/ Database Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Auto-Generating Spring Security: Accessing the In-memory Database

DZone's Guide to

Auto-Generating Spring Security: Accessing the In-memory Database

Here's a nice Spring Security + Spring Boot tutorial on using in-memory H2 Database to configure Spring Security with source code examples.

by
·
Nov. 29, 16 · Database Zone ·
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Databases are better when they can run themselves. CockroachDB is a SQL database that automates scaling and recovery. Check it out here.

I came across a blog post from the Spring Framework Guru that uses the H2 database console, and I thought it would be useful to combine the console with my own Spring Security tutorials.

I’ve updated the parkrunpb project on GitHub to replace hsqldb with h2database. I've also introduced a new class — WebConfiguration.java — which registers the H2 database servlet.

First, let's start the application:

mvn spring-boot:run

Access the Console

You can access the console through -http://localhost:8080/console. 

console2

You then make sure the JDBC URL is:

jdbc:h2:mem:testdb

And login:

console3

The layout shows the tables we loaded in schema.sql on the right (CUSTOM_AUTHORITIES, CUSTOM_USERS, and PARKRUNCOURSE)

Combine it With Spring Security

The next step is to combine with Spring Security, so I’ll use the configuration from the previous tutorial — Auto-generating Spring Security Tutorial – Custom JDBC Realms

We start with our class:

@EnableWebSecurity public class SecurityConfig extends 
  WebSecurityConfigurerAdapter {     
  @Autowired     
  private DataSource dataSource;     
  @Autowired     
  public void configureGlobal(AuthenticationManagerBuilder auth)             
    throws Exception {          
    auth              
      .jdbcAuthentication()                  
      .dataSource(dataSource)                    
      .usersByUsernameQuery(                    
      "select username, password, enabled from custom_users where username = ?")
      .authoritiesByUsernameQuery(                    
      "select username, authority from custom_authorities where username = ?");  
  }    
  @Override    
  protected void configure(HttpSecurity http) throws Exception {         
    http             
      .authorizeRequests()                 
      .antMatchers("/webjars/**","/about.html","/rest/**").permitAll()     
      .antMatchers("/admin/**").hasAnyRole("CUSTOM_ADMIN")                 
      .anyRequest().authenticated()             
      .and()                 
      .formLogin()                     
      .loginPage("/login")                     
      .defaultSuccessUrl("/admin/admin.html")                     
      .failureUrl("/login")                     
      .permitAll()              
      .and()                 
      .logout()                     
      .logoutSuccessUrl("/")                     
      .permitAll()                     ;                         
  }     
}


We then add to the configure method:

http.authorizeRequests().antMatchers("/").permitAll().and()                 
  .authorizeRequests().antMatchers("/console/**").permitAll();          
http.csrf().disable();         
http.headers().frameOptions().disable();


The method then becomes:

@Override     
protected void configure(HttpSecurity http) throws Exception {         
  http             
    .authorizeRequests()                 
    .antMatchers("/webjars/**","/about.html","/rest/**").permitAll()    
    .antMatchers("/admin/**").hasAnyRole("CUSTOM_ADMIN")                 
    .anyRequest().authenticated()             
    .and()                 
    .formLogin()                     
    .loginPage("/login")                     
    .defaultSuccessUrl("/admin/admin.html")                     
    .failureUrl("/login")                     
    .permitAll()              
    .and()                 
    .logout()                     
    .logoutSuccessUrl("/")                     
    .permitAll();                              
  http.authorizeRequests().antMatchers("/").permitAll().and()                 
    .authorizeRequests().antMatchers("/console/**").permitAll();          
  http.csrf().disable();         
  http.headers().frameOptions().disable();                          
}

This means the normal security from the original tutorial is applied to the application, but we have a special rule for the console.

You can then test the application as before with the username/password customadmin/customadmin. You could also insert or update courses.

Databases should be easy to deploy, easy to use, and easy to scale. If you agree, you should check out CockroachDB, a scalable SQL database built for businesses of every size. Check it out here. 

Like This Article? Read More From DZone

Spring Boot and Database Initialization
Spring Boot With Spring Security and JDBC (Part 2)
Spring Security With Spring Boot 2.0: Password Encoder

Free DZone Refcard

Graph-Powered Search: Neo4j & Elasticsearch
DOWNLOAD
Topics:
in-memory ,spring boot ,database ,spring security

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Database Partner Resources

Preventing SQL Server Performance Problems Before They Hit Production
[Whitepaper] Redis for Fast Data Ingest
Redis Enterprise delivers high throughput at 83% lower app latency, reducing operational costs over 75%. Learn more
Don’t let the database be a bottleneck: Solving Database Deployment Problems with Database DevOps
Troubleshooting SQL Server Performance
Example schemas and queries for hybrid data models based on relational + JSON
How Your Data Type Choices Can Affect SQL Server Database Performance
The definitive guide to high availability: replication, clustering and topologies
Why a NoSQL Database is the Best Solution for a Startup
Achieve Scale: Moving Your Database to Multi-Region Deployments
Cage match: technical comparison of the three leading enterprise open source databases
New whitepaper: 6 tips for continuous delivery & Database DevOps. Read now.

Database Partner Resources

Preventing SQL Server Performance Problems Before They Hit Production
[Whitepaper] Redis for Fast Data Ingest
Redis Enterprise delivers high throughput at 83% lower app latency, reducing operational costs over 75%. Learn more
Don’t let the database be a bottleneck: Solving Database Deployment Problems with Database DevOps

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone