Spring Boot Security Database Authentication Example

In this Spring Security tutorial, we will learn how to implement a custom login form with database authentication using Java, Spring Boot, Spring Security, and a MySQL database. In database authentication, the user enters login credentials (username and password) in a login form and submits it. The application then validates the entered credentials with those stored in the database.

Step 1: Create a Spring Boot Project

Using Spring Initializr

1. Navigate to Spring Initializr: Open Spring Initializr in your browser.
2. Configure the Project:
   • Project: Maven Project
   • Language: Java
   • Spring Boot: 3.2
   • Group: com.rameshfadatare
   • Artifact: springsecuritydatabaseauth
   • Name: springsecuritydatabaseauth
   • Description: Demo project for Spring Boot Security Database Authentication
   • Package name: com.rameshfadatare.springsecuritydatabaseauth
   • Packaging: Jar
   • Java: 17
3. Add Dependencies:
   • Spring Web
   • Spring Security
   • Thymeleaf
   • Spring Data JPA
   • MySQL Driver
   • Lombok
4. Generate the Project: Click on the Generate button to download the project as a zip file.
5. Extract the Zip File: Extract the zip file to your preferred location.

Using an IDE

1. Open Your IDE: Open your preferred IDE (IntelliJ IDEA, Eclipse, etc.).
2. Import the Project: Import the extracted project as a Maven project.

Step 2: Add Maven Dependencies

Ensure your pom.xml contains the necessary dependencies. It should look something like this:

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>com.mysql</groupId>
        <artifactId>mysql-connector-j</artifactId>
        <scope>runtime</scope>
    </dependency>
    <dependency>
        <groupId>org.projectlombok</groupId>
        <artifactId>lombok</artifactId>
        <optional>true</optional>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>
</dependencies>

Step 3: Configure MySQL Database

Create a Database

Create a database in your MySQL server using the following command:

create database login_system;

Configure Database Properties

Add the following properties to the src/main/resources/application.properties file:

spring.datasource.url=jdbc:mysql://localhost:3306/login_system
spring.datasource.username=root
spring.datasource.password=root

# Hibernate ddl auto (create, create-drop, validate, update)
spring.jpa.hibernate.ddl-auto=update

logging.level.org.springframework.security=DEBUG

Step 4: Create JPA Entities

User Entity

Create a User class under the com.rameshfadatare.springsecuritydatabaseauth.model package:

package com.rameshfadatare.springsecuritydatabaseauth.model;

import jakarta.persistence.*;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;

import java.util.Set;

@Setter
@Getter
@NoArgsConstructor
@AllArgsConstructor
@Entity
@Table(name = "users")
public class User {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;
    private String name;
    @Column(nullable = false, unique = true)
    private String username;
    @Column(nullable = false, unique = true)
    private String email;
    @Column(nullable = false)
    private String password;

    @ManyToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
    @JoinTable(name = "users_roles",
            joinColumns = @JoinColumn(name = "user_id", referencedColumnName = "id"),
            inverseJoinColumns = @JoinColumn(name = "role_id", referencedColumnName = "id")
    )
    private Set<Role> roles;
}

Role Entity

Create a Role class under the com.rameshfadatare.springsecuritydatabaseauth.model package:

package com.rameshfadatare.springsecuritydatabaseauth.model;

import jakarta.persistence.*;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;

@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Entity
@Table(name = "roles")
public class Role {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;
    private String name;
}

Step 5: Create Repositories

UserRepository

Create a UserRepository interface under the com.rameshfadatare.springsecuritydatabaseauth.repository package:

package com.rameshfadatare.springsecuritydatabaseauth.repository;

import com.rameshfadatare.springsecuritydatabaseauth.model.User;
import org.springframework.data.jpa.repository.JpaRepository;

import java.util.Optional;

public interface UserRepository extends JpaRepository<User, Long> {

    Optional<User> findByUsername(String username);

    Boolean existsByEmail(String email);

    Optional<User> findByUsernameOrEmail(String username, String email);

    boolean existsByUsername(String username);
}

RoleRepository

Create a RoleRepository interface under the com.rameshfadatare.springsecuritydatabaseauth.repository package:

package com.rameshfadatare.springsecuritydatabaseauth.repository;

import com.rameshfadatare.springsecuritydatabaseauth.model.Role;
import org.springframework.data.jpa.repository.JpaRepository;

import java.util.Optional;

public interface RoleRepository extends JpaRepository<Role, Long> {
    Optional<Role> findByName(String name);
}

Step 6: Create Custom UserDetailsService

Create a CustomUserDetailsService class under the com.rameshfadatare.springsecuritydatabaseauth.service package:

package com.rameshfadatare.springsecuritydatabaseauth.service;

import com.rameshfadatare.springsecuritydatabaseauth.model.User;
import com.rameshfadatare.springsecuritydatabaseauth.repository.UserRepository;
import lombok.AllArgsConstructor;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import java.util.Set;
import java.util.stream.Collectors;

@Service
@AllArgsConstructor
public class CustomUserDetailsService implements UserDetailsService {

    private UserRepository userRepository;

    @Override
    public UserDetails loadUserByUsername(String usernameOrEmail) throws UsernameNotFoundException {
        User user = userRepository.findByUsernameOrEmail(usernameOrEmail, usernameOrEmail)
                .orElseThrow(() -> new UsernameNotFoundException("User not exists by Username or Email"));

        Set<GrantedAuthority> authorities = user.getRoles().stream()
                .map((role) -> new SimpleGrantedAuthority(role.getName()))
                .collect(Collectors.toSet());

        return new org.springframework.security.core.userdetails.User(
                usernameOrEmail,
                user.getPassword(),
                authorities
        );
    }
}

Step 7: Spring Security Configuration

Create a SpringSecurityConfig class under the com.rameshfadatare.springsecuritydatabaseauth.config package:

package com.rameshfadatare.springsecuritydatabaseauth.config;

import lombok.AllArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@AllArgsConstructor
public class SpringSecurityConfig {

    private UserDetailsService userDetailsService;

    @Bean
    public static PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeHttpRequests((authorize) ->
                        authorize.anyRequest().authenticated()
                ).formLogin(
                        form -> form
                                .loginPage("/login")
                                .loginProcessingUrl("/login")
                                .defaultSuccessUrl("/welcome")
                                .permitAll()
                ).logout(
                        logout -> logout
                                .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                                .permitAll()
                );
        return http.build();
    }

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
        return configuration.getAuthenticationManager();
    }
}

Step 8: Create Thymeleaf Templates

Login Page – login.html

Under the /src/main/resources/templates folder, create a login.html file and add the following content:

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
    <meta charset="UTF-8">
    <title>Login System</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css"
          rel="stylesheet"
          integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC"
          crossorigin="anonymous">
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
    <div class="container-fluid">
        <a class="navbar-brand" th:href="@{/index}">Spring Security Custom Login Example</a>
        <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
            <span class="navbar-toggler-icon"></span>
        </button>
    </div>
</nav>
<br /><br />
<div class="container">
    <div class="row">
        <div class="col-md-6 offset-md-3">

            <div th:if="${param.error}">
                <div class="alert alert-danger">Invalid Email or Password</div>
            </div>
            <div th:if="${param.logout}">
                <div class="alert alert-success"> You have been logged out.</div>
            </div>

            <div class="card">
                <div class="card-header">
                    <h2 class="text-center">Login Form</h2>
                </div>
                <div class="card-body">
                    <form method="post" role="form" th:action="@{/login}" class="form-horizontal">
                        <div class="form-group mb-3">
                            <label class="control-label"> Email</label>
                            <input type="text" id="username" name="username" class="form-control" placeholder="Enter email address"/>
                        </div>

                        <div class="form-group mb-3">
                            <label class="control-label"> Password</label>
                            <input type="password" id="password" name="password" class="form-control" placeholder="Enter password"/>
                        </div>
                        <div class="form-group mb-3">
                            <button type="submit" class="btn btn-primary">Submit</button>
                        </div>
                    </form>
                </div>
            </div>
        </div>
    </div>
</div>
</body>
</html>

Welcome Page – welcome.html

Under the /src/main/resources/templates folder, create a welcome.html file and add the following content:

<!DOCTYPE html>
<html lang="en"
      xmlns:th="http://www.thymeleaf.org"
>
<head>
    <meta charset="UTF-8">
    <title>Registration and Login System</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css"
          rel="stylesheet"
          integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC"
          crossorigin="anonymous">
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
    <div class="container-fluid">
        <a class="navbar-brand" th:href="@{/index}">Spring Security Custom Login Example</a>
        <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
            <span class="navbar-toggler-icon"></span>
        </button>
        <div class="collapse navbar-collapse" id="navbarSupportedContent">
            <ul class="navbar-nav me-auto mb-2 mb-lg-0">
                <li class="nav-item">
                    <a class="nav-link active" aria-current="page" th:href="@{/logout}">Logout</a>
                </li>
            </ul>
        </div>
    </div>
</nav>
<br /><br />
<div class="container">
    <div class="row">
        <h1> Welcome to Spring Security world!</h1>
    </div>
</div>
</body>
</html>

Step 9: Create Spring MVC Controller

Create a WelComeController class under the com.rameshfadatare.springsecuritydatabaseauth.controller package:

package com.rameshfadatare.springsecuritydatabaseauth.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;

@Controller
public class WelComeController {

    @GetMapping("/welcome")
    public String greeting() {
        return "welcome";
    }

    @GetMapping("/login")
    public String login() {
        return "login";
    }
}

Step 10: Insert SQL Scripts

Before testing Spring Security, use the following SQL scripts to insert data into the respective tables:

INSERT INTO users VALUES
(1,'ramesh@gmail.com','ramesh','$2a$10$5PiyN0MsG0y886d8xWXtwuLXK0Y7zZwcN5xm82b4oDSVr7yF0O6em','ramesh'),
(2,'admin@gmail.com','admin','$2a$10$gqHrslMttQWSsDSVRTK1OehkkBiXsJ/a4z2OURU./dizwOQu5Lovu','admin');

INSERT INTO roles VALUES (1,'ROLE_ADMIN'),(2,'ROLE_USER');

INSERT INTO users_roles VALUES (2,1),(1,2);

Hibernate will automatically create the database tables, so you don’t need to create the tables manually.

Step 11: Run the Application

1. Run the Application: Use your IDE to run the SpringSecuritDatabaseAuthApplication class.
2. Access the Application: Open your browser and go to http://localhost:8080. You should see the custom login page.

Step 12: Test the Custom Login Page

1. Navigate to the Login Page: Enter http://localhost:8080 in the browser.
2. Login: Enter a username as admin and password as admin, then click the Submit button.
3. After a successful login, you will see the welcome page.

Built-In Logout Feature

1. Click on the logout button in the application to log out.

Conclusion

In this Spring Security tutorial, we learned how to implement a custom login form with database authentication using Spring Security and a MySQL database.