/ Database Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Auto-Generating Spring Security: Accessing the In-memory Database

DZone's Guide to

Auto-Generating Spring Security: Accessing the In-memory Database

Here's a nice Spring Security + Spring Boot tutorial on using in-memory H2 Database to configure Spring Security with source code examples.

by
·
Nov. 29, 16 · Database Zone ·
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Built by the engineers behind Netezza and the technology behind Amazon Redshift, AnzoGraph is a native, Massively Parallel Processing (MPP) distributed Graph OLAP (GOLAP) database that executes queries more than 100x faster than other vendors.  

I came across a blog post from the Spring Framework Guru that uses the H2 database console, and I thought it would be useful to combine the console with my own Spring Security tutorials.

I’ve updated the parkrunpb project on GitHub to replace hsqldb with h2database. I've also introduced a new class — WebConfiguration.java — which registers the H2 database servlet.

First, let's start the application:

mvn spring-boot:run

Access the Console

You can access the console through -http://localhost:8080/console. 

console2

You then make sure the JDBC URL is:

jdbc:h2:mem:testdb

And login:

console3

The layout shows the tables we loaded in schema.sql on the right (CUSTOM_AUTHORITIES, CUSTOM_USERS, and PARKRUNCOURSE)

Combine it With Spring Security

The next step is to combine with Spring Security, so I’ll use the configuration from the previous tutorial — Auto-generating Spring Security Tutorial – Custom JDBC Realms

We start with our class:

@EnableWebSecurity public class SecurityConfig extends 
  WebSecurityConfigurerAdapter {     
  @Autowired     
  private DataSource dataSource;     
  @Autowired     
  public void configureGlobal(AuthenticationManagerBuilder auth)             
    throws Exception {          
    auth              
      .jdbcAuthentication()                  
      .dataSource(dataSource)                    
      .usersByUsernameQuery(                    
      "select username, password, enabled from custom_users where username = ?")
      .authoritiesByUsernameQuery(                    
      "select username, authority from custom_authorities where username = ?");  
  }    
  @Override    
  protected void configure(HttpSecurity http) throws Exception {         
    http             
      .authorizeRequests()                 
      .antMatchers("/webjars/**","/about.html","/rest/**").permitAll()     
      .antMatchers("/admin/**").hasAnyRole("CUSTOM_ADMIN")                 
      .anyRequest().authenticated()             
      .and()                 
      .formLogin()                     
      .loginPage("/login")                     
      .defaultSuccessUrl("/admin/admin.html")                     
      .failureUrl("/login")                     
      .permitAll()              
      .and()                 
      .logout()                     
      .logoutSuccessUrl("/")                     
      .permitAll()                     ;                         
  }     
}


We then add to the configure method:

http.authorizeRequests().antMatchers("/").permitAll().and()                 
  .authorizeRequests().antMatchers("/console/**").permitAll();          
http.csrf().disable();         
http.headers().frameOptions().disable();


The method then becomes:

@Override     
protected void configure(HttpSecurity http) throws Exception {         
  http             
    .authorizeRequests()                 
    .antMatchers("/webjars/**","/about.html","/rest/**").permitAll()    
    .antMatchers("/admin/**").hasAnyRole("CUSTOM_ADMIN")                 
    .anyRequest().authenticated()             
    .and()                 
    .formLogin()                     
    .loginPage("/login")                     
    .defaultSuccessUrl("/admin/admin.html")                     
    .failureUrl("/login")                     
    .permitAll()              
    .and()                 
    .logout()                     
    .logoutSuccessUrl("/")                     
    .permitAll();                              
  http.authorizeRequests().antMatchers("/").permitAll().and()                 
    .authorizeRequests().antMatchers("/console/**").permitAll();          
  http.csrf().disable();         
  http.headers().frameOptions().disable();                          
}

This means the normal security from the original tutorial is applied to the application, but we have a special rule for the console.

You can then test the application as before with the username/password customadmin/customadmin. You could also insert or update courses.

Download AnzoGraph now and find out for yourself why it is acknowledged as the most complete all-in-one data warehouse for BI style and graph analytics.  

Like This Article? Read More From DZone

Fully Working Prototypes With Spring Boot and H2
Spring Boot and Database Initialization
Spring Boot With Spring Security and JDBC (Part 2)

Free DZone Refcard

Database Monitoring
DOWNLOAD
Topics:
in-memory ,spring boot ,database ,spring security

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Database Partner Resources

Why a NoSQL Database is the Best Solution for a Startup
Example schemas and queries for hybrid data models based on relational + JSON
Altoros NoSQL Performance Benchmark 2018: Compare Couchbase Server, MongoDB, and DataStax Enterprise
Improve Database Performance by Migrating to RavenDB 4.0 [Webinar]
Shift LEFT issue #4: Explores the new world of compliant Database DevOps and how to protect against data breaches without deployment bottlenecks
Try the must-have graph OLAP database for those demanding the fastest graph analytics and data management solutions
Trillion-triples Benchmarking Report: Game-changer AnzoGraph™ 100x faster than previous best.
Dependance upon proprietary databases has changed. Compare the enterprise features of MariaDB TX, Oracle, Microsoft and IBM.
2019 State of Database DevOps Report: latest insights on DevOps adoption rates among SQL Server Professionals
Redis Enterprise as a Database for Microservices
Getting Started with Spark and Redis
As simple as SQL: Don Chamberlin shows how to analyze JSON data with SQL++

Database Partner Resources

Why a NoSQL Database is the Best Solution for a Startup
Example schemas and queries for hybrid data models based on relational + JSON
Altoros NoSQL Performance Benchmark 2018: Compare Couchbase Server, MongoDB, and DataStax Enterprise
Improve Database Performance by Migrating to RavenDB 4.0 [Webinar]

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone