Social Media

Category Archives for Spring Security

Auto-generating Spring Security Tutorial – Memory Realms

Auto-generating Spring Security Tutorial – Memory Realms demonstrates how a simple open source project can generate Spring Security configuration using memory realms

I created a demo spring boot application under github.com/farrelmr/parkrunpbreboot

parkrunpbreboot1

The application is simple and allows your to predict your 5km running time based on previous parkrun performances. For those who dont know what a parkrun is its a free 5km timed run held weekly in an increasing number of places.

Security Requirements

The site has the following links and security requirements –

http://localhost:8080/ Accessible to all
http://localhost:8080/webjars Static Resources – Accessible to all
http://localhost:8080/about.html Static page – Accessible to all
http://localhost:8080/login.html Accessible to all
http://localhost:8080/admin/ Admin User
http://localhost:8080/rest Accessible to all

We also have a requirement to use a memory realm with the structure –

USER PASSWORD ROLES
admin admin admin

Getting Started

The first thing we need to do is uncomment spring security in the maven pom –

We can now begin to create our SecurityConfiguration using –

http://www.glenware.com/spring-security-generator

springsecuritygenerator

Memory Realm with Basic Authentication

The first step is to configure the memory realm. The other security options are Default JDBC, and LDAP, and will be covered in later tutorials

basicauthenticationspringsec

The code is available on gist

We can then copy the generated code to com.glenware.springboot.SecurityConfig, and test the application. The whole application is secured, with the password admin/admin.

We now get the default login page –

login

Fine Tuning

We can now fine tune the requirements –

screen-shot-2016-10-09-at-21-17-08

Again the code is available on gist

This allows free access to the site, except for the admin sections as required. We also now have a formatted login page.

Conclusions

The above tutorial shows how a menu driven application can automatically and simply provide your spring security. The next areas of work are to improve JDBC and REST functionality