CODEWITHSUNDEEP
springspring-securityspring-bootannotationsspring-java-config
sourabh shinde
sourabh shinde

Reputation: 27

Spring Boot Security with Jdbc Annotation

WebSecurityConfig.java

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{

    @Autowired
    DataSource dataSource;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/css/**", "/icons/**", "/js/**", "/images/**").permitAll();
        http.authorizeRequests().antMatchers("/bootstrap/**", "/icons/**", "/datatables/**", "/jquery/**",
                "/font-awesome/**", "/select2/**").permitAll();
        http.authorizeRequests().antMatchers("/", "/")
                                .permitAll()
                                .anyRequest()
                                .authenticated()
                                .and().formLogin()
                                .loginPage("/userForm")
                                .usernameParameter("userName").passwordParameter("password")
                                .defaultSuccessUrl("/login")
                                .failureUrl("/userForm")
                                .permitAll().and()
                                .logout().logoutUrl("/logout")
                                .logoutSuccessUrl("/logout").permitAll();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication().dataSource(dataSource)
            .usersByUsernameQuery(
                "select username, password, active_status from bgtool_test_users where username = ? and active_status = 'Y'")
            .authoritiesByUsernameQuery(
                    "select username, role from bgtool_test_users where username = ?")
            .passwordEncoder(passwordEncoder())
            ;
   }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

UserController.java

@Controller
public class UserController {
private final Logger logger = LoggerFactory.getLogger(UserController.class);

@Autowired
private GameFacade gameFacade;

@RequestMapping("/userList")
public String list(Model model) {
    List<User> users = gameFacade.findAllUsers();

    model.addAttribute("users", users);
    logger.debug("Users: {}", users);

    return "userList";
}

@RequestMapping(value = "/userForm", method = RequestMethod.GET)
public String userForm(Model model) {

    User entry = new User();
    model.addAttribute("userLogin", entry);
    logger.debug("Login Form");
    return "loginForm";
}

@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(@Valid @ModelAttribute("userLogin") User entry, BindingResult result, Model model) {
    System.out.println("setting status N");
    if (result.hasErrors()) {
        logger.debug("Login Form validation error");
        return "loginForm";
    } else {
        entry = gameFacade.findUserByName(entry.getUserName(), entry.getPassword());
        if (entry == null) {
            result.rejectValue("password", "error.userLogin", "Username or Password incorrect !!");
            return "loginForm";
        }
        logger.debug("Login Successful", entry);
        return "home";
    }
}

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>frau</groupId>
<artifactId>bgtweb</artifactId>
<packaging>jar</packaging>
<version>1.0.0-SNAPSHOT</version>

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.4.0.RELEASE</version>
</parent>

<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <java.version>1.8</java.version>
    <derby.version>10.12.1.1</derby.version>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-devtools</artifactId>
    </dependency>

    <dependency>
        <groupId>commons-dbcp</groupId>
        <artifactId>commons-dbcp</artifactId>
        <version>${commons-dbcp.version}</version>
    </dependency>

    <dependency>
        <groupId>org.apache.derby</groupId>
        <artifactId>derbyclient</artifactId>
        <version>${derby.version}</version>
        <scope>runtime</scope>
    </dependency>

<!-- SPRING SECURITY -->
         <dependency>
                <groupId>org.springframework.security</groupId>
                <artifactId>spring-security-web</artifactId>
         </dependency>
         <dependency>
                <groupId>org.springframework.security</groupId>
                <artifactId>spring-security-config</artifactId>
         </dependency>
         <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-security</artifactId>
         </dependency>

         <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core -->
         <dependency>
                <groupId>org.springframework.security</groupId>
                <artifactId>spring-security-core</artifactId>
         </dependency>


</dependencies>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>

        <plugin>
            <groupId>org.jheinzel.maven</groupId>
            <artifactId>derby-maven-plugin</artifactId>
            <version>1.0</version>
            <configuration>
                <derbyHome>${project.basedir}/data</derbyHome>
                <port>1527</port>
                <database>EMDb</database>
            </configuration>
        </plugin>

    </plugins>
</build>

</project>

When i try to login, i am redirected back to loginform page. The controller method for mapping "/login" is not getting called as i am not getting my logger messages of same method in the console. I have checked the SQL queries.they are correct.I am unable to find what is missing. Any help is appreciated. Thanks in Advance

Upvotes: 0

Views: 1017

Answers (1)

Sergii Getman
Sergii Getman

Reputation: 4371

Your login page url and default success url is the same: 

.loginPage("/userForm").usernameParameter("userName").passwordParameter("password")
.defaultSuccessUrl("/userForm")

Do you understand logical chain of Spring Security? You declare pages for each authentication step, configure authentication provider that check you username and and password. it's it. So there are two possible places for error - your mapping (pages and controller) and your DB (jdbcAuthentication()).

You event don't need a controller - only pages and and security config. try to simplify your example and remove controller and debug jdbc authentication

This example show correct way of configuration

Upvotes: 1

Related Questions