spring security database authentication example

In previous post, we have already seen  how to use custom login page in Spring security. We have declared username and password in spring-security.xml but what if you want to read it from database. In most of the cases, we will read credentials from database.
In this post, we will do authentication using database. We will use MySQL and hibernate for database authentication.
If you want to secure your spring web application , you just need to configure some files to make it happen using spring security. We will apply login security on hello world example, so when only authorised users will be able to access admin page.
Before going ahead, lets first configure database table in mysql which we will use for authentications.

Database setup:

Here are steps to apply spring security custom login form on spring mvc hello world example.
Step 1: 
Create Spring mvc hello world example named SpringSecurityDatabaseAuthenticationExample. It will create basic spring mvc application.
Step 2: 
Add spring security, hibernate and mysql connector to pom.xml. You need to add following dependencies to the pom.


Create Controller  and view

Step 3
Change controller class named “HelloWorldController.java” as below

As  request first goes to dispatcherServlet and it redirects to controller class. Here @Controller depicts that this is our controller class. @RequestMapper is used to map incoming http request to handler method(hello() in above controller).So hello() method of HelloWorldController.java will handle GET request from dispatcher.
Here We have used Principal object to get current logged in username. It is set by Spring security framework.

Step 4: 
Modify hello.jsp in /WEB-INF/pages folder

Step 5:
Create login.jsp in /WEB-INF/pages folder

We have used css file in above login.jsp. Create style.css file as below.

Step 6:
Create admin.jsp in /WEB-INF/pages folder.

Step 7:Create 403.jsp in /WEB-INF/pages folder.

Step 8:  
Now we need to add spring configuration xml. Create a file named spring-security.xml.

We have used form-login in above file, so if user tries to access any secured url, he will be authenticated based on above form-login configuration.
Lets understand meaning of each attribute of form-login tag
login-page : we need to provide url for login page.
default-target-url : here if authentication is successful, then target page url should be provided.
authentication-failure-url : if authentication is unsuccessful, then redirection page url should be provided here.
access-denied-handler : If user don’t have access to the page, /403 url will be called.
intercept-url configure for which pattern what kind of security is configured. For example: If http request url has pattern /hello*(hello.jsp,helloworld.html), it will be accessed to ROLE_ADMIN and ROLE_USER but if http request url has pattern /admin*,it will be accessed to ROLE_ADMIN only

We have provided queries for users-by-username-query and authorities-by-username-query to set up credentials for roles.
Step 9: 

Step 10: We need to change in web.xml to configure spring security.

Here we have used DelegatingFilterProxy which intercepts http request and pass it to springSecurityFilterChain. springSecurityFilterChain is a bean created by spring with http element used in spring-security.xml. It maintains list of all filters and is responsible for chain of filters.
We are done with changes required for spring security.
Step 11:
It’s time for maven build.
Provide goals as clean install (given below) and click on run

Run the application

Step 12:Right click on project -> run as -> run on server
Select apache tomcat and click on finish

   You will see below screen:

Spring Security database authentication

When you click on admin page link, you will get following login page. Now put User as arpit and password also as arpit.

Spring Security login

We have put correct username and password , so we will see below screen.

Spring security admin login

If you use user john to access admin page, you will get below screens.

Spring security john login

As john don’t have access to admin page, so you will get below screen.

Download source code:

click to begin
20KB .zip

Please comment if you have any issues with above post.


You may also like:

Related Posts

  • 10 May

    Spring Boot + Spring Security example

    Table of ContentsGithub Source code:Spring Boot + Spring Security example:Project structure:Tools used for creating below project:Maven dependencies: In this post, we will see how to create Spring boot + Spring Security example. Let’s see how Spring boot makes over life simpler.I am going to apply Spring Security on Spring Boot hello world example. Github Source […]

  • 14 September

    Spring Rest + Spring Security example

    Table of ContentsRun the applicationIf you getting 404 error with above steps, you may need to follow below steps: In this post , we are going to apply Spring Security on Spring Rest example. Web services tutorial: Introduction to web services Web services interview questions SOAP web service introduction RESTful web service introduction Difference between […]

  • 13 September

    Spring Security : Customize 403 access denied page

    In this post , we will see how to customize 403 access denied page. If user do not have access to page, then it will show default 403 page which will look like as below: You can customize 403 as below page: If you want to configure custom 403 access denied page, there are two […]

  • 15 January

    Spring Security custom login form example

    Table of ContentsSpring MVC tutorial:Create Controller  and viewRun the applicationDownload source code: In previous post,we have used default login page generated by Spring security framework. In this post, we will see how to use custom login page in Spring security. Spring MVC tutorial: Spring MVC hello world example Spring MVC Hibernate MySQL example Spring MVC […]

  • 12 January

    Spring Security hello world example

    Table of ContentsSpring MVC tutorial:Run the applicationDownload source code: In this post, we will see how to apply basic spring security to spring mvc hello world example. Spring MVC tutorial: Spring MVC hello world example Spring MVC Hibernate MySQL example Spring MVC interceptor example Spring MVC angularjs example Spring MVC @RequestMapping example Spring Component,Service, Repository […]


  1. What you have posted is simply superb ,but i m looking for the example which involves the postgre sql database can you please post that .(at least how to change it from mysql to postgres).

    _Thank u in advance

  2. Hi Arpit . Thank you for the post its very helpful.

    I request you share some examples on HTTP session in spring boot.please

    Thank you in advance

  3. Hi Arpit,
    The content in the blog is very good to read and understand. Is there any possibility to view the content offline or any application associated to read it offline.


Leave a Reply

Your email address will not be published.

Subscribe to our newletter

Get quality tutorials to your inbox. Subscribe now.