Wednesday, 12 December 2012

Spring Security with Custom Tables

Posted by Naveen Katiyar On 03:12 22 comments

Using custom tables for spring security authentication and authorization

It is not must to use database tables specified in the Spring Security Specification. We can also use our own custom database tables to store user authentication and authorization and use those tables in Spring Security for user authentication and authorizations with some restrictions shown bellow:
  • Your database tables should have enough columns to specify user authentication and role.
  • You have to specify the sql query for which will be used to get user details from your database tables.

We will modify our User authentication and authorization in Spring Security using MySQL tables example and use our own tables instead of Spring Security Specific database tables. So, if you have not read the above tutorial, please read it or if you have prior knowledge of setting up database authentication in Spring Security, you can go ahead.

Tools used :
  • Spring MVC 3.0.3
  • Spring JDBC 3.0.5
  • Spring Security 3.0.5
  • Eclipse Indigo 3.7
  • Tomcat 6
  • Jdk 1.6
  • MySQL 5.1 Database and Driver jar
In this tutorial, we will use our own tables in Spring Security and authenticate the user.

Custom Table Definations

In this example we will use following tables in our database to authenticate the user:


create table user_deatils (
    username varchar(50) primary key,
    password varchar(50) not null,
    name varchar(300) not null,
    address varchar(1000),
    enabled boolean not null
) engine = InnoDb;

create table user_roles(
    role_id integer primary key,
    role varchar(50) not null
) engine = InnoDb;

create table users_role_map (
    username varchar(50) not null,
    role_id integer not null,
    foreign key (username) references users (username),
    foreign key (role_id) references user_roles(role_id)
) engine = InnoDb;


For creating a user detail and role of the user in the database use following MySQL DML insert command :


insert into user_deatils values('admin','admin','Jency Marker','23 Street, Washington',1);
insert into user_roles values(1,'ROLE_ADMIN');
insert into users_role_map values('admin',1);


This will create a user with username and password as “admin” and with role “ROLE_ADMIN” in the custom database tables.


Modifying Spring Security Configuration File

We have to change our Spring Security Configuration file, so that Spring Security uses our custom tables. For this we have to specify two extra attributes in <jdbc-user-service/> tag as follows:


<authentication-manager>
    <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username,password, enabled
        from user_deatils where username=?" authorities-by-username-query="select ud.username, ur.role
        from user_deatils ud, user_roles ur,users_role_map urm
        where ud.username = urm.username and urm.role_id = ur.role_id and ud.username = ? "/>
    </authentication-provider>
</authentication-manager>

Here, there are two attributes that we have specified in <jdbc-user-service/> tag, both of them are actually specifying SQL queries that will be used by Spring Security to authenticate the user:

  • users-by-username-query : This attribute will hold the query according to your custom tables that will select username, password and enabled properties of the user and will take username as parameter.
  • authorities-by-username-query : This attribute will hold the SQL query according to your custom tables that will select username and role of the user and accept username as parameter .
That’s all for using custom database table for user authentication and authorization.


Download Source Code


click here to download the source code


22 comments:

Anonymous said...

buy tramadol online tramadol high good - tramadol 7171

Anonymous said...

generic xanax xanax dosage max - xanax generic 029

Anonymous said...

buy tramadol online tramadol hcl 50 mg does it get you high - tramadol online us

Anonymous said...

buy tramadol overnight tramadol for dogs an 627 - tramadol hcl liver damage

Anonymous said...

tramadol 50mg gettin high on tramadol - tramadol dosage 50 mg

Anonymous said...

xanax online buy xanax online no prescription mastercard - xanax green

Anonymous said...

buy tramadol online tramadol dosage and frequency - tramadol 50 mg biogaran

Anonymous said...

carisoprodol soma does carisoprodol 350 mg look like - drug classification of carisoprodol

Anonymous said...

tramadol 100 mg tramadol for dogs no prescription - safe take 2 50mg tramadol

Anonymous said...

buy tramadol online best high tramadol - buy tramadol online overnight

Anonymous said...

buy cialis online buy cialis in ireland - buy cialis kl

Anonymous said...

xanax online 1mg xanax street price - side effects of xanax 0.25mg

Anonymous said...

buy cialis online brand cialis online usa - generic cialis zoll

Anonymous said...

buy xanax online xanax cheap online no prescription - what does xanax high feel like

Anonymous said...

xanax online xanax online cod - generic xanax s 902

Anonymous said...

http://landvoicelearning.com/#51602 overdose on tramadol - tramadol 50mg vs lortab 10mg

Anonymous said...

ways to buy ativan online ativan withdrawal low dose - ativan withdrawal symptoms

Anonymous said...

ativan for anxiety ativan overdose many - generic medication ativan

Anonymous said...

buy tramadol online buy tramadol online echeck - 5 htp help tramadol withdrawal

Anonymous said...

http://ranchodelastortugas.com/#93851 xanax in system - xanax constipation

Anonymous said...

Cheap Burberry Handbags These furnishings are a good choice.
5L models from the "Iridescence" allowance box, despite well-designed counterfeit bright Jiuzun base, so that this cut apparent just appropriate bright reflects "Iridescence" the cradle of each and every neon, for the account of
Hennessy cheap ugg boot Salon goes on the a large amount of
admirable style. And reproductions may perhaps appearance equally
as terrific.

Visit my weblog: moodle.epvouzela.pt

Anonymous said...

[url=http://my.moverapid.com/prednisolone][img]http://my.moverapid.com/promo.gif[/img][/url]





[size=4][url=http://my.moverapid.com/prednisolone][b][color=blue]Buy [/color][color=red]Prednisolone[/color][color=blue] ONLINE - click here![/color][/b][/url][/size]