Using mysql database to authenticate users in Spring Security?

Question

Using mysql database to authenticate users in Spring Security?

I want to use Spring to authenticate users in my web application. Since I am not a mature user in the Spring framework, I cannot get a clear idea of how we can use configuration parameters to use jdbc-user-service. I performed the following configurations. But does not work

<authentication-manager> <authentication-provider> <jdbc-user-service data-source-ref="myDataSource"/> </authentication-provider> </authentication-manager> <beans:bean id="myDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"> <beans:property name="driverClassName" value="com.mysql.jdbc.Driver"/> <beans:property name="url" value="jdbc:mysql://localhost:3306/testDB"/> <beans:property name="username" value="admin"/> <beans:property name="password" value="admin"/> </beans:bean>

.. can someone please help me solve the problem with the sample configuration file. Thanks in advance.

+6

spring authentication spring-jdbc spring-security mysql

Tijo k varghese Aug 24 '11 at 6:44

source share

3 answers

Simeon · Answer 1 · 2011-08-24T07:56:47+0000

You usually do this with a UserDetailsService . UserDetailsService is a DAO used to load user information when trying to log in. Take a look at the loadUserByUsername(String username) method and the UserDetails class in spring.

I need to define it in your context:

 <bean id="myDetailsService" class="com.company.service.impl.MyDetailsService" />

To use it, you can add this to your security configuration:

 <authentication-manager> <authentication-provider user-service-ref="myDetailsService" /> </authentication-manager>

and all your security filters will use it.

You can ask a more specific question if you need help implementing it, but you will not have problems with IMO.

Jens · Answer 2 · 2011-08-24T10:45:14+0000

Another way to do this is to create tables using the standard spring security database schema ( http://static.springsource.org/spring-security/site/docs/3.0.x/reference/appendix-schema.html ). Then you can just use spring jdbc-userservice:

 <security:authentication-provider > <security:jdbc-user-service data-source-ref="dataSource" /> <security:password-encoder hash="sha" /> </security:authentication-provider>

Or, if you want to use your own schema, you can override these queries:

 <security:authentication-provider> <securiy:jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username, password from users where username=?" authorities-by-username-query="select username, roleName from role..." role-prefix="ROLE_" /> </security:authentication-provider>

Mattl · Answer 3 · 2012-06-08T13:42:57+0000

Add these lines to your <authentication-provider> :

 <authentication-provider> <password-encoder hash="sha-256" /> <jdbc-user-service data-source-ref="dataSource" users-by-username-query=" SELECT username, password, enabled FROM user WHERE username = ?" authorities-by-username-query=" SELECT u.username, r.role_name FROM user u, user_role r, assigned_role a WHERE u.id = a.username AND r.id = a.role_id AND u.username = ?" /> </authentication-provider>

Of course, you will need to tweak the queries to match your table names.

Using mysql database to authenticate users in Spring Security?

More articles: