Library11 : Web Spring Boot Project Thyemleaf Security Password BCrypt - AlbertProfe/cifojava2022-5 GitHub Wiki
Welcome to the cifojava2022-5 wiki!
- Base project:
- Library5 base
- POM
- ThymeLeaf dependency
- DataBase H2: Library2
- First-time CREATE DDL : First-time CREATE DDL option (after that UPDATE) in application.properties
- Application.properties
-
Spring official documentation:
- Project security: Securing a Web Application
- Architecture (advanced): Spring Security Architecture
-
POM dependency
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency>
-
Datasource H2 in memory:
spring.datasource.url=jdbc:h2:mem:testdb
-
Let's encrypt password: bcrypt
-
Passswords: 1234 but biaggio/hello_biaggio
-
Data.sql in
resources
INSERT INTO CUSTOMER (ID, FIRSTNAME, LASTNAME, USERNAME, PASSWORD) VALUES (1, 'Toni', 'Montana', 'toni', $2a$12$p7soZI3kAFcxv7QFRFzNP.gjmhHrpDACSJpoTmJQnFFWD6u7IeXNe'); INSERT INTO CUSTOMER (ID, FIRSTNAME, LASTNAME, USERNAME, PASSWORD) VALUES (2, 'Jona', 'Sales', 'joan', '$2a$12$jYdymbsZnCLPKuC2NrZGEO1PZyRVmpmoaBndyn.b.TR2z40686E7.'); INSERT INTO CUSTOMER (ID, FIRSTNAME, LASTNAME, USERNAME, PASSWORD) VALUES (3, 'Biaggio', 'Pitter', 'biaggio', '$2a$12$y3Hc5Mn11BCt9EwMeocF3eS2VTh.anw5C3ZP8D7zTWPZyC/BAOt8e');
-
-
resources/templates
: -
Java Configuration classes:
-
Customizing Authentication Managers:
@Configuration public class ApplicationSecurity extends WebSecurityConfigurerAdapter { @Autowired DataSource dataSource; ... // web stuff here @Override public void configure(AuthenticationManagerBuilder builder) { builder.jdbcAuthentication().dataSource(dataSource).withUser("dave") .password("secret").roles("USER"); } }
-
How Spring Security works? It is a single physical Filter but delegates processing to a chain of internal filters
- Spring Security is a single filter, but, inside of it, there are additional filters, each playing a special role
- The following picture shows the dispatch happening based on matching the request path (/foo/** matches before /**). This is very common but not the only way to match a request. The most important feature of this dispatch process is that only one chain ever handles a request.
- Spring Security is a single filter, but, inside of it, there are additional filters, each playing a special role
-
version 1.0 : very basic project
- Project folder-tree:
- Project execution: