Spring Security password hashing example
In this tutorial, we will create a login page using Spring security technology. We will also use BCryptPasswordEncoder recommended by Spring in order to hash the password.
To register the data of username and the password, we will create a database userDB. The Role for the user will be handled also. Only the User role which will be used. The user with the role user should be logged in to access the home.html page.
Technologies used in this article :
- Spring boot
- Spring security
The creation of spring using spring boot and Maven is explained here http://mkaroune.e-monsite.com/pages/spring-boot-hiberante-project/project-creation.html. You do not need to add all the dependencies as shown in the article. Only DevTools, Web, Security, JPA and Thymeleaf are needed in this example. Netherless, ws have to add the Thymeleaf Layout Dialect dependency to reuse header on all Thymeleaf template
<dependency> <groupId>nz.net.ultraq.thymeleaf</groupId> <artifactId>thymeleaf-layout-dialect</artifactId> </dependency>
Bellow is the structure of the project
Please follow the steps mentionned in this tutorial to create a database
mysql> CREATE DATABASEuserDB
Create the entities User, Role:
Then create the repositories to interact with the DATABASE
We will create also contraints to check if the password and the confirmPassword have the same value
Now, we will configure the spring boot Security. The user can only acces the register page. Once the user is connected, he can access the home page and logout. This is is configured in the configure(HttpSecurity http) method.
BCryptPasswordEncoder is user in the passwordEncoder method to encode the password value from the login page.
The method configure(AuthenticationManagerBuilder auth) retrieve the user information from the database and checks if the user is registered and the passwords match
In the controller, we create the post method handleRegistration to create the user in the database
Run the application and check if the tables are created.
Bellow is the userDB structure once the project is run:
mysql>show tables; +--------------------+ | Tables_in_userdb | +--------------------+ | hibernate_sequence | | role | | user | +--------------------+ 3 rows in set (0.00 sec)
Add a role to the Role table in userDB database:
mysql> insert INTO `role` VALUES (1,'USER');
Following are the different pages for the front end part of the application
To access to the application: http://localhost:8083
- Register page
- Login page: