Spring Security JDBC Authentication

What You'll Learn

Basic JDBC authentication setup using the default schema.
How to configure the AuthenticationManagerBuilder to accept a custom database schema.

Using the WebSecurityConfig class you created in the spring-boot-basic-config labs, autowire your DataSource as a field. The datasource should be auto-configured if you are using spring with, for example, JPA.

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    
    ... 
    
    @Autowired
    private DataSource dataSource;
    
    ...

Using the same class, add a new method that accepts an autowired AuthenticationManagerBuilder class.

@Autowired
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
    
    auth.jdbcAuthentication()
                .dataSource(dataSource);

}

Without further customisation, the manager would work providing your database schema was a match for the default Spring uses. That is:

create table users(
    username varchar_ignorecase(50) not null primary key,
    password varchar_ignorecase(500) not null,
    enabled boolean not null
);

create table authorities (
    username varchar_ignorecase(50) not null,
    authority varchar_ignorecase(50) not null,
    constraint fk_authorities_users foreign key(username) references users(username)
);
create unique index ix_auth_username on authorities (username,authority);

If yours is different, you can customise the manager as shown in the next section.

We will now configure the AuthenticationManagerBuilder to extract information from a schema that differs from the default ‘assumed' by Spring.

@Autowired
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
    
    auth.jdbcAuthentication()
                .dataSource(dataSource)
                .usersByUsernameQuery("select username, password, enabled from User where username = ?")
                .authoritiesByUsernameQuery("select username, roles from user_roles where username = ?");

}

authorities are the roles the user has within the application such as admin, user, lecturer, or staff, etc.
Obviously you will need to change the queries to match the schema you have developed.