I am new to Spring and Spring Security. I just need a pointer in the right direction:
I have a simple Spring MVC/Spring Security webapp. I want to add login functionality into web app. I have created following two table.
CREATE TABLE "users" (
"USER_ID" NUMBER(10) NOT NULL,
"USERNAME" VARCHAR(45) NOT NULL,
"PASSWORD" VARCHAR(45) NOT NULL,
"ENABLED" NUMBER(1) NOT NULL,
PRIMARY KEY ("USER_ID")
)
CREATE TABLE "user_roles" (
"USER_ROLE_ID" NUMBER(10) NOT NULL,
"USER_ID" NUMBER(10) NOT NULL,
"AUTHORITY" VARCHAR(45) NOT NULL,
PRIMARY KEY ("USER_ROLE_ID"),
CONSTRAINT "FK_user_roles" FOREIGN KEY ("USER_ID") REFERENCES "users" ("USER_ID")
)
I want to authenticate user from database then it checks role of the user.
I know this is dirt simple, so I just need to hear how the process should flow.
It’s just a matter of taking your time to read the Security namespace configuration
Here are some other resources I found useful when I was figuring this out:
Basically you are asking for a complete tutorial. It’s better to ask about specific problems you encounter and show us what you have tried (creating two tables is a bit meagre).
And one more thing: configuring security, even with Spring, is NOT dirt simple. You have to learn about the implications of decisions you make regarding password hashing & salting, password recovery schemes and remember-me functionality to name a few common pitfalls. Also the choice of which pages/paths to secure (intercept-urls) has to be made wisely. This depends on the type of application and the context in which it runs.