Photo by Kaley Dykstra on Unsplash

Spring Security : jdbc-authentication vs in-memory- authentication

Ways to authenticate your web

Cheav Sovannarith
Published in
2 min readSep 23, 2019

--

dependency :

you can either use in-memory-authentication or jdbc-authentication by simply configure few line of code :

  • in-memory-authentication
  • jdbc-authentication

Let assume that we have user table in DB :

Note that jdbcAuthentication expects:

  • for users-by-username-query : username, password and enabled
  • for authorities-by-username-query username and role

So the configuration code will be :

Since I used upper(concat(‘role_’, role)) because first I only store authorize name with no prefix in DB such as : admin, user, … and second, I will function .antMatchers(“/url”).hasRole(role) will work only work with authorize name with no prefix(“ROLE_”). If you try that, you will got compile time error:

Caused by: java.lang.IllegalArgumentException: role should not start with ‘ROLE_’ since it is automatically inserted. Got ‘ROLE_ADMIN’

Read More :

--

--