package com.javainuse.model;
public class UserRegistration {
private String username;
private String password;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
Next add the controller methods for the user registration. Using the GET method we return the registration page.
Using the Spring form tag with the modelAttribute we specify the backing bean for this form.
Each input field we make use of the form:input tag, this automatically binds the field value to the corresponding value of the backing bean object.
When the user clicks submit the POST method call is made to the controller and the form is automatically bound to the user argument we passed.
Using the bounded user object we then create the database entries using JdbcUserDetailsManager.
JdbcUserDetailsManager provides CRUD operations for both users and authorities granted.
package com.javainuse.controllers;
import java.util.ArrayList;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.provisioning.JdbcUserDetailsManager;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
import com.javainuse.model.Employee;
import com.javainuse.model.UserRegistration;
import com.javainuse.service.EmployeeService;
@Controller
public class EmployeeController {
@Autowired
EmployeeService employeeService;
@Autowired
JdbcUserDetailsManager jdbcUserDetailsManager;
@RequestMapping("/welcome")
public ModelAndView firstPage() {
return new ModelAndView("welcome");
}
@RequestMapping(value = "/register", method = RequestMethod.GET)
public ModelAndView register() {
return new ModelAndView("registration", "user", new UserRegistration());
}
@RequestMapping(value = "/register", method = RequestMethod.POST)
public ModelAndView processRegister(@ModelAttribute("user") UserRegistration userRegistrationObject) {
// authorities to be granted
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
User user = new User(userRegistrationObject.getUsername(), userRegistrationObject.getPassword(), authorities);
jdbcUserDetailsManager.createUser(user);
return new ModelAndView("redirect:/welcome");
}
@RequestMapping(value = "/addNewEmployee", method = RequestMethod.GET)
public ModelAndView show() {
return new ModelAndView("addEmployee", "emp", new Employee());
}
@RequestMapping(value = "/addNewEmployee", method = RequestMethod.POST)
public ModelAndView processRequest(@ModelAttribute("emp") Employee emp) {
employeeService.insertEmployee(emp);
List<Employee> employees = employeeService.getAllEmployees();
ModelAndView model = new ModelAndView("getEmployees");
model.addObject("employees", employees);
return model;
}
@RequestMapping("/getEmployees")
public ModelAndView getEmployees() {
List<Employee> employees = employeeService.getAllEmployees();
ModelAndView model = new ModelAndView("getEmployees");
model.addObject("employees", employees);
return model;
}
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(Model model, String error, String logout) {
if (error != null)
model.addAttribute("errorMsg", "Your username and password are invalid.");
if (logout != null)
model.addAttribute("msg", "You have been logged out successfully.");
return "login";
}
}
Next we modify the security configuration to-
- Create a bean of type JdbcUserDetailsManager
- allow /register page without any security
package com.javainuse.config;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.provisioning.JdbcUserDetailsManager;
@Configuration
@EnableWebSecurity
public class EmployeeSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
// Enable jdbc authentication
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource);
}
@Bean
public JdbcUserDetailsManager jdbcUserDetailsManager() throws Exception {
JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager();
jdbcUserDetailsManager.setDataSource(dataSource);
return jdbcUserDetailsManager;
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/register").permitAll().antMatchers("/welcome")
.hasAnyRole("USER", "ADMIN").antMatchers("/getEmployees").hasAnyRole("USER", "ADMIN")
.antMatchers("/addNewEmployee").hasAnyRole("ADMIN").anyRequest().authenticated().and().formLogin()
.loginPage("/login").permitAll().and().logout().permitAll();
http.csrf().disable();
}
// @Autowired
// public void configureGlobal(AuthenticationManagerBuilder authenticationMgr)
// throws Exception {
// authenticationMgr.inMemoryAuthentication().withUser("admin").password("admin").authorities("ROLE_USER").and()
// .withUser("javainuse").password("javainuse").authorities("ROLE_USER",
// "ROLE_ADMIN");
// }
}