Spring security 3: database authentication with hibernate

over 9 years ago

0
0
Positive Vote
0
Negative Vote
0
Save Favourite
0
0
0
0
600

Comment on it

For authenticating the user via spring security we need to make our own custom authentication-provider. We can make our custom UserDetailService easily, here is the sample custom code

MyUserDetailsService.java

package com.users.service;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import com.users.dao.UserDao;
import com.users.model.UserRole;

@Service("userDetailsService")
public class MyUserDetailsService implements UserDetailsService {

//get user from the database, via Hibernate
    @Autowired
    private UserDao userDao;

    @Transactional(readOnly=true)
    @Override
    public UserDetails loadUserByUsername(final String username) 
            throws UsernameNotFoundException {

            com.users.model.User user = userDao.findByUserName(username);
            List&lt;GrantedAuthority&gt; authorities = 
                                  buildUserAuthority(user.getUserRole());

            return buildUserForAuthentication(user, authorities);
    }

 //Convert com.users.model.User user from above to org.springframework.security.core.userdetails.User

    private User buildUserForAuthentication(com.users.model.User user, 
            List&lt;GrantedAuthority&gt; authorities) {
            return new User(user.getUsername(), user.getPassword(), 
                    user.isEnabled(), true, true, true, authorities);
    }

    private List&lt;GrantedAuthority&gt; buildUserAuthority(Set&lt;UserRole&gt; userRoles) {
            Set&lt;GrantedAuthority&gt; setAuths = new HashSet&lt;GrantedAuthority&gt;();

            // Build user's authorities
            for (UserRole userRole : userRoles) {
                    setAuths.add(new SimpleGrantedAuthority(userRole.getRole()));
            }
            List&lt;GrantedAuthority&gt; Result = new ArrayList&lt;GrantedAuthority&gt;(setAuths);

            return Result;
    }
}

Spring Security Annotation: Now we need to create Spring Security class to bind the MyUserDetailService class with the spring container. this declares and binds everything with annotations

SecurityConfig.java

package com.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

//binds userDetailsService which is defined above
   @Autowired
    @Qualifier("userDetailsService")
    UserDetailsService userDetailsService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {  auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

//defines success and failure results
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests().antMatchers("/admin/**")
            .access("hasRole('ROLE&amp;#95;ADMIN')").and().formLogin()
            .loginPage("/login").failureUrl("/login?error")
            .usernameParameter("username")
            .passwordParameter("password")
            .and().logout().logoutSuccessUrl("/login?logout")
            .and().csrf()
            .and().exceptionHandling().accessDeniedPage("/403");
    }

//encodes password
    @Bean
    public PasswordEncoder passwordEncoder(){
            PasswordEncoder encoder = new BCryptPasswordEncoder();
            return encoder;
    }
}

Spring security 3: database authentication with hibernate

0 Comment(s)

Comment on it

Unable to start Java!! Mr. Nerd figure out why..

Positive Votes

Negative Votes

Delete Comment

Post Projects

Manage Company