Skip to content

Configure Users With JdbcUserDetailsManager#

Configure Users With JdbcUserDetailsManager#

Dependencies#

  • To do this example we will need to add some dependencies as below into pom.xml
pom.xml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
...

<dependency>  
    <groupId>org.springframework.boot</groupId>  
    <artifactId>spring-boot-starter-web</artifactId>  
    <version>2.6.4</version>  
</dependency>  

<dependency>  
    <groupId>org.springframework.boot</groupId>  
    <artifactId>spring-boot-starter-security</artifactId>  
    <version>2.6.4</version>  
</dependency>  

<dependency>  
    <groupId>org.springframework.boot</groupId>  
    <artifactId>spring-boot-starter-jdbc</artifactId>  
    <version>2.6.6</version>  
</dependency>  

<dependency>  
    <groupId>mysql</groupId>  
    <artifactId>mysql-connector-java</artifactId>  
    <version>8.0.28</version>  
</dependency>

...

Prepare Tables In Database#

  • Then in the database we will create 2 tables named users and authorities which are the same table names and attributes columns as put in queries of the class JdbcUserDetailsManager in spring security. Let's use the SQL scripts below to create tables and insert a sample user and authority.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
CREATE TABLE users (
id INT NOT NULL AUTO_INCREMENT,
username VARCHAR(255) NOT NULL,
password VARCHAR(255) NOT NULL,
enabled INT NOT NULL,
PRIMARY KEY (id));

CREATE TABLE authorities (
id INT NOT NULL AUTO_INCREMENT,
username VARCHAR(255) NOT NULL,
authority VARCHAR(255) NOT NULL,
PRIMARY KEY (id));

INSERT INTO worldbank.users
(username, password, enabled)
VALUES('duc', '12345', 1);

INSERT INTO worldbank.authorities
(username, authority)
VALUES('duc', 'write');

Configure JdbcUserDetailsManager#

  • Now, go back to the our spring boot application. We need to add the configuration for JdbcUserDetailsManager. See the code below
ProjectSecurityConfig.java
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
package com.spring.security.spring.security.JdbcUserDetailsManager.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.JdbcUserDetailsManager;

import javax.sql.DataSource;

@Configuration
public class ProjectSecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     *
     * contact: Not Secure
     * notice: Not Secure
     * balance: Secure
     * Card: Secure
     * Loan: Secure
     * Account: Secure
     *
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/v1/accounts/**").authenticated()
                .antMatchers("/v1/balance").authenticated()
                .antMatchers("/v1/loan").authenticated()
                .antMatchers("/v1/card").authenticated()
                .antMatchers("/v1/contact").permitAll()
                .antMatchers("/v1/notice").permitAll()
                .and().formLogin()
                .and().httpBasic();
    }

    @Bean
    public UserDetailsService userDetailsService(DataSource dataSource) {
        return new JdbcUserDetailsManager(dataSource);
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }

}
  • We will create a bean userDetailsService which has the type of JdbcUserDetailsManager.
  • Now, let add the datasource configuration in the application.yml. Then start the application up to test.
    application.yml
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
    #spring:
#  security:
#    user:
#      name: user
#      password: 12345

spring:
  datasource:
    url: jdbc:mysql://localhost:3306/worldbank?useUnicode=true&characterEncoding=UTF-8
    username: root
    password: password

Testing#

  • You will see that we can call protected api successfully by using the username/password which is defined in the database.

#zoom

See Also#

References#