initgrep

Themes

Select a theme

3 minsreadprofile image
sheikh irshadAugust 18, 2021

Spring Security - In-Memory Authentication using DaoAuthenticationProvider

Spring Security provides DaoAuthenticationProvider which requires a UserDetailsService and a passwordEncoder bean to perform username and password authentication.

Please note — we will use a spring boot project. You can access the maven dependencies here.

 

Create a Spring Configuration class and extend to WebSecurityConfigurerAdapter

Override the configure(AuthenticationManagerBuilder auth)

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		//we will set the newly created authentication provider here.
		// for example: auth.authenticationProvider(ourcustomAuthProviderInstance)
	}
}

 

Add a password encoder bean

we are BCryptPasswordEncoder here.

@Bean
  public BCryptPasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder(4);
  }

 

Create an instance of UserDetailsService

we will return an instance of InMemoryUserDetailsManager It is an implementation of UserDetailsService interface.

InMemoryUserDetailsManager provides constructors which can take either a collection or varargs array of UserDetails instance. That means, you are free to add multiple UserDetails instances .

public UserDetailsService inMemoryUserDetailsService() {
    UserDetails user1 = User.builder()
      .username("user1")
      .password("password")
      .roles("USER")
      .passwordEncoder((password) -> passwordEncoder().encode(password))
      .build();
    return new InMemoryUserDetailsManager(user1);
  }

 

Create a bean of DaoAuthenticationProvider

we will also set the instances

@Bean
  public DaoAuthenticationProvider inMemoryDaoAuthenticationProvider() {
    DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
    daoAuthenticationProvider.setUserDetailsService(inMemoryUserDetailsService());
    daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
    return daoAuthenticationProvider;
  }

Finally add the DaoAuthenticationProvider in the configure method.

@Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(inMemoryDaoAuthenticationProvider());
  }

That is it. You can now run your Spring boot application and use the username and password of the user you just created for login.

You can access the source code from the GitHub repo here

Read more about the SPRING in the below posts -

Spring security architecture fundamentals - spring security provides a ready to use framework for authentication as well as authorization. it provides authenticationproviders for username and password and basic authentication, ldap authentication, jwt authentication and provides apis for building custom authenticationproviders

Spring security- how to implement username and password authentication - username and password authentication is one of most commonly used methods. spring security provides api's to configure form-based login, basic authentication and many more with storage options such as jdbc authentication, in-memory authentication as well as custom authentication providers

Spring security - jpa implemenation of userdetailsservice for daoauthenticationprovider - jpa based authenticationprovider to provider username and password authentication

Implement firebase custom tokens with spring security - firebase custom tokens allows us to authenticate users with jwt tokens generated in our own servers.

@transactional rollback options in spring data - @transactional provides rollbackon and norollbackon options to control the rollback for exceptions

Spring bean scopes and lookup method injection - spring bean scope defines the lifecycle and the visibility of the instances created from the bean definitions.

Spring security oauth2- jwt authentication in a resource server - spring security provides a minimal setup required to implement the jwt authentication in a resource server

Mastering spring webclient - from basics to advanced techniques - understand what spring webclient is, how to set it up in a spring boot application, perform get and post requests, handle error handling, retry and backoff on specific exceptions.