Table of Contents [hide]
In this post, we will do authentication using database. We will use MySQL and hibernate for database authentication.
If you want to secure your spring web application , you just need to configure some files to make it happen using spring security. We will apply login security on hello world example, so when only authorised users will be able to access admin page.
Before going ahead, lets first configure database table in mysql which we will use for authentications.
Database setup:
Step 1:
Create Spring mvc hello world example named SpringSecurityDatabaseAuthenticationExample. It will create basic spring mvc application.
Step 2:
Add spring security, hibernate and mysql connector to pom.xml. You need to add following dependencies to the pom.
Create Controller and view
Step 3
Change controller class named “HelloWorldController.java” as below
Here We have used Principal object to get current logged in username. It is set by Spring security framework.
Step 4:
Modify hello.jsp in /WEB-INF/pages folder
Create login.jsp in /WEB-INF/pages folder
We have used css file in above login.jsp. Create style.css file as below.
Step 6:
Create admin.jsp in /WEB-INF/pages folder.
Step 7:Create 403.jsp in /WEB-INF/pages folder.
Step 8:
Now we need to add spring configuration xml. Create a file named spring-security.xml.
We have used form-login in above file, so if user tries to access any secured url, he will be authenticated based on above form-login configuration.
Lets understand meaning of each attribute of form-login tag
login-page : we need to provide url for login page.
default-target-url : here if authentication is successful, then target page url should be provided.
authentication-failure-url : if authentication is unsuccessful, then redirection page url should be provided here.
access-denied-handler : If user don’t have access to the page, /403 url will be called.
intercept-url configure for which pattern what kind of security is configured. For example: If http request url has pattern /hello*(hello.jsp,helloworld.html), it will be accessed to ROLE_ADMIN and ROLE_USER but if http request url has pattern /admin*,it will be accessed to ROLE_ADMIN only
We have provided queries for users-by-username-query and authorities-by-username-query to set up credentials for roles.
Step 9:
springmvc-dispatcher-servlet.xml
Step 10: We need to change in web.xml to configure spring security.
It’s time for maven build.


Run the application

You will see below screen:

When you click on admin page link, you will get following login page. Now put User as arpit and password also as arpit.

We have put correct username and password , so we will see below screen.

If you use user john to access admin page, you will get below screens.

As john don’t have access to admin page, so you will get below screen.

Download source code:
Please comment if you have any issues with above post.
What you have posted is simply superb ,but i m looking for the example which involves the postgre sql database can you please post that .(at least how to change it from mysql to postgres).
_Thank u in advance
Hi Arpit . Thank you for the post its very helpful.
I request you share some examples on HTTP session in spring boot.please
Thank you in advance
Hi Arpit,
The content in the blog is very good to read and understand. Is there any possibility to view the content offline or any application associated to read it offline.
Regards
Santosh