Implement Spring Security with jdbcAuthentication using EntityManager
Question
I want to implement Spring Security with jdbcAuthentication using EntityManager. But as far as I can see the only option is to use Hibernate Datasource.
@Configuration
@EnableWebSecurity
@Import(value= {Application.class, ContextDatasource.class})
@ComponentScan(basePackages= {"org.rest.api.server.*"})
public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private RestAuthEntryPoint authenticationEntryPoint;
@Autowired
private EntityManager entityManager;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
// auth
// .inMemoryAuthentication()
// .withUser("test")
// .password(passwordEncoder().encode("testpwd"))
// .authorities("ROLE_USER");
// auth.userDetailsService(myUserDetailsService);
auth.jdbcAuthentication().dataSource(dataSource)
auth.authenticationProvider(authenticationProvider());
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
// authenticationProvider.setUserDetailsService(myUserDetailsService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
Is there any solution to this problem?
1 answers
solution1
1 ACCPTED 2018-09-09 04:14:01
You have to configure Data source bean and the query for both authentication and authorization.
@Configuration
@PropertySource("classpath:db.properties")
public class AppConfig {
@Autowired
private Environment env;
@Bean
public DataSource getDataSource() {
BasicDataSource dataSource = new BasicDataSource();
dataSource.setDriverClassName(env.getProperty("mysql.driver"));
dataSource.setUrl(env.getProperty("mysql.jdbcUrl"));
dataSource.setUsername(env.getProperty("mysql.username"));
dataSource.setPassword(env.getProperty("mysql.password"));
return dataSource;
}
}
In WebSecurityConfig you have to put your datasource and queries. I am assuming you are using HTTP Basic Authentication. You can add the authorization for each role.
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select username, password, enabled"
+ " from users where username=?")
.authoritiesByUsernameQuery("select username, authority "
+ "from authorities where username=?")
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().hasAnyRole("ADMIN", "USER")
.and()
.httpBasic(); // Authenticate users with HTTP basic authentication
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Spring Security Login not working when using jdbcAuthentication
Spring security, jdbcAuthentication
Spring security jdbcauthentication authorities via groups
Spring Security with jdbcAuthentication throws There is no PasswordEncoder mapped for the id “null”
Implement No Cache using Spring Security
jdbcAuthentication() instead of inMemoryAuthentication() doesn't give access - Spring Security and Spring Data JPA
How to get user's data from a database in Spring Security's JdbcAuthentication?
Implement SSO using CAS + Spring Security
Different ways to implement security using spring security framework
@RolesAllowed in conjuction with configureGlobalSecurity jdbcAuthentication in Spring boot
Related Tags