Auto-Generating Spring Security Tutorial: Memory Realms
Here is a look at some of the tools available for generating Spring security configurations.
Join the DZone community and get the full member experience.
Join For FreeI created a demo spring boot application under github.com/farrelmr/parkrunpbreboot.
The application is simple and allows your to predict your 5km running time based on previous parkrun performances. For those who don't know what a parkrun is, it's a free 5km timed run held weekly in an increasing number of places.
Security Requirements
The site has the following links and security requirements:
http://localhost:8080/ | Accessible to all |
http://localhost:8080/webjars | Static Resources – Accessible to all |
http://localhost:8080/about.html | Static page – Accessible to all |
http://localhost:8080/login.html | Accessible to all |
http://localhost:8080/admin/ | Admin User |
http://localhost:8080/rest | Accessible to all |
We also have a requirement to use a memory realm with the structure –
USER | PASSWORD | ROLES |
admin | admin | admin |
Getting Started
The first thing we need to do is uncomment spring security in the maven pom –
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
We can now begin to create our SecurityConfiguration using:
http://www.glenware.com/spring-security-generator
Memory Realm with Basic Authentication
The first step is to configure the memory realm. The other security options are Default JDBC, and LDAP, and will be covered in later tutorials
The code is available on gist.
We can then copy the generated code to com.glenware.springboot.SecurityConfig, and test the application. The whole application is secured, with the password admin/admin.
We now get the default login page:
Fine Tuning
We can now fine tune the requirements:
Again, the code is available on gist.
This allows free access to the site, except for the admin sections as required. We also now have a formatted login page.
Conclusions
The above tutorial shows how a menu driven application can automatically and simply provide your spring security. The next areas of work are to improve JDBC and REST functionality.
Published at DZone with permission of Martin Farrell, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments