Geek Answers Handbook

Step-by-step login example using spring security 3.0 with hdbc

I am new to Spring and Spring Security. I just need a pointer in the right direction:

I have a simple Spring MVC / Spring Security webapp. I want to add web application login functionality. I have created the following two tables.

CREATE TABLE "users" ( "USER_ID" NUMBER(10) NOT NULL, "USERNAME" VARCHAR(45) NOT NULL, "PASSWORD" VARCHAR(45) NOT NULL, "ENABLED" NUMBER(1) NOT NULL, PRIMARY KEY ("USER_ID") ) CREATE TABLE "user_roles" ( "USER_ROLE_ID" NUMBER(10) NOT NULL, "USER_ID" NUMBER(10) NOT NULL, "AUTHORITY" VARCHAR(45) NOT NULL, PRIMARY KEY ("USER_ROLE_ID"), CONSTRAINT "FK_user_roles" FOREIGN KEY ("USER_ID") REFERENCES "users" ("USER_ID") )

I want to authenticate the user from the database, then checks the user role. I know that this is just dirt, so I just need to hear how the process should go.

+6
java spring authentication spring-mvc spring-security
source share
2 answers

It's just a matter of not wasting time reading Security Namespace Configuration

Here are some other resources that I found useful when I realized this:

Basically you are asking for a complete tutorial. It’s better to ask about the specific problems you are facing and show us what you tried (creating two tables is a bit meager).

And one more thing: setting up security, even with Spring, is NOT simple. You should learn about the implications of the decisions you make regarding hashing and salting passwords, password recovery schemes, and remembering functions, to name a few common mistakes. In addition, the choice of which pages / paths to protect (interception-URL) should be made wisely. It depends on the type of application and the context in which it runs.

+3
source share

A step-by-step example can be found in the spring pet tutorial .

But.

You just need to implement your own UserDetailsService and enter it in your security context.

This is a good way to implement it.

+1
source share

More articles:


All Articles