Assuming that you have already created a spring boot application which offer a Rest API. A simple guide can be found here. One of the authentication methods is the Basic Authentication (username, password). So here we describe how to do this using JDBC Authentication which is one of the available solutions:
Step 1 – Create the database tables
CREATE TABLE `user_roles` ( `user_role_id` int(11) NOT NULL AUTO_INCREMENT, `username` varchar(50) NOT NULL, `role` varchar(50) NOT NULL, PRIMARY KEY (`user_role_id`), UNIQUE KEY `uni_username_role` (`role`,`username`) ) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1 CREATE TABLE `users` ( `username` varchar(50) NOT NULL, `password` varchar(10) NOT NULL, `enabled` tinyint(3) NOT NULL DEFAULT '1', PRIMARY KEY (`username`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8
Step 2 – Add the dependency to pom.xml
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>
<dependency> <groupId>com.zaxxer</groupId> <artifactId>HikariCP</artifactId> <version>2.5.1</version> </dependency>
<dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.38</version> </dependency>
Step 3 – Add the reference to the datasource
Application.properties
app.datasource.jdbcUrl=jdbc:mysql://localhost/users app.datasource.driver-class-name=com.mysql.jdbc.Driver app.datasource.username=root app.datasource.password=password app.datasource.hikari.connection-timeout=60000 app.datasource.hikari.maximum-pool-size=5
Here we declare also that we want to use HikariCP for connection pooling
Step 4 – Additions in code
Datasource initialization in MvcConfig
@Configuration@Configuration public class MvcConfig extends WebMvcConfigurerAdapter { @Bean @ConfigurationProperties("app.datasource") public HikariDataSource dataSource() { return (HikariDataSource) DataSourceBuilder.create() .type(HikariDataSource.class).build(); } }
And below are the changes have to be made in your main class of the spring boot application
@Autowired DataSource dataSource; @Configuration @EnableWebSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().fullyAuthenticated().and(). httpBasic().and(). csrf().disable(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.jdbcAuthentication().dataSource(dataSource). usersByUsernameQuery("select username,password, enabled from users where username=?"). authoritiesByUsernameQuery("select username, role from user_roles where username=?"); }
Step 5 – Smoke testing
You are almost done! You can now check it by requesting a resource from your Rest API. A dialog will appear and username,password will appear. Users that exist in your database and have the role ‘ROLE_USER’ can login and use your api
You can see more about spring rest web services: https://www.guru99.com/restful-web-services.html
“Hi,
Thanks for the link, deeply appreciated
Coming from an authority like you means a lot.
I can add your link on https://career.guru99.com/resources/
Regards
Alex”