(
                "select u.user_name, r.name from user_info u, user_role r where u.user_role_id=r.id and u.user_name=?");
    }
}

Here are the screenshots. jdbc01 jdbc02


spring-tool-suite-project-logo java8-logo image00110 Apache-Tomcat-logo

Advertisements

One thought on “Spring 4 MVC and JDBC authenticated Spring Security – 100% java annotation based configuration

  1. Pingback: Spring 4 MVC + Spring 3 Security + Hibernate 4 – integration with java annotations | JavaShine

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s