Spring Security: Convert in-memory auth to database

iamjpcbau :

I'm using in-memory auth to have my login working in spring

However, I want to change it now to persistent database

Please see code below:

JWTWebSecurityConfig

package com.sbc.cpex.security.jwt;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class JWTWebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private JwtUnAuthorizedResponseAuthenticationEntryPoint jwtUnAuthorizedResponseAuthenticationEntryPoint;

    @Autowired
    private UserDetailsService jwtInMemoryUserDetailsService;

    @Autowired
    private JwtTokenAuthorizationOncePerRequestFilter jwtAuthenticationTokenFilter;

    @Value("${jwt.get.token.uri}")
    private String authenticationPath;

    @Autowired
    DataSource dataSource;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

//      auth
//            .userDetailsService(jwtInMemoryUserDetailsService)
//            .passwordEncoder(passwordEncoderBean());

        auth.jdbcAuthentication().dataSource(dataSource)
        .usersByUsernameQuery("select username, password"
            + " from users where username=?")
        .passwordEncoder(passwordEncoderBean());
    }

    @Bean
    public PasswordEncoder passwordEncoderBean() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
            .csrf().disable()
//            .csrf().and().cors().disable()
            .exceptionHandling().authenticationEntryPoint(jwtUnAuthorizedResponseAuthenticationEntryPoint).and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .authorizeRequests()
            .anyRequest().authenticated();

       httpSecurity
            .addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);

        httpSecurity
            .headers()
            .frameOptions().sameOrigin()  //H2 Console Needs this setting
            .cacheControl(); //disable caching
    }

    @Override
    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity
            .ignoring()
            .antMatchers(
                HttpMethod.POST,
                authenticationPath
            )
            .antMatchers(HttpMethod.OPTIONS, "/**")
            .and()
            .ignoring()
            .antMatchers(
                HttpMethod.GET,
                "/" //Other Stuff You want to Ignore
            )
            .and()
            .ignoring()
            .antMatchers("/h2-console/**/**");//Should not be in Production!
    }
}

Steps I did: 1. Comment out these lines

auth
    .userDetailsService(jwtInMemoryUserDetailsService)
    .passwordEncoder(passwordEncoderBean());

2. Add the following lines for jdbcauth

auth.jdbcAuthentication().dataSource(dataSource)
        .usersByUsernameQuery("select username, password"
            + " from users where username=?")
        .passwordEncoder(passwordEncoderBean());

3. Create a class called DataSourceConfig

package com.sbc.cpex.security.jwt;

import javax.sql.DataSource;

import org.springframework.boot.jdbc.DataSourceBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class DataSourceConfig {

    @Bean
    public DataSource getDataSource() {
        DataSourceBuilder dataSourceBuilder = DataSourceBuilder.create(); 
        dataSourceBuilder.username("test"); 
        dataSourceBuilder.password("pass"); 
        return dataSourceBuilder.build(); 
    }
}

But I'm getting this error

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'h2Console' defined in class path resource [org/springframework/boot/autoconfigure/h2/H2ConsoleAutoConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.web.servlet.ServletRegistrationBean]: Factory method 'h2Console' threw exception; nested exception is java.lang.IllegalArgumentException: dataSource or dataSourceClassName or jdbcUrl is required.

Please enlighten me. TIA

Ananthapadmanabhan :

The stack trace itself is self explanatory :

nested exception is java.lang.IllegalArgumentException: dataSource or dataSourceClassName or jdbcUrl is required.

You need to provide the Datasource url when creating a bean of Datasource. From the stacktrace I could understand that you are using H2 . So, you could create a bean like :

@Bean
public DataSource getDataSource() {
    DataSourceBuilder dataSourceBuilder = DataSourceBuilder.create();
    dataSourceBuilder.driverClassName("org.h2.Driver");
    dataSourceBuilder.url("jdbc:h2:mem:test");
    dataSourceBuilder.username("username");
    dataSourceBuilder.password("");
    return dataSourceBuilder.build();
}

In your code, you only provided the username and password part, hence it is throwing the error.

@iamjpcbau Springboot is autoconfiguring H2 as the databse as it is found as a dependency during class path scanning. Since you have provided a Datasource bean , spring automatically takes it up for configuring H2 but the url is missing , which causes the exception that you are receiving.

Inorder to configure another database with your project, configure the database through application.properties or application.yml or manually create configuration beans so that the configuration for your corresponding database is taken up at startup instead of H2.Now, since there are no other database configured and since H2 is found on classpath , spring is configuring that by default.

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=388082&siteId=1

Spring Security: Convert in-memory auth to database

Spring Security: Converter in-memory auth ao banco de dados

An in-memory database a db change tool

Spring Security combat (1) - authentication and authorization based on memory and database models

Spring Security: Convert In-Memory-Auth zur Datenbank

Configure multiple authentication types wit spring security for Basic Auth & JWT

Customize auth error from Spring Security using OAuth2

The MongoDB is as pure in-memory database to use (Redis style)

New features of Oracle Database 21c: In-Memory enhancement

H2 in-memory database usage instructions

H2 in-memory database usage instructions

In-memory database-4-[redis] offline installation in ubuntu

Spring Boot + Spring Security: Role-based authentication and authorization memory database - Part 5

The possibility of pure in-memory (In-Memory) database, no need to write to the disk, so that the memory also has the reliable persistence of the hard disk

spring security custom database permissions

Spring OAuth2 with JWT - Cannot convert access token to JSON When Separating Auth and Resource Servers

Tencent Cloud TcaplusDB became the first batch of products to pass the evaluation of key-value in-memory database functions from the Institute of Information and Communications Technology, setting a benchmark in the in-memory database industry

[Spring ---- Security] Second, the database administrative user rights

Is there a way to use both auth0-spring-security-api and java-jwt in the same project?

Spring Security: Custom UserDetailsService not being called (using Auth0 authentication)

How do I add HTTP basic auth for a specific endpoint with spring security?

When in-memory database meets cloud: SAP HANA Cloud helps enterprises with digital transformation

Open source in-memory database DragonflyDB 1.0 officially GA, can replace Redis

Spring Security (two) memory-based authentication

Spring Security tutorial (2): The custom database queries Spring Security tutorial (b): Custom

spring security using advanced database account and password authentication

Spring Security use database authentication and user password encryption and decryption

SSM + AOP + spring_security implement logging and saved to the database

An article takes you to get Spring Security to store user data in the database

Spring Security fixed data version and database version source code