/ Java Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Auto-Generating Spring Security: Custom JDBC Realms

DZone's Guide to

Auto-Generating Spring Security: Custom JDBC Realms

In this post we take a look at a handy bit of code to help generate Spring Security classes, in this case using custom JDBC realms. Read on to find out more!

by
Martin Farrell
·
Nov. 14, 16 · Java Zone
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Download Microservices for Java Developers: A hands-on introduction to frameworks and containers. Brought to you in partnership with Red Hat.

This post builds on the set of spring-security posts I have done, and particularly my last post on Default JDBC Realms. The code is available on GitHub, and spring-security-generator and the instructions to run the application are contained in the previous tutorial.

We also have a requirement to use a custom JDBC realm with the structure:

USER PASSWORD ROLES
customadmin customadmin ROLE_CUSTOM_ADMIN

Custom JDBC Tables

The tables Ive used in this example are renamed versions of the default tables -

create table custom_users (
  username varchar(256),
  password varchar(256),
  enabled boolean
);
create table custom_authorities (
  username varchar(256),
  authority varchar(256)
);
With inserts - 

insert into custom_users (username, password, enabled) values ('customadmin', 'customadmin', true);
insert into custom_authorities (username, authority) values ('customadmin', 'ROLE_CUSTOM_ADMIN');

Spring-Security-Generator

Using spring-security-generator we now select “JDBC Realm (Custom)” and supply the queries:

select username, password, enabled from custom_users where username = ?
select username, authority from custom_authorities where username = ?

The screen configuration is then:

screen-shot-2016-11-07-at-21-00-50

We then generate the code:

package com.glenware.springboot;

import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
         auth
             .jdbcAuthentication()
                 .dataSource(dataSource)
                   .usersByUsernameQuery(
                   "select username, password, enabled from custom_users where username = ?")
                   .authoritiesByUsernameQuery(
                   "select username, authority from custom_authorities where username = ?");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/webjars/**","/about.html","/rest/**").permitAll()
                .antMatchers("/admin/**").hasAnyRole("CUSTOM_ADMIN")
                .anyRequest().authenticated()
            .and()
                .formLogin()
                    .loginPage("/login")
                    .defaultSuccessUrl("/admin/admin.html")
                    .failureUrl("/login")
                    .permitAll()
             .and()
                .logout()
                    .logoutSuccessUrl("/")
                    .permitAll()
                    ;
    }

}


The key difference between this tutorial and the previous is that we supply the SQL directly to the usersByUsernameQuery and authoritiesByUsernameQuery.

We can now copy this code to the parkrunpb applicaiton, and login using customadmin/customadmin.

Download Building Reactive Microservices in Java: Asynchronous and Event-Based Application Design. Brought to you in partnership with Red Hat

Like This Article? Read More From DZone

Auto-Generating Spring Security: Default JDBC Realms
Spring Tips: Creating a Spring Security OAuth Auth Service [Video]
Display SQL to Console in Spring JdbcTemplate

Free DZone Refcard

Getting Started With Play Framework
DOWNLOAD
Topics:
jdbc ,tutorial ,spring ,security ,java

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of Martin Farrell, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Java Partner Resources

Play Framework: The JVM Architect's Path to Super-Fast Web Apps
Get Started with Spring Boot, OAuth 2.0, and Okta
How to Build (and Scale) with Microservices
Secure a Spring Microservices Architecture with Spring Security and JWTs
Building Reactive Microservices in Java: Asynchronous and Event-Based Application Design
Top 10 Java Performance Problems
jQuery UI and Auto-Complete Address Entry
Reactive Microsystems - The Evolution of Microservices at Scale
Advanced Linux Commands [Cheat Sheet]
How To Resolve Network Partitions In Seconds With Lightbend Enterprise Suite
NoSQL Options for Java Developers | Okta Developer
Modern Java EE Design Patterns: Building Scalable Architecture for Sustainable Enterprise Development

Java Partner Resources

Play Framework: The JVM Architect's Path to Super-Fast Web Apps
Get Started with Spring Boot, OAuth 2.0, and Okta
How to Build (and Scale) with Microservices
Secure a Spring Microservices Architecture with Spring Security and JWTs

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone