Partial preview of the text
Download Spring Boot Web Application and more Study Guides, Projects, Research Computer science in PDF only on Docsity!
Standard February 6, 2017 by|t 39 Comments This is part 6 of the tutorial series for building a web application using Spring Boot. In this post we look at adding a DAO Authentication provider for Spring Security. We started off with the first part by creating our Spring project using the Spring Initializr. In part 2, we rendered a web page using Thymeleaf and Spring MVC. This was followed by part 3 where we looked at setting up Spring Data JPA for database persistence. Part 4 was all about consolidating everything to provide a working Spring Boot MVC Web Application capable of performing CRUD operations. In the previous part 5 of this series, we configured a basic in-memory authentication provider. It's a good starting point to learn Spring Security, but as | mentioned there, it’s not for enterprise applications. A production-quality implementation would likely use the DAO authentication provider. In this part of the series, | will discuss Spring Security with the DAO authentication provider to secure our Spring Boot Web application. We will implement both authentication and role-based authorization with credentials stored in the H2 database. For persistence, we will use the Spring Data JPA implementation of the repository pattern, that | covered in part 3. Although there are several Spring Data JPA implementations, Hibernate is by far the most popular. As the Spring Data JPA dependency is included in our Maven POM, Hibernate gets pulled in and configured with sensible default properties via Spring Boot. This post builds upon 5 previous posts. If you’re not familiar with all the content around Spring, | suggest you to go through this series from the start. JPA Entities Our application already has a Product JPA entity. We'll add two more entities, User and Role . Following the SOLID design principle’s “program to interface ” principle, we will start by writing an interface followed with an abstract class for our entities. DomainObject.java