Spring security inMemoryAuthentication and authorization example using spring boot

In this example, we will see Spring security authorization example spring boot. We will use Oracle database and inMemoryAuthentication for authentication.

prerequisites –

  • JDK 1.8
  • Oracle 10g
  • Eclipse
  • maven

We will use the spring boot library (will provide dependency in pom.xml) to make sure all necessary jar/library is easily available for our application. Spring boot will take care of all jar. Let’ s start.

Step 1 – open eclipse and create maven project, Don’t forget to check ‘Create a simple project (skip)’click on next.

Step 2 – Fill all details as below and click on finish.

Step 3 – open pom.xml  and replace the pom.xml with below code.

 

Note – In pom.xml we have defined javac.exe path in configuration tag. You need to change accordingly i.e where you have installed JDK.

Step 4 – Let maven download all necessary jar. Once it is done we will able to see maven dependency folder which contains different jar files. Create classes and interfaces as below.

 

Step 5 – Define the main class SpringSecurityExample.java

 

Step 6 – Define entity class i.e Book.java

 

Step 7 – Define BookRepository interface extending CrudRepository.

BookRepository.java

 

Step 8 – Define service interface i.e BookService.java

 

Step 10 – Define service implementation class.

BookServiceImpl.java

 

Step 10 – Define controller class.

BookController.java

 

Step 11 – Define Config class.

Config.java

 

 

Step 12 – Define application.properties file

application.properties

 

Step 13 – Run the SpringSecurityExample.java. The application should deploy and book table will be created.

 

Step 14 – insert some record in Database.

insert into book (book_id,BOOK_NAME,AUTHER_NAME,PRICE) values (1,’aother1′,’rakesh’,12);

Step 15 – We have two rest API in the controller class.

  • http://localhost:9091/book/getbook
  • http://localhost:9091/book/getallbook

 

Step 16 – Testing http://localhost:9091/book/getbook URI

  • Open a new browser and paste the above URI, it will redirect to the login page. Since we have provided user role and secured this URI with username kumar and password xyz Config.java, we need to provide a credential.

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable().authorizeRequests().antMatchers(“/book/getbook”).
hasAnyRole(“user”).and().formLogin();
httpSecurity.csrf().disable().authorizeRequests().antMatchers(“/book/getallbook”)
.hasAnyRole(“admin”).and().formLogin();
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder authManagerBuilder) {
try {
authManagerBuilder.inMemoryAuthentication().withUser(“rakesh”).password(“abc”).roles(“admin”);
authManagerBuilder.inMemoryAuthentication().withUser(“kumar”).password(“xyz”).roles(“user”);
}catch(Exception e) {
e.printStackTrace();
}

}

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Let’s test another URI http://localhost:9091/book/getallbook

 

 

 

 

Top