Spring Security : jdbc-authentication vs in-memory- authentication
Ways to authenticate your web
dependency :
you can either use in-memory-authentication or jdbc-authentication by simply configure few line of code :
- in-memory-authentication
- jdbc-authentication
Let assume that we have user table in DB :
Note that jdbcAuthentication expects:
- for users-by-username-query :
username
,password
andenabled
- for authorities-by-username-query
username
androle
So the configuration code will be :
Since I used upper(concat(‘role_’, role)) because first I only store authorize name with no prefix in DB such as : admin, user, … and second, I will function .antMatchers(“/url”).hasRole(role) will work only work with authorize name with no prefix(“ROLE_”). If you try that, you will got compile time error:
Caused by: java.lang.IllegalArgumentException: role should not start with ‘ROLE_’ since it is automatically inserted. Got ‘ROLE_ADMIN’