/ Database Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Auto-Generating Spring Security: Accessing the In-memory Database

DZone's Guide to

Auto-Generating Spring Security: Accessing the In-memory Database

Here's a nice Spring Security + Spring Boot tutorial on using in-memory H2 Database to configure Spring Security with source code examples.

by
Martin Farrell
·
Nov. 29, 16 · Database Zone
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Download the Guide to Open Source Database Selection: MySQL vs. MariaDB and see how the side-by-side comparison of must-have features will ease the journey. Brought to you in partnership with MariaDB.

I came across a blog post from the Spring Framework Guru that uses the H2 database console, and I thought it would be useful to combine the console with my own Spring Security tutorials.

I’ve updated the parkrunpb project on GitHub to replace hsqldb with h2database. I've also introduced a new class — WebConfiguration.java — which registers the H2 database servlet.

First, let's start the application:

mvn spring-boot:run

Access the Console

You can access the console through -http://localhost:8080/console. 

console2

You then make sure the JDBC URL is:

jdbc:h2:mem:testdb

And login:

console3

The layout shows the tables we loaded in schema.sql on the right (CUSTOM_AUTHORITIES, CUSTOM_USERS, and PARKRUNCOURSE)

Combine it With Spring Security

The next step is to combine with Spring Security, so I’ll use the configuration from the previous tutorial — Auto-generating Spring Security Tutorial – Custom JDBC Realms

We start with our class:

@EnableWebSecurity public class SecurityConfig extends 
  WebSecurityConfigurerAdapter {     
  @Autowired     
  private DataSource dataSource;     
  @Autowired     
  public void configureGlobal(AuthenticationManagerBuilder auth)             
    throws Exception {          
    auth              
      .jdbcAuthentication()                  
      .dataSource(dataSource)                    
      .usersByUsernameQuery(                    
      "select username, password, enabled from custom_users where username = ?")
      .authoritiesByUsernameQuery(                    
      "select username, authority from custom_authorities where username = ?");  
  }    
  @Override    
  protected void configure(HttpSecurity http) throws Exception {         
    http             
      .authorizeRequests()                 
      .antMatchers("/webjars/**","/about.html","/rest/**").permitAll()     
      .antMatchers("/admin/**").hasAnyRole("CUSTOM_ADMIN")                 
      .anyRequest().authenticated()             
      .and()                 
      .formLogin()                     
      .loginPage("/login")                     
      .defaultSuccessUrl("/admin/admin.html")                     
      .failureUrl("/login")                     
      .permitAll()              
      .and()                 
      .logout()                     
      .logoutSuccessUrl("/")                     
      .permitAll()                     ;                         
  }     
}


We then add to the configure method:

http.authorizeRequests().antMatchers("/").permitAll().and()                 
  .authorizeRequests().antMatchers("/console/**").permitAll();          
http.csrf().disable();         
http.headers().frameOptions().disable();


The method then becomes:

@Override     
protected void configure(HttpSecurity http) throws Exception {         
  http             
    .authorizeRequests()                 
    .antMatchers("/webjars/**","/about.html","/rest/**").permitAll()    
    .antMatchers("/admin/**").hasAnyRole("CUSTOM_ADMIN")                 
    .anyRequest().authenticated()             
    .and()                 
    .formLogin()                     
    .loginPage("/login")                     
    .defaultSuccessUrl("/admin/admin.html")                     
    .failureUrl("/login")                     
    .permitAll()              
    .and()                 
    .logout()                     
    .logoutSuccessUrl("/")                     
    .permitAll();                              
  http.authorizeRequests().antMatchers("/").permitAll().and()                 
    .authorizeRequests().antMatchers("/console/**").permitAll();          
  http.csrf().disable();         
  http.headers().frameOptions().disable();                          
}

This means the normal security from the original tutorial is applied to the application, but we have a special rule for the console.

You can then test the application as before with the username/password customadmin/customadmin. You could also insert or update courses.

Interested in reducing database costs by moving from Oracle Enterprise to open source subscription?  Read the total cost of ownership (TCO) analysis. Brought to you in partnership with MariaDB.

Like This Article? Read More From DZone

Spring Boot and Database Initialization
Spring Boot With Spring Security and JDBC (Part 2)
This Week in Spring

Free DZone Refcard

Getting Started with Infinispan
DOWNLOAD
Topics:
in-memory ,spring boot ,database ,spring security

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of Martin Farrell, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Database Partner Resources

Strategies for modernizing DBMS infrastructure and reducing costs: View IT Market Clock Report
Don’t let the database be a bottleneck: Solving Database Deployment Problems with Database DevOps
Five NoSQL Myths Dispelled by c-treeACE
MongoDB vs. Couchbase: Benchmark clocks Couchbase at 6x on read/write
Replacing proprietary database with open source? Read the Cost Analysis Guide for a Total Cost of Ownership Comparison
Replacing RDBMS with NoSQL - Real-world lessons and best practices
Shift LEFT: Explore how – and why – application and database development can make the most of DevOps
Learn how to use MongoDB directly from the experts, for free. Sign up now to get started!
New to NoSQL? Learn the key factors driving NoSQL adoption and top 10 use cases
MySQL vs. MariaDB: Guide to Open Source Database Selection
NoSQL Performance with Full Read/Write Access to SQL
Learn how to achieve Continuous Delivery for Databases in this 110 page E-book

Database Partner Resources

Strategies for modernizing DBMS infrastructure and reducing costs: View IT Market Clock Report
Don’t let the database be a bottleneck: Solving Database Deployment Problems with Database DevOps
Five NoSQL Myths Dispelled by c-treeACE
MongoDB vs. Couchbase: Benchmark clocks Couchbase at 6x on read/write
THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone