Spring 4 MVC and JDBC authenticated Spring Security – 100% java annotation based configuration

I feel pleasure to introduce you another post on this spring 4 development environment series. So far we have done the following steps.

This post would be an extension to my earlier post Spring 4 MVC and Spring Security 100% java annotation based configuration. We have used in-memory authentication, which is suitable for a beginner. But my next project has already a database designed and I need to authenticate against it. So here would be the jdbc based authentication. Please add MySQL and Commons DBCP in your maven dependencies.

Modify WebSecurityConfig

The in-memory configuration has been defined in WebSecurityConfig.java in our earlier example. Lets modify it slightly to handle the authentication with JDBC. Pls look at the method public void configAuthentication(AuthenticationManagerBuilder auth).

package org.grassfield.conf;

import org.apache.commons.dbcp2.BasicDataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

@SuppressWarnings("deprecation")
@Configuration
@EnableWebMvcSecurity
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    /*@Autowired
    private DataSource datasource;*/

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.authorizeRequests().antMatchers("/", "/home").permitAll()
                .anyRequest().authenticated().and().formLogin()
                .loginPage("/login").permitAll().and().logout().permitAll();
    }

    
    @Autowired
    public void configAuthentication(AuthenticationManagerBuilder auth)
            throws Exception {
        BasicDataSource ds = new BasicDataSource();
        ds.setDriverClassName("com.mysql.jdbc.Driver");
        ds.setUrl("jdbc:mysql://localhost:3306/vriksha");
        ds.setUsername("root");
        ds.setPassword("");
        
        auth.jdbcAuthentication()
        .dataSource(ds)
        .usersByUsernameQuery(
                "select u.user_name, u.password, true from user_info u, user_role r where u.user_role_id=r.id and u.user_name=?")
        .authoritiesByUsernameQuery(
                "select u.user_name, r.name from user_info u, user_role r where u.user_role_id=r.id and u.user_name=?");
    }
}

Here are the screenshots. jdbc01 jdbc02


spring-tool-suite-project-logo java8-logo image00110 Apache-Tomcat-logo

Advertisements