Http Authentication and Authorization with Spring Security
First of all it's important to understand difference?between Authentication and Authorization!By this simple tutorial we will implement simple security service.
The Authentication is a process of recognizing a user's identity. Authorization is the function of specifying access rights/privileges to resources.
2. Connect and configure MySql database to spring boot project in application.properties:
Let's organize structure in the project by ordering folders.
3.Creating AppUser class in folder entities:
We are using Hibernate that provides an ability for mapping an object-oriented domain model to a relational database. Lombok annotation provide all required methods for a class as constructors,setters,getters,toString .......
4. By next step we are creating AppUser Repository in repositories folder. It takes the domain class to manage as well as the id type of the domain class as type arguments. This interface acts primarily as a marker interface to capture the types to work with and to help you to discover interfaces that extend this one.
5. CustomUserDetails class that implement UserDetails by overriding 6 secure methods.They simply store user information which is later encapsulated into?Authentication?objects.
6. Finally we need create CustomUserDetailsService that implements only one Core interface which loads user-specific data.
Also we implement createUser method in same class, that will persist new user to data base .
7. By adding new SecurityConfiguration class that extends WebSecurityConfigurerAdapter class we create a bean of password encoder because we saving a hash of password to data base and not raw password. We permit access for login,registration and login-error points.For another points user should be authenticated(all access by login page) a "/index" point accesseble only by user with READ authority(this is a part of authorization).Also we bind fields of username and password (this is a part of authentication) from login template. And regulate after login flow. Last method permit access to static folders that contains :css, html,images, js script
8. Now, time for DTO entity with validation annotation.DTOs are simple objects that should not contain any business logic but may contain serialization and deserialization mechanisms for transferring data over the wire.
9. We implement LoginController class in controllers folder with two methods to map GET request one for "/login" that represent login page and another "/login-error" that bind field with flag of error in login page.If error occured by login, flag is switched to the true value and message appears:
Template of the login. Form contains two important tags th:action and th:method:
领英推荐
9 .Before login we should pass register process. We also create RegistrationController and using model mapper that link new instance of UserDto to user field in Thymleaf template.
10. We validate user Dto fields that bind to all fields of the form.Again we simply connect entity attributes with form fields.
HomeController control user redirection after succesful login.
11.Lets Test: Starting by https://localhost:8080 will redirect us to https://localhost:8080/login
Submiting without insertion/registration before will display notification error message:
By pressing registration button it's redirected us to registration form: https://localhost:8080/registration
Validation will show alert messages if all or same fields not filled.
By submitting form we persist a new user in data base and redirect us to login page.
Now after redirection to login page and insertion credentials:
After passing authentication and autherization by spring security we redirected to home page as we can see below:
First Part
https://github.com/davidkim85/demodavid
There are many topics to cover and configuration available in Spring Security.
If you are interested in my next release please comment or support with??
created by David Furman