I am 13 weeks into coding with Java and am working on a RESTful web service. The back end is done and now I am working on creating a UI. One of the requirements is that a user log in using http basic. I have this configured to the point where when a user navigates to the page the popup dialogue comes up and you can enter one hard coded user i have in and it logs you in. But what I really need it to do is verify against users in a database. I have searched extensively to try and find a way to configure it to validate against a database but to no avail. Here is my spring-security.xml file with my dummy user.
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- <http auto-config="true"> <intercept-url pattern="/welcome*" access="ROLE_USER"
/> <form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed"
/> <logout logout-success-url="/logout" /> </http> -->
<http>
<intercept-url pattern="/*" access="ROLE_USER" />
<http-basic />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="tmain" password="123456" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
And here is the (I believe) only relevant information to the setup in my web.xml file.
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Can anyone give me some direction on configuring spring security to authenticate against a database rather than the dummy user I have? I have a User entity in the database with a firstname, lastname, email, password, activeStatus, and timezone. The email is the user's username. Any and all help would be appreciated.
Your authentication provider should look like this:
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource" />
</authentication-provider>
</authentication-manager>
Default implementation requires those tables:
create table users(
username varchar_ignorecase(50) not null primary key,
password varchar_ignorecase(50) not null,
enabled boolean not null);
create table authorities (
username varchar_ignorecase(50) not null,
authority varchar_ignorecase(50) not null,
constraint fk_authorities_users foreign key(username) references users(username));
create unique index ix_auth_username on authorities (username,authority);
You can have different database structure and use something like this:
<jdbc-user-service data-source-ref="dataSource" authorities-by-username-query="select username,authority from users where username=?"/>
Don't forget to create dataSource
bean...
And yes.. All of this can be found in documentation.
You need to use a jdbc-user-service
instead user-service
. You can start by reading the documentation.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With