Basic configuration of Spring Security 3 and MySQL

In this post I explain how to implement Spring Security in a web application, as I did in a previous post but the authenticated user’s username and password are not saved to a file .xml but in a MySQL database.
As in the previous post, I configure one user only trying to access index.html and he is redirected to the standard login page for authentication.
In this project I configure log4j and maven too.

  1. create the project SpringSecuritySql
  2. create the file pom.xml

    compared to the previous post, I add the section about MySQL java connector at the bottom of pom.xml and so I import the file mysql-connector-java-5.1.21.jar
  3. create the WEB-INF/web.xml

    note the reference to /WEB-INF/spring-mysql.xml
  4. create the file WEB-INF/log4j.xml
  5. create the file WEB-INF/spring-security.xml

    Here I specify an user named “user” and password “spring”.
    The password is encrypted using Scala and the procedure to get it is explained in the previous post.
    This file is an important part of the user authentication process, the bean with id “encoder” is used to compare the password entered by the user with the encrypted stored in the database and the tag “jdbc-user-service” sets the mysql database (dataSource is defined in the spring-mysql.xml), the basic configuration assumes the tables as explained in Security Database Schema and JdbcDaoImpl; you can use your own customized tables by using the child elements of the tag “jdbc-user-service-users”: users-by-username-query e authorities-by-username-query as you see in jdbc-user-service
  6. create the file /WEB-INF/spring-mysql.xml

    Here I specify the connection to mysql database where [your_username] and [your_password] are those of a mysql user authorized to access to the database spring_users
  7. create the file WEB-INF/views/index.jsp
  8. create the WEB-INF/classes/eu/lucazanini/springsecurity/LoginController.java
  9. create a mysql database named “spring_users” and the tables “users” e “authorities” using the following sql query:

The password has a maximum length of 80 characters and not 50 as specified in Security Database Schema in order to use encrypted passwords with SHA-256 and a salt of 8 bytes, for more information, see Password Encoding e StandardPasswordEncoder

  • launch the app (insert “user” and “spring”)

  • One Reply to “Basic configuration of Spring Security 3 and MySQL”

    1. hello,
      i’ve followed all of these steps but at the end i get this error :
      ….Error
      |
      2014-07-03 10:37:01,604 [http-bio-8080-exec-10] ERROR [/SpringSecuritySql].[gsp] – Servlet.service() for servlet [gsp] in context with path [/SpringSecuritySql] threw exception
      Message: Error mapping onto view [/index]: Error processing GroovyPageView: Cannot invoke method getURLs() on null object
      Line | Method
      ->> 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor
      – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
      | 615 | run in java.util.concurrent.ThreadPoolExecutor$Worker
      ^ 745 | run . . . in java.lang.Thread
      Caused by GroovyPagesException: Error processing GroovyPageView: Cannot invoke method getURLs() on null object
      ->> 77 | runWorker in C:\grails\SpringSecuritySql\grails-app\views\index.gsp
      – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
      Caused by NullPointerException: Cannot invoke method getURLs() on null object
      ->> 10 | doCall in C__grails_SpringSecuritySql_grails_app_views_index_gsp$_run_closure1
      – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
      | 14 | run in C__grails_SpringSecuritySql_grails_app_views_index_gsp
      | 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor
      | 615 | run in java.util.concurrent.ThreadPoolExecutor$Worker
      ^ 745 | run . . . in java.lang.Thread

      Can you please explain to me what have i done wrong?
      thanks in advance

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.