1

Hello I have a Spring Boot application, which only has 1 Admin and no users. I already created a Table called: "administrator" which contains the username and a String with the hashed password. (I put the password in a converter to do so.)

Now my question is what I should change in the WebSecurityConfiguration.java so that the code checks the hash in my database with the String I've written in the login form to be able to log in.

My code: 

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("admin").password("admin").roles("ADMIN");

 }

I found the following but I still don't really know what to do:

Community
  • 1
  • 1
PrestigeDev
  • 567
  • 8
  • 20
  • Did you read the doc? http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#jc-authentication-jdbc –  Dec 31 '15 at 12:39
  • I looked at it but it doesn't really show how to do the authentication. I read that I need to code end encode the password. But I don't know what changes I have to do, that it codes my password defined in the WebSecurity, saves it in the database and is able to encode it from the db, when I try to autheticate. – PrestigeDev Dec 31 '15 at 13:41
  • see http://www.mkyong.com/spring-security/spring-security-form-login-using-database/ for example and http://stackoverflow.com/questions/8521251/spring-securitypassword-encoding-in-db-and-in-applicationcontext –  Dec 31 '15 at 14:13
  • Use a `PasswordEncoder` as `BCryptPasswordEncoder`, so you get Spring Security configured with a one-way encoder for your passwords. Passwords never should be decoded, that's one of security best practices. – Aritz Jan 01 '16 at 21:54

1 Answers1

0

It would look like this:

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

auth.jdbcAuthentication().dataSource(this.dataSource)
.usersByUsernameQuery("select email, password, active from user where email=?")
.authoritiesByUsernameQuery("select u.email, r.role from user u inner join user_role ur on(u.user_id=ur.user_id) inner join role r on(ur.role_id=r.role_id) where u.email=?").passwordEncoder(passwordencoder());
 }

@Bean(name="passwordEncoder")
    public PasswordEncoder passwordencoder(){
     return new BCryptPasswordEncoder();
    }
Marcelo Vinicius
  • 805
  • 10
  • 8