Auto-Generating Spring Security: Custom JDBC Realms
Auto-Generating Spring Security: Custom JDBC Realms
In this post we take a look at a handy bit of code to help generate Spring Security classes, in this case using custom JDBC realms. Read on to find out more!
Join the DZone community and get the full member experience.
Join For FreeLearn how to build stream processing applications in Java-includes reference application. Brought to you in partnership with Hazelcast.
This post builds on the set of spring-security posts I have done, and particularly my last post on Default JDBC Realms. The code is available on GitHub, and spring-security-generator and the instructions to run the application are contained in the previous tutorial.
We also have a requirement to use a custom JDBC realm with the structure:
| USER | PASSWORD | ROLES |
| customadmin | customadmin | ROLE_CUSTOM_ADMIN |
Custom JDBC Tables
The tables Ive used in this example are renamed versions of the default tables -
create table custom_users (
username varchar(256),
password varchar(256),
enabled boolean
);
create table custom_authorities (
username varchar(256),
authority varchar(256)
);With inserts -
insert into custom_users (username, password, enabled) values ('customadmin', 'customadmin', true);
insert into custom_authorities (username, authority) values ('customadmin', 'ROLE_CUSTOM_ADMIN');Spring-Security-Generator
Using spring-security-generator we now select “JDBC Realm (Custom)” and supply the queries:
select username, password, enabled from custom_users where username = ?
select username, authority from custom_authorities where username = ?The screen configuration is then:
We then generate the code:
package com.glenware.springboot;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth
.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery(
"select username, password, enabled from custom_users where username = ?")
.authoritiesByUsernameQuery(
"select username, authority from custom_authorities where username = ?");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/webjars/**","/about.html","/rest/**").permitAll()
.antMatchers("/admin/**").hasAnyRole("CUSTOM_ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/admin/admin.html")
.failureUrl("/login")
.permitAll()
.and()
.logout()
.logoutSuccessUrl("/")
.permitAll()
;
}
}The key difference between this tutorial and the previous is that we supply the SQL directly to the usersByUsernameQuery and authoritiesByUsernameQuery.
We can now copy this code to the parkrunpb applicaiton, and login using customadmin/customadmin.
Learn how to build distributed stream processing applications in Java that elastically scale to meet demand- includes reference application. Brought to you in partnership with Hazelcast.
Like This Article? Read More From DZone
Published at DZone with permission of Martin Farrell , DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
{{ parent.title || parent.header.title}}
{{ parent.tldr }}
{{ parent.linkDescription }}
{{ parent.urlSource.name }}