Library11 : Web Spring Boot Project Thyemleaf Security Password BCrypt
Welcome to the cifojava2022-5 wiki!
- Base project:
- Library5 base
- POM
- ThymeLeaf dependency
- DataBase H2: Library2
- First-time CREATE DDL : First-time CREATE DDL option (after that UPDATE) in application.properties
- Application.properties
-
Let's encrypt password: bcrypt
-
Spring official documentation: Securing a Web Application
-
POM dependency
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency> -
Datasource H2 in memory:
spring.datasource.url=jdbc:h2:mem:testdb -
Data.sql in
resources -
resources/templates: -
Java Configuration classes:
-
Customizing Authentication Managers:
@Configuration public class ApplicationSecurity extends WebSecurityConfigurerAdapter { @Autowired DataSource dataSource; ... // web stuff here @Override public void configure(AuthenticationManagerBuilder builder) { builder.jdbcAuthentication().dataSource(dataSource).withUser("dave") .password("secret").roles("USER"); } } -
How Spring Security works? It is a single physical Filter but delegates processing to a chain of internal filters
- Spring Security is a single filter, but, inside of it, there are additional filters, each playing a special role
- The following picture shows the dispatch happening based on matching the request path (/foo/** matches before /**). This is very common but not the only way to match a request. The most important feature of this dispatch process is that only one chain ever handles a request.
- Spring Security is a single filter, but, inside of it, there are additional filters, each playing a special role
- version 1.0 : very basic project
- Project folder-tree: