Spring EnableEncryptableProperties with Jasypt

Spring EnableEncryptableProperties with Jasypt shows an example how to avoid putting clear text password for database connection credentials in properties file. Jasypt means Java simplified encryption. Here we are going to use Spring version 4 with Jasypt (Java simplified encryption). Here we are also going to use Spring Data JPA to perform the data layer activities with database.

If you put clear text password in properties file then everybody even people who should not see password would gain access to your database and may change database tables values, structure or even may delete without your consent. So it is always better to put the password in an encypted way to avoid such unwanted issues.

Here we will create Gradle based Spring Boot application with Spring Data JPA and apply Jasypt (Java simplified encryption) to extra layer of security for your password.

Jasypt Spring Boot provides Encryption support for property sources in Spring Boot Applications. There are 3 ways to integrate Jasypt in your spring boot project:

Simply adding the starter jar jasypt-spring-boot-starter to your classpath if using @SpringBootApplication or @EnableAutoConfiguration will enable encryptable properties across the entire Spring Environment

Adding jasypt-spring-boot-starter to your classpath and adding @EnableEncryptableProperties to your main Configuration class to enable encryptable properties across the entire Spring Environment

Adding jasypt-spring-boot-starter to your classpath and declaring individual encryptable property sources with @EncrytablePropertySource

Continue reading “Spring EnableEncryptableProperties with Jasypt”

@PreAuthorize annotation – hasPermission example in Spring Security

In this tutorial I will show you the most useful annotation is @PreAuthorize which decides whether a method can actually be invoked or not based on user’s role and permission. hasRole() method returns true if the current principal has the specified role and hasPermission() method returns true if the current user’s rola has the specific permission such as READ, WRITE, UPDATE or DELETE. By default if the supplied role does not start with ROLE_ will be added. This can be customized by modifying the defaultRolePrefix on DefaultWebSecurityExpressionHandler.

You can check my previous tutorial on hasRole @PreAuthorize annotation – hasRole example in Spring Security

Continue reading “@PreAuthorize annotation – hasPermission example in Spring Security”

@PreAuthorize annotation – hasRole example in Spring Security

In this tutorial I will show you the most useful annotation is @PreAuthorize which decides whether a method can actually be invoked or not based on user’s role. hasRole() method returns true if the current principal has the specified role. By default if the supplied role does not start with ROLE_ will be added. This can be customized by modifying the defaultRolePrefix on DefaultWebSecurityExpressionHandler.

You can check my tutorial on hasPermission @PreAuthorize annotation – hasPermission example in Spring Security

Continue reading “@PreAuthorize annotation – hasRole example in Spring Security”

Spring Security Pre-authentication Example

There are situations where you want to use Spring Security for authorization, but the user has already been reliably authenticated by some external system prior to accessing the application. In such situations where Spring Security Pre-authentication comes into picture we refer to these situations as “pre-authenticated” scenarios. Examples include X.509, Siteminder and authentication by the J2EE container in which the application is running. When using spring security pre-authentication, Spring Security has to

Identify the user making the request

Obtain the authorities for the user

The details will depend on the external authentication mechanism. A user might be identified by their certificate information in the case of X.509, or by an HTTP request header in the case of Siteminder. If relying on container authentication, the user will be identified by calling the getUserPrincipal() method on the incoming HTTP request. In some cases, the external mechanism may supply role/authority information for the user but in others the authorities must be obtained from a separate source, such as a UserDetailsService.
Continue reading “Spring Security Pre-authentication Example”

Spring Security Remember Me – Persistent Token Approach

This tutorial will show you how to remember your credentials for a specific time period for auto-login without providing any login credentials into the login form.

Remember-me or persistent-login authentication refers to web sites being able to remember the identity of a principal between sessions. This is typically accomplished by sending a cookie to the browser, with the cookie being detected during future sessions and causing automated login to take place. Spring Security provides the necessary hooks for these operations to take place, and has two concrete remember-me implementations. One uses hashing to preserve the security of cookie-based tokens and the other uses a database or other persistent storage mechanism to store the generated tokens.

In my previous tutorial I have shown  but this example uses database storage to store generated tokens for Remember Me login implementation.

Continue reading “Spring Security Remember Me – Persistent Token Approach”

Spring Security Form Based Login – Remember Me

This tutorial will show you how to remember your credentials for a specific time period for auto-login without providing any login credentials into the login form.

Remember-me or persistent-login authentication refers to web sites being able to remember the identity of a principal between sessions. This is typically accomplished by sending a cookie to the browser, with the cookie being detected during future sessions and causing automated login to take place. Spring Security provides the necessary hooks for these operations to take place, and has two concrete remember-me implementations. One uses hashing to preserve the security of cookie-based tokens and the other uses a database or other persistent storage mechanism to store the generated tokens.

Continue reading “Spring Security Form Based Login – Remember Me”

Spring Security – JDBC Authentication using UserDetailsService

In my previous tutorials, I have shown in-memory authentications Spring Security Form based Authentication – XML ConfigurationSpring Security Form based Authentication – AnnotationsSpring Security – JDBC Authentication but in this tutorial I will show you how to authenticate user using Spring JDBC UserDetailsService and Spring MVC web application to secure pages. I will create spring mvc based web application and I will configure Spring Security to protect a page from outside access.

Spring Security allows to you to integrate security features with JEE web application easily, it takes care about all incoming HTTP requests via servlet filter, and implements “user defined” security checking.

In this tutorial, I will show you how to integrate Spring Security 4.2.1 with Spring MVC4 web application to secure URL access. Continue reading “Spring Security – JDBC Authentication using UserDetailsService”

Spring Security – JDBC Authentication

In my previous tutorials, I have shown in-memory authentications Spring Security Form based Authentication – XML ConfigurationSpring Security Form based Authentication – Annotations but in this tutorial I will show you how to authenticate user using Spring JDBC and Spring MVC web application to secure pages. I will create spring mvc based web application and I will configure Spring Security to protect a page from outside access.

Spring Security allows to you to integrate security features with JEE web application easily, it takes care about all incoming HTTP requests via servlet filter, and implements “user defined” security checking.

In this tutorial, I will show you how to integrate Spring Security 4.2.1 with Spring MVC4 web application to secure URL access. Continue reading “Spring Security – JDBC Authentication”

Spring Security Form based Authentication – Annotations

In my previous tutorial, I have shown Spring Security Form based Authentication – XML Configuration but in this tutorial I will show you annotations way to configure Spring Security with Spring MVC web application to secure pages. I will create spring mvc based web application and I will configure Spring Security to protect a page from outside access.

Spring Security allows to you to integrate security features with JEE web application easily, it takes care about all incoming HTTP requests via servlet filter, and implements “user defined” security checking.

In this tutorial, I will show you how to integrate Spring Security 4.2.1 with Spring MVC4 web application to secure URL access. Continue reading “Spring Security Form based Authentication – Annotations”

Spring Security Form based Authentication – XML Configuration

In this tutorial I will show you the way to configure Spring Security with Spring MVC web application to secure pages. I will create spring mvc based web application and I will configure Spring Security to protect a page from outside access.

You may also like annotation based example Spring Security Form based Authentication – Annotations

Spring Security allows to you to integrate security features with JEE web application easily, it takes care about all incoming HTTP requests via servlet filter, and implements “user defined” security checking.

In this tutorial, I will show you how to integrate Spring Security 4.2.1 with Spring MVC4 web application to secure URL access. Continue reading “Spring Security Form based Authentication – XML Configuration”