Home > Net >  How do you log in with a external database in Spring Security 6?
How do you log in with a external database in Spring Security 6?

Time:12-11

after researching a few hours I couldn't find anything on how to log in when you are using a external database that contains the credentials in Spring Security 6.

package de.gabriel.vertretungsplan.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .authorizeHttpRequests((requests) -> requests
                        .requestMatchers("/vertretungsplan").hasAnyRole("SCHUELER", "LEHRER", "VERWALTUNG")
                        .requestMatchers("/account").hasAnyRole("LEHRER", "VERWALTUNG")
                        .requestMatchers("/administration").hasRole("VERWALTUNG")
                        .requestMatchers("/").permitAll()
                        .anyRequest().authenticated()
                )
                .formLogin();
        return http.build();
    }

}

This currently is my SecurityConfiguration but I can't figure out how to retrieve user information and compare it with the username and password. In my last project I used a UserDetailsService like this

@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
         auth.userDetailsService(userDetailsService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/admin").hasRole("ADMIN")
                .antMatchers("/user").hasAnyRole("ADMIN","USER")
                .antMatchers("/").permitAll()
                .and().formLogin();
    }

    @Bean
    public PasswordEncoder getPasswordEncoder(){
        return NoOpPasswordEncoder.getInstance();
    }

}

but the WebSecurityConfigurerAdapter is outdated so I want to use the new method, which I guess, also uses a UserDetailsService in some way, but I just can't find anything on the internet. I read some articles and watched some videos, but I can't find anything, which is why I wanted to ask here if someone knows how to use the external db for login (and yes, the entity that I am using has no relationships inside the db, if that matters)

CodePudding user response:

A bean implementing UserDetailsService in which you inject a DAO (Repository, ... as you like) that connects to the external DB configured by specific properties (login, password, url, ...) will do the job. You don't anything complex to retrieve user information, a basic JdbcTemplate in the DAO will do the job.

  • Related