Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • Spring security 3: database authentication with hibernate

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 510
    Comment on it

    For authenticating the user via spring security we need to make our own custom authentication-provider. We can make our custom UserDetailService easily, here is the sample custom code


    MyUserDetailsService.java


    package com.users.service;
    
    import java.util.ArrayList;
    import java.util.HashSet;
    import java.util.List;
    import java.util.Set;
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.security.core.GrantedAuthority;
    import org.springframework.security.core.authority.SimpleGrantedAuthority;
    import org.springframework.security.core.userdetails.User;
    import org.springframework.security.core.userdetails.UserDetails;
    import org.springframework.security.core.userdetails.UserDetailsService;
    import org.springframework.security.core.userdetails.UsernameNotFoundException;
    import org.springframework.stereotype.Service;
    import org.springframework.transaction.annotation.Transactional;
    
    import com.users.dao.UserDao;
    import com.users.model.UserRole;
    
    @Service("userDetailsService")
    public class MyUserDetailsService implements UserDetailsService {
    
    //get user from the database, via Hibernate
        @Autowired
        private UserDao userDao;
    
        @Transactional(readOnly=true)
        @Override
        public UserDetails loadUserByUsername(final String username) 
                throws UsernameNotFoundException {
    
                com.users.model.User user = userDao.findByUserName(username);
                List<GrantedAuthority> authorities = 
                                      buildUserAuthority(user.getUserRole());
    
                return buildUserForAuthentication(user, authorities);
        }
    
     //Convert com.users.model.User user from above to org.springframework.security.core.userdetails.User
    
        private User buildUserForAuthentication(com.users.model.User user, 
                List<GrantedAuthority> authorities) {
                return new User(user.getUsername(), user.getPassword(), 
                        user.isEnabled(), true, true, true, authorities);
        }
    
        private List<GrantedAuthority> buildUserAuthority(Set<UserRole> userRoles) {
                Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
    
                // Build user's authorities
                for (UserRole userRole : userRoles) {
                        setAuths.add(new SimpleGrantedAuthority(userRole.getRole()));
                }
                List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(setAuths);
    
                return Result;
        }
    }
    


    Spring Security Annotation: Now we need to create Spring Security class to bind the MyUserDetailService class with the spring container. this declares and binds everything with annotations


    SecurityConfig.java


    package com.config;
    
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.beans.factory.annotation.Qualifier;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
    import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    import org.springframework.security.core.userdetails.UserDetailsService;
    import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
    import org.springframework.security.crypto.password.PasswordEncoder;
    
    @Configuration
    @EnableWebSecurity
    public class SecurityConfig extends WebSecurityConfigurerAdapter {
    
    //binds userDetailsService which is defined above
       @Autowired
        @Qualifier("userDetailsService")
        UserDetailsService userDetailsService;
    
        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {  auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
        }
    
    //defines success and failure results
        @Override
        protected void configure(HttpSecurity http) throws Exception {
    
            http.authorizeRequests().antMatchers("/admin/**")
                .access("hasRole('ROLE_ADMIN')").and().formLogin()
                .loginPage("/login").failureUrl("/login?error")
                .usernameParameter("username")
                .passwordParameter("password")
                .and().logout().logoutSuccessUrl("/login?logout")
                .and().csrf()
                .and().exceptionHandling().accessDeniedPage("/403");
        }
    
    //encodes password
        @Bean
        public PasswordEncoder passwordEncoder(){
                PasswordEncoder encoder = new BCryptPasswordEncoder();
                return encoder;
        }
    }
    

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: