├── README.md
├── pom.xml
└── src
    ├── main
        ├── java
        │   └── com
        │   │   └── javatechie
        │   │       └── spring
        │   │           └── security
        │   │               └── api
        │   │                   ├── SpringSecurityJpaApplication.java
        │   │                   ├── config
        │   │                       └── SecurityConfig.java
        │   │                   ├── controller
        │   │                       ├── AdminController.java
        │   │                       └── ApplicationController.java
        │   │                   ├── model
        │   │                       ├── Role.java
        │   │                       └── User.java
        │   │                   ├── repository
        │   │                       ├── RoleRepository.java
        │   │                       └── UserRepository.java
        │   │                   └── service
        │   │                       ├── CustomUserDetails.java
        │   │                       └── CustomUserDetailsService.java
        └── resources
        │   └── application.properties
    └── test
        └── java
            └── com
                └── javatechie
                    └── spring
                        └── security
                            └── api
                                └── SpringSecurityJpaApplicationTests.java


/README.md:
--------------------------------------------------------------------------------
1 | # spring-security-jpa
2 | How to implement spring security connecting with database
3 | 


--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 3 | 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 4 | 	<modelVersion>4.0.0</modelVersion>
 5 | 
 6 | 	<groupId>com.example</groupId>
 7 | 	<artifactId>spring-security-jpa</artifactId>
 8 | 	<version>0.0.1-SNAPSHOT</version>
 9 | 	<packaging>jar</packaging>
10 | 
11 | 	<name>spring-security-jpa</name>
12 | 	<description>spring security example</description>
13 | 
14 | 	<parent>
15 | 		<groupId>org.springframework.boot</groupId>
16 | 		<artifactId>spring-boot-starter-parent</artifactId>
17 | 		<version>2.0.1.RELEASE</version>
18 | 		<relativePath /> <!-- lookup parent from repository -->
19 | 	</parent>
20 | 
21 | 	<properties>
22 | 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
23 | 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
24 | 		<java.version>1.8</java.version>
25 | 	</properties>
26 | 
27 | 	<dependencies>
28 | 		<dependency>
29 | 			<groupId>org.springframework.boot</groupId>
30 | 			<artifactId>spring-boot-starter-data-jpa</artifactId>
31 | 		</dependency>
32 | 		<dependency>
33 | 			<groupId>org.springframework.boot</groupId>
34 | 			<artifactId>spring-boot-starter-security</artifactId>
35 | 		</dependency>
36 | 		<dependency>
37 | 			<groupId>org.springframework.boot</groupId>
38 | 			<artifactId>spring-boot-starter-web</artifactId>
39 | 		</dependency>
40 | 
41 | 		<dependency>
42 | 			<groupId>org.springframework.boot</groupId>
43 | 			<artifactId>spring-boot-devtools</artifactId>
44 | 			<scope>runtime</scope>
45 | 		</dependency>
46 | 		<dependency>
47 | 			<groupId>mysql</groupId>
48 | 			<artifactId>mysql-connector-java</artifactId>
49 | 			<scope>runtime</scope>
50 | 		</dependency>
51 | 		<dependency>
52 | 			<groupId>org.projectlombok</groupId>
53 | 			<artifactId>lombok</artifactId>
54 | 			<optional>true</optional>
55 | 		</dependency>
56 | 		<dependency>
57 | 			<groupId>org.springframework.boot</groupId>
58 | 			<artifactId>spring-boot-starter-test</artifactId>
59 | 			<scope>test</scope>
60 | 		</dependency>
61 | 		<dependency>
62 | 			<groupId>org.springframework.security</groupId>
63 | 			<artifactId>spring-security-test</artifactId>
64 | 			<scope>test</scope>
65 | 		</dependency>
66 | 
67 | 	</dependencies>
68 | 
69 | 	<build>
70 | 		<plugins>
71 | 			<plugin>
72 | 				<groupId>org.springframework.boot</groupId>
73 | 				<artifactId>spring-boot-maven-plugin</artifactId>
74 | 			</plugin>
75 | 		</plugins>
76 | 	</build>
77 | 
78 | 
79 | </project>
80 | 


--------------------------------------------------------------------------------
/src/main/java/com/javatechie/spring/security/api/SpringSecurityJpaApplication.java:
--------------------------------------------------------------------------------
 1 | package com.javatechie.spring.security.api;
 2 | 
 3 | import org.springframework.boot.SpringApplication;
 4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
 5 | 
 6 | @SpringBootApplication
 7 | public class SpringSecurityJpaApplication {
 8 | 
 9 | 	public static void main(String[] args) {
10 | 		SpringApplication.run(SpringSecurityJpaApplication.class, args);
11 | 	}
12 | }
13 | 


--------------------------------------------------------------------------------
/src/main/java/com/javatechie/spring/security/api/config/SecurityConfig.java:
--------------------------------------------------------------------------------
 1 | package com.javatechie.spring.security.api.config;
 2 | 
 3 | import org.springframework.beans.factory.annotation.Autowired;
 4 | import org.springframework.context.annotation.Bean;
 5 | import org.springframework.context.annotation.Configuration;
 6 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 7 | import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 8 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 9 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
10 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
11 | import org.springframework.security.core.userdetails.UserDetailsService;
12 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
13 | 
14 | @Configuration
15 | @EnableWebSecurity
16 | @EnableGlobalMethodSecurity(prePostEnabled = true)
17 | public class SecurityConfig extends WebSecurityConfigurerAdapter {
18 | 
19 | 	@Autowired
20 | 	private UserDetailsService userDetailsService;
21 | 
22 | 	@Override
23 | 	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
24 | 		auth.userDetailsService(userDetailsService).passwordEncoder(encodePWD());
25 | 	}
26 | 
27 | 	@Override
28 | 	protected void configure(HttpSecurity http) throws Exception {
29 | 		http.csrf().disable();
30 | 
31 | 		http.authorizeRequests().antMatchers("/rest/**").authenticated().anyRequest().permitAll().and()
32 | 				.authorizeRequests().antMatchers("/secure/**").authenticated().anyRequest().hasAnyRole("ADMIN").and()
33 | 				.formLogin().permitAll();
34 | 
35 | 	}
36 | 
37 | 	@Bean
38 | 	public BCryptPasswordEncoder encodePWD() {
39 | 		return new BCryptPasswordEncoder();
40 | 	}
41 | }
42 | 


--------------------------------------------------------------------------------
/src/main/java/com/javatechie/spring/security/api/controller/AdminController.java:
--------------------------------------------------------------------------------
 1 | package com.javatechie.spring.security.api.controller;
 2 | 
 3 | import org.springframework.beans.factory.annotation.Autowired;
 4 | import org.springframework.security.access.prepost.PreAuthorize;
 5 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 6 | import org.springframework.web.bind.annotation.GetMapping;
 7 | import org.springframework.web.bind.annotation.PostMapping;
 8 | import org.springframework.web.bind.annotation.RequestBody;
 9 | import org.springframework.web.bind.annotation.RequestMapping;
10 | import org.springframework.web.bind.annotation.RestController;
11 | 
12 | import com.javatechie.spring.security.api.model.User;
13 | import com.javatechie.spring.security.api.repository.UserRepository;
14 | 
15 | @RestController
16 | @RequestMapping("/secure/auth/")
17 | public class AdminController {
18 | 
19 | 	@Autowired
20 | 	private UserRepository userRepository;
21 | 
22 | 	@Autowired
23 | 	private BCryptPasswordEncoder passwordEncoder;
24 | 
25 | 	/*@PreAuthorize("hasAnyRole('ADMIN')")*/
26 | 	@PostMapping("/admin/add")
27 | 	public String addUserByAdmin(@RequestBody User user) {
28 | 		String pwd = user.getPassword();
29 | 		String encryptPwd = passwordEncoder.encode(pwd);
30 | 		user.setPassword(encryptPwd);
31 | 		userRepository.save(user);
32 | 		return "user added successfully...";
33 | 	}
34 | 
35 | 	@PreAuthorize("hasAnyRole('ADMIN')")
36 | 	@GetMapping("/admin/all")
37 | 	public String securedHello() {
38 | 		return "Secured Hello";
39 | 	}
40 | }
41 | 


--------------------------------------------------------------------------------
/src/main/java/com/javatechie/spring/security/api/controller/ApplicationController.java:
--------------------------------------------------------------------------------
 1 | package com.javatechie.spring.security.api.controller;
 2 | 
 3 | import org.springframework.web.bind.annotation.GetMapping;
 4 | import org.springframework.web.bind.annotation.RequestMapping;
 5 | import org.springframework.web.bind.annotation.RestController;
 6 | 
 7 | @RestController
 8 | @RequestMapping("/rest/auth")
 9 | public class ApplicationController {
10 | 
11 | 	@GetMapping("/process")
12 | 	public String process() {
13 | 		return "processing..";
14 | 	}
15 | }
16 | 


--------------------------------------------------------------------------------
/src/main/java/com/javatechie/spring/security/api/model/Role.java:
--------------------------------------------------------------------------------
 1 | package com.javatechie.spring.security.api.model;
 2 | 
 3 | import javax.persistence.Entity;
 4 | import javax.persistence.GeneratedValue;
 5 | import javax.persistence.Id;
 6 | 
 7 | import lombok.Getter;
 8 | import lombok.NoArgsConstructor;
 9 | import lombok.Setter;
10 | 
11 | @Entity
12 | @Getter
13 | @Setter
14 | @NoArgsConstructor
15 | public class Role {
16 | 	@Id
17 | 	@GeneratedValue
18 | 	private int role_id;
19 | 	private String role;
20 | }
21 | 


--------------------------------------------------------------------------------
/src/main/java/com/javatechie/spring/security/api/model/User.java:
--------------------------------------------------------------------------------
 1 | package com.javatechie.spring.security.api.model;
 2 | 
 3 | import java.util.Set;
 4 | 
 5 | import javax.persistence.CascadeType;
 6 | import javax.persistence.Entity;
 7 | import javax.persistence.FetchType;
 8 | import javax.persistence.Id;
 9 | import javax.persistence.JoinColumn;
10 | import javax.persistence.JoinTable;
11 | import javax.persistence.OneToMany;
12 | 
13 | import lombok.Getter;
14 | import lombok.Setter;
15 | 
16 | @Entity
17 | @Getter
18 | @Setter
19 | public class User {
20 | 	@Id
21 | 	private int user_id;
22 | 	private String username;
23 | 	private String password;
24 | 	private String email;
25 | 	@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
26 | 	@JoinTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id"), inverseJoinColumns = @JoinColumn(name = "role_id"))
27 | 	private Set<Role> roles;
28 | 
29 | }
30 | 


--------------------------------------------------------------------------------
/src/main/java/com/javatechie/spring/security/api/repository/RoleRepository.java:
--------------------------------------------------------------------------------
 1 | package com.javatechie.spring.security.api.repository;
 2 | 
 3 | import org.springframework.data.jpa.repository.JpaRepository;
 4 | 
 5 | import com.javatechie.spring.security.api.model.Role;
 6 | 
 7 | public interface RoleRepository extends JpaRepository<Role, Integer>{
 8 | 
 9 | }
10 | 


--------------------------------------------------------------------------------
/src/main/java/com/javatechie/spring/security/api/repository/UserRepository.java:
--------------------------------------------------------------------------------
 1 | package com.javatechie.spring.security.api.repository;
 2 | 
 3 | import org.springframework.data.jpa.repository.JpaRepository;
 4 | 
 5 | import com.javatechie.spring.security.api.model.User;
 6 | 
 7 | public interface UserRepository extends JpaRepository<User, Integer>{
 8 | 
 9 | 	User findByUsername(String username);
10 | 
11 | }
12 | 


--------------------------------------------------------------------------------
/src/main/java/com/javatechie/spring/security/api/service/CustomUserDetails.java:
--------------------------------------------------------------------------------
 1 | package com.javatechie.spring.security.api.service;
 2 | 
 3 | import java.util.Collection;
 4 | import java.util.stream.Collectors;
 5 | 
 6 | import org.springframework.security.core.GrantedAuthority;
 7 | import org.springframework.security.core.authority.SimpleGrantedAuthority;
 8 | import org.springframework.security.core.userdetails.UserDetails;
 9 | 
10 | import com.javatechie.spring.security.api.model.User;
11 | 
12 | import lombok.Getter;
13 | import lombok.Setter;
14 | 
15 | @Getter
16 | @Setter
17 | public class CustomUserDetails implements UserDetails {
18 | 
19 | 	/**
20 | 	 * 
21 | 	 */
22 | 	private static final long serialVersionUID = 1256711395932122675L;
23 | 	private User user;
24 | 
25 | 	@Override
26 | 	public Collection<? extends GrantedAuthority> getAuthorities() {
27 | 		
28 | 		return user.getRoles().stream().map(role -> new SimpleGrantedAuthority("ROLE_" + role))
29 | 				.collect(Collectors.toList());
30 | 
31 | 	}
32 | 
33 | 	@Override
34 | 	public String getPassword() {
35 | 		return user.getPassword();
36 | 	}
37 | 
38 | 	@Override
39 | 	public String getUsername() {
40 | 		return user.getUsername();
41 | 	}
42 | 
43 | 	@Override
44 | 	public boolean isAccountNonExpired() {
45 | 		return true;
46 | 	}
47 | 
48 | 	@Override
49 | 	public boolean isAccountNonLocked() {
50 | 		// TODO Auto-generated method stub
51 | 		return true;
52 | 	}
53 | 
54 | 	@Override
55 | 	public boolean isCredentialsNonExpired() {
56 | 		// TODO Auto-generated method stub
57 | 		return true;
58 | 	}
59 | 
60 | 	@Override
61 | 	public boolean isEnabled() {
62 | 		// TODO Auto-generated method stub
63 | 		return true;
64 | 	}
65 | 
66 | }
67 | 


--------------------------------------------------------------------------------
/src/main/java/com/javatechie/spring/security/api/service/CustomUserDetailsService.java:
--------------------------------------------------------------------------------
 1 | package com.javatechie.spring.security.api.service;
 2 | 
 3 | import org.springframework.beans.factory.annotation.Autowired;
 4 | import org.springframework.security.core.userdetails.UserDetails;
 5 | import org.springframework.security.core.userdetails.UserDetailsService;
 6 | import org.springframework.security.core.userdetails.UsernameNotFoundException;
 7 | import org.springframework.stereotype.Service;
 8 | 
 9 | import com.javatechie.spring.security.api.model.User;
10 | import com.javatechie.spring.security.api.repository.UserRepository;
11 | 
12 | @Service
13 | public class CustomUserDetailsService implements UserDetailsService {
14 | 
15 | 	@Autowired
16 | 	private UserRepository repository;
17 | 
18 | 	@Override
19 | 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
20 | 		User user = repository.findByUsername(username);
21 | 		CustomUserDetails userDetails = null;
22 | 		if (user != null) {
23 | 			userDetails = new CustomUserDetails();
24 | 			userDetails.setUser(user);
25 | 		} else {
26 | 			throw new UsernameNotFoundException("User not exist with name : " + username);
27 | 		}
28 | 		return userDetails;
29 | 
30 | 	}
31 | 
32 | }
33 | 


--------------------------------------------------------------------------------
/src/main/resources/application.properties:
--------------------------------------------------------------------------------
 1 | # ===============================
 2 | # = DATA SOURCE
 3 | # ===============================
 4 | spring.datasource.driver-class-name=com.mysql.jdbc.Driver
 5 | spring.datasource.url = jdbc:mysql://localhost:3306/auth
 6 | spring.datasource.username = root
 7 | spring.datasource.password = cisco
 8 | # ===============================
 9 | # = JPA / HIBERNATE
10 | # ===============================
11 | spring.jpa.show-sql = true
12 | spring.jpa.hibernate.ddl-auto = update
13 | spring.jpa.properties.hibernate.dialect = org.hibernate.dialect.MySQL5Dialect
14 | hibernate.format_sql=true;
15 | # ===============================


--------------------------------------------------------------------------------
/src/test/java/com/javatechie/spring/security/api/SpringSecurityJpaApplicationTests.java:
--------------------------------------------------------------------------------
 1 | package com.javatechie.spring.security.api;
 2 | 
 3 | import org.junit.Test;
 4 | import org.junit.runner.RunWith;
 5 | import org.springframework.boot.test.context.SpringBootTest;
 6 | import org.springframework.test.context.junit4.SpringRunner;
 7 | 
 8 | @RunWith(SpringRunner.class)
 9 | @SpringBootTest
10 | public class SpringSecurityJpaApplicationTests {
11 | 
12 | 	@Test
13 | 	public void contextLoads() {
14 | 	}
15 | 
16 | }
17 | 


--------------------------------------------------------------------------------