Spring Boot has some some excellent Getting Started exercises.  Securing a web application is one of them.  I used this as the basis for my first web login form.  Nice and simple.

Screen Shot 2016-07-02 at 14.32.15

Create a new project in Intellij.

Screen Shot 2016-07-02 at 14.32.22

Make sure you select Gradle Project.

Screen Shot 2016-07-02 at 14.32.34

Make sure you have Auto Import ticked.

This will make Gradle pick up changes automatically.

Screen Shot 2016-07-02 at 14.33.06

Your project should be structured like this.

MongoDB Integration

I have been getting up to speed with MongoDB, and wanted to save user credentials in Mongo.  It took a while to get something working, and involved using a couple of tutorials to get things started.

I thought it might be useful to explain what I modified to get MongoDB integration working.  I started off by following the Securing a web application tutorial.  This allowed me to get a basic home -> login -> logged in functionality.

If you want to get the completed code, you can clone this git repo.

I made the following changes:

I added the following dependencies to build.gradle:

Screen Shot 2016-07-02 at 16.26.50

compile group: ‘javax.persistence’, name: ‘persistence-api’, version: ‘1.0’

_These _were mongoDb, and javax.persistence for my auto-generated Id (for my account class).

I created an Account POJO, which holds my user login information:

package com.chocksaway.entity;

import javax.persistence.Id;

public class Account {

    @Id
    private String id;
    private String username;
    private String password;

    public Account(){}

    public Account(String username, String password) {
        this.username = username;
        this.password = password;
    }
    public String getId() {
        return id;
    }
    public void setId(String id) {
        this.id = id;
    }
    public String getUsername() {
        return username;
    }
    public void setUsername(String username) {
        this.username = username;
    }
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
}

The @Id tag declares the auto-generated Id.

The AccountRepository is a wrapper round MongoDB (CRUD) functionality:

package com.chocksaway.repository;

import com.chocksaway.entity.Account;
import org.springframework.data.mongodb.repository.MongoRepository;

public interface AccountRepository extends MongoRepository<Account, String> {

    public Account findByUsername(String username);

}

<strong>Very simple.</strong>

The main change is in WebSecurityConfig:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends GlobalAuthenticationConfigurerAdapter {
    @Autowired
    AccountRepository accountRepository;

    @Bean
    UserDetailsService userDetailsService() {
        return new UserDetailsService() {

            @Override
            public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
                Account account = accountRepository.findByUsername(username);
                if (account != null) {
                    return new User(account.getUsername(), account.getPassword(), true, true, true, true,
                            AuthorityUtils.createAuthorityList("USER"));
                } else {
                    throw new UsernameNotFoundException("could not find the user '"
                            + username + "'");
                }
            }

        };
    }

    @Override
    public void init(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService());
    }
}

**A UserDetailsService _has been implemented. The _username and password have been passed to “accountRepository.findByUsername.” **

Nice and simple, but it took a while to understand how MongoDB integrated with Spring Boot :O)

**The last change was adding a command line CommandLineRunner, which allowed me to add a username, and password to MongoDB on application start: **

@Bean
    CommandLineRunner init(final AccountRepository accountRepository) {
        return new CommandLineRunner() {
            @Override
            public void run(String... arg0) throws Exception {
                accountRepository.save(new Account("username", "password"));
            }
        };
    }

When you run the application, you can see that a these values have been saved in MongoDB (using RoboMongo):

Screen Shot 2016-07-02 at 16.26.50

Update - i’ve added some simple web forms, which allow you to log in as our user.

Run

SecuringSpringBootProjectApplication

:: Spring Boot :: (v1.4.1.RELEASE)

Look for:

Tomcat started on port(s): 8080

Point your web browser at:

http://localhost:8080/login

You will see a web form:

Screen Shot 2016-07-02 at 16.26.50

Click login

Screen Shot 2016-07-02 at 16.26.50

You’ve logged in successfully

Screen Shot 2016-07-02 at 16.26.50
Click “here” to see a greeting

Simple authentication with Spring Boot, and MongoDB :O)

The completed code is here.