Blog

Spring Security Configure Users using JdbcUserDetailsManager implementation





Hey guys in this post, we will discuss configuring users in Spring Security using JdbcUserDetailsManager implementation with Example.

Complete example

Let’s create a step-by-step spring boot project and implement JdbcUserDetailsManager

Create database and tables

Anytime if we want to configure users for Spring security using JdbcUserDetailsManager implementation (provided by spring security) then we need to create the following tables inside the database in order to work correctly. Because JdbcUserDetailsManager internally uses these tables to authenticate and authorize the users.

CREATE DATABASE springsecurity;

USE springsecurity;

CREATE TABLE users 
(
	id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
    username VARCHAR(45) NOT NULL,
    password VARCHAR(45) NOT NULL,
    enabled INT NOT NULL
);

CREATE TABLE authorities
(
	id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
    username VARCHAR(45) NOT NULL,
    authority VARCHAR(45) NOT NULL
);

INSERT INTO users VALUES(NULL, 'bushan', '12345', '1');
INSERT INTO authorities VALUES(NULL, 'bushan', 'write');

Create spring boot project

There are many different ways to create a spring boot application, you can follow the below articles to create one –

>> Create spring boot application using Spring initializer
>> Create spring boot application in Spring tool suite [STS]
>> Create spring boot application in IntelliJ IDEA

Add maven dependencies

Open pom.xml and add the following dependencies –

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.5.0</version>
		<relativePath /> <!-- lookup parent from repository -->
	</parent>
	<groupId>in.bushansirgur</groupId>
	<artifactId>springsecurityproject</artifactId>
	<version>v1</version>
	<name>springsecurityproject</name>
	<description>Spring security project</description>
	<properties>
		<java.version>1.8</java.version>
	</properties>
	<dependencies>
		
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>

		<dependency>
			<groupId>mysql</groupId>
			<artifactId>mysql-connector-java</artifactId>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-test</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-jdbc</artifactId>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

</project>

spring-boot-starter-web dependency for building web applications using Spring MVC. It uses the tomcat as the default embedded container. spring-boot-starter-security dependency, which will help to implement spring security. mysql-connector-java dependency for connecting to the MySQL database. spring-boot-starter-jdbc dependency for connecting to the MySQL database using JDBC.

Configure datasource

Open application.properties file and add the following contents –

spring.datasource.url=jdbc:mysql://localhost:3306/springsecurity
spring.datasource.username=scbushan05
spring.datasource.password=scbushan05

Create a Rest controller

Create HomeController.java inside the in.bushansirgur.springboot.controller package and add the following content

package in.bushansirgur.springboot.controller;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HomeController {
	
	@RequestMapping("/home")
	public String showHomePage () {
		return "displaying the home page contents";
	}
	
	@RequestMapping("/protected")
	public String protectedPage () {
		return "displying the protected page contents";
	}
}

We have created two handler methods showHomePage(), which is mapped to /home, anyone can access this URI and protectedPage(), which is mapped to /protected, only authorized users can access this URI.



Create a configuration class

Let’s customize the spring security to deny all the URIs. Create ProjectSecurityConfig.java inside the in.bushansirgur.springboot.config package and add the following content.

package in.bushansirgur.springboot.config;

import javax.sql.DataSource;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.JdbcUserDetailsManager;

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests()
		.antMatchers("/home").permitAll()
		.antMatchers("/protected").authenticated()
		.and()
		.formLogin()
		.and()
		.httpBasic();
	}
	
	@Bean
	public UserDetailsService userDetailsService (DataSource datasource) {
		return new JdbcUserDetailsManager(datasource);
	}
	
	@Bean
	public PasswordEncoder passwordEncoder () {
		return NoOpPasswordEncoder.getInstance();
	}
}

So here we are creating a bean using @Bean for UserDetailsService. When the application loads, Spring will look into this bean and uses the JdbcUserDetailsManager implementation to validate the user credentials. We will pass the DataSource to this, which will contain the information about the database such as database URL, username, and password.

Run the app

Run the application using the below maven command –

mvn spring-boot:run

Open the browser and enter the following URL –
http://localhost:8080/home
Screenshot-2021-05-05-at-8-16-42-PM
http://localhost:8080/protected
Screenshot-2021-05-05-at-8-16-16-PM

Enter the username and password which we inserted inside the database. Spring security will authenticate and allow the user to see the contents.

That’s it for this post, if you like this post, share this with your friends and colleagues or you can share this within your social media platform. Thanks, I will see you in our next post.



Post Views: 3,707

Related posts:

  1. Spring Security Configure Users using inMemoryAuthentication
  2. Spring Security Configure Users using InMemoryUserDetailsManager
  3. Change the default username and password of Spring security application
  4. Customize the Spring security to permit all the requests
  5. Customize the Spring security to deny all the requests
  6. Customize the Spring security to permit and deny the specific requests
  7. Add Spring Security to Spring Boot Application
  8. Spring Boot Masterclass – Create Spring Boot Project using Spring Initializer 01
  9. Spring @Value annotation with Example
  10. Spring boot @PathVariable annotation Example

Bushan Sirgur

Hey guys, I am Bushan Sirgur from Banglore, India. Currently, I am working as an Associate project in an IT company.

Leave a Reply