Auto-Generating Spring Security: Default JDBC Realms

DZone 's Guide to

Auto-Generating Spring Security: Default JDBC Realms

This tutorial expands on the auto-generation of spring security using a memory realm to cover default JDBC realms.

· Java Zone ·
Free Resource

The previous tutorial showed how we can auto-generate of spring security using a memory realm. This tutorial expands on this to cover Default JDBC Realms using the source code from the parkrunPB application

Security Requirements

The site has the following links and security requirements:

http://localhost:8080/ Accessible to all
http://localhost:8080/webjars Static Resources – Accessible to all
http://localhost:8080/about.html Static page – Accessible to all
http://localhost:8080/login.html Accessible to all
http://localhost:8080/admin/ Admin User

Accessible to all

We also have a requirement to use a users and roles with the structure –

admin admin ADMIN

Getting Started

The first thing we need to do is uncomment spring security in the maven pom –


We can then compile and run the code:

mvn spring-boot:run

The whole application is now locked down

Luckily we can login using the default username (user), and the password from the logs. Im my case:

2016-11-06 21:16:56.877 INFO 8088 --- [main] b.a.s.AuthenticationManagerConfiguration :
 Using default security password: e1c87658-8b7e-4b1e-88da-902b5356ef66

Default JDBC Tables

We can now begin to create our SecurityConfiguration using Spring Security Generator


We then get the generated source code:

package com.glenware.springboot;

import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

public class SecurityConfig extends WebSecurityConfigurerAdapter {

private DataSource dataSource;

public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {

    protected void configure(HttpSecurity http) throws Exception {


Key Points

  • Using JDBC Realm(Default): The default realm means Spring Security will use its default users.ddl.
  • Same configuration as before

We can now access the site the same as the memory realm, but with user details stored in the database. The next post will look at using a custom JDBC table.

java, jdbc, maven, spring security

Published at DZone with permission of Martin Farrell , DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}