Spring Boot + Spring MVC + Spring Security + MySQL
Important → The code has been updated to support Spring Boot 2.2.2, java 11, implement UserDetailService strategy and resolve minor/major issues (January 16, 2020).
GitHub / Code
This tutorial will show you how to implement a Login process using the following tech stack:
- Spring Boot(2.2.2)
- Spring Security
- Spring MVC
- JPA
- Thymeleaf
- Lombok
- MySQL
- Bootstrap (UI Presentation)
- Maven
- Eclipse / IntelliJ
- Java 11
- Packaging (JAR)
Preconditions
- MySQL database with the name “login”
- Install Lombok plugin on Eclipse/IntelliJ
Project Creation
First, let’s use the Spring initializer page to create our maven project with the dependencies listed below.
- Go to → https://start.spring.io/
- Leave everything as it is and select the following dependencies: Security, Web, Security, JPA, MySQL, Thymeleaf and Lombok.
Click on Generate Project button to download the maven project (demo.zip file).
Import Project into Eclipse or IntelliJ
- Unzip the zip file.
- Import into Eclipse as “Existing Maven Project”
- Choose the root directory of the project generated (where the pom.xml file is located) and click on Finish.
Eclipse (Import Project)
IntelliJ(Open Project)
Project Structure Generated
Model Creation
Now let´s create our model classes called User and Role(Entity classes). Lombok is a very useful library used to generate boilerplate code manly for model/data objects.
User
This class includes validations based on the validations provided by Hibernate.
Role
Data Layer (JPA Repositories)
The repositories allow us to access the information stored in the database.
UserRepository
RoleRepository
Service Layer
Now let´s create our service layer. We will inject the UserRepository, RoleRepository and the BCryptPasswordEncoder into UserService .
UserService
MyUserDetailsService (*Important one)
Unit Test (Service Layer)
Configuration File
WebSecurityConfiguration
This class is where the security logic is implemented.
application.properties file
Notes:
- Update with your Database credentials.
If you want to see the complete reference of the application.properties file, please refer to the next page.
Controller Layer
MVC Logic
By default Spring Boot defines the view resolver in the following way.
- Prefix → resources/templates
- Suffix → html
Note: if you want to implement a custom view resolver you can do it using the application.properties file or a java configuration file.
View Layer
login.html
registration.html
SQL Scripts
data.sql
This script will be executed every time the application is launched if you need more roles please include them in this file.
Note: By default Spring Boot will create the database structure if you have provided in the right way your MySQL credentials in the application.properties file.
Register new user
http://localhost:8080/registration
Validations
User Registration
As you can see the password has been stored with a Hash algorithm due we have implemented the BCryptPasswordEncoder in our AuthenticationManagerBuilder.
Login Process
Login Fail
Login Success
Docker
If you want to run the project from a docker container please use the following commands or refer the readme file from the github repository.
- mvn clean install
- docker build — tag login-tutorial .
- docker run — net=host login-tutorial
Note: it will wok only in Linux since “ — net=host” docker argument is not supported by Windows and MacOSx
That’s all folks, as you can see we have implemented a Login process from scratch including password hash strategy. BTW never store passwords in plain text.
If you have any questions or feedback don’t hesitate to write your thoughts in the comments/responses section.
For issues related to code, feel free please create an issue directly in GitHub repository.