Skip to main content

How to use Authentication and Authorization in Spring Security | Role based Authorization

Role based Authorization (Admin and Other User) and Permissions in Spring Security with Spring Boot

spring security role-based authorization and permissions example

In this article, we will see how we can achieve Authentication using inMemoryAuthentication and role based Authorization in Spring Security.

We perform Authentication and Authorization with Spring Boot application that we already seen in older articles.

First Refer below articles related Spring Boot CRUD operation with Rest API and Thymeleaf.

For enable security in spring, first we have to add below dependency in pom.xml file.

Step 1 : Add spring-security dependency in pom.xml file

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

Step 2 : Create new Java class and extends with WebSecurityConfigurerAdapter

After adding dependency, we can use spring security's class and its method.

Create one class and extends with WebSecurityConfigurerAdapter class. Also add @EnableWebSecurity annotation on top of class.

@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { }

Step 3 : Override configure() method for Authentication

Now Override configure() method and pass AuthenticationManagerBuilder class as parameter.

protected void configure(AuthenticationManagerBuilder auth) { }

In this method we use inMemoryAuthentication() for Aunthenticate admin and user.

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {

    auth.inMemoryAuthentication()
        .withUser("admin")
        .password("admin")
        .roles("ADMIN")
        .and()
        .withUser("user")
        .password("user")
        .roles("USER");
}

We also have to create Bean for PasswordEncoder

Step 4 : Adding Bean for Password Encoder

For learning purpose, we are setting up no password encoder. For real web application we mist have to use hash algorithm for password encoding.

@Bean
 public PasswordEncoder getPasswordEncode() {
      return NoOpPasswordEncoder.getInstance();
 }

Step 5 : Override configure() method for Role based Authorization

protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .antMatchers("/books/new").hasRole("ADMIN")
        .antMatchers("/books/edit/*").hasRole("ADMIN")
        .antMatchers("/books/delete/*").hasRole("ADMIN")
        .antMatchers("/").hasAnyRole("ADMIN", "USER")
        .and()
        .formLogin().defaultSuccessUrl("/books", true);
}

The order of the rules matters and the more specific rules should go first. Means we have to use antMatchers path higher to least priority.

Here we are giving all permission to ADMIN role and Reading permission to USER role. After successful login, user redirects to /books URL where all books are displaying that are stored in MySql Database. (Refer old article for Spring BOOT CRUD operation).

Lets see final code for SpringSecurityConfig.java class

package com.example.config;

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
    
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

    auth.inMemoryAuthentication()
        .withUser("admin")
        .password("admin")
        .roles("ADMIN")
        .and()
        .withUser("user")
        .password("user")
        .roles("USER");
    }

    @Bean
    public PasswordEncoder getPasswordEncode() {
        return NoOpPasswordEncoder.getInstance();
    }
    
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/books/new").hasRole("ADMIN")
            .antMatchers("/books/edit/*").hasRole("ADMIN")
            .antMatchers("/books/delete/*").hasRole("ADMIN")
            .antMatchers("/").hasAnyRole("ADMIN", "USER")
            .and().formLogin().defaultSuccessUrl("/books", true);
    }
    
}

Lets see output :

When we hit "http://localhost:8080/" It redirects to "http://localhost:8080/login" page.

Spring security default login page

Login with ADMIN role and Add new Book

Spring security admin role

Spring security admin role authorization


For logout hit "http://localhost:8080/logout" URL and it will ask for confirmation logout.

Login with USER role and trying to Add, Edit or Delete book

When we try to Add, Edit or Delete Book with USER role Spring Security gives Forbidden error (Error code 403 - unauthorized user) because it is accessible only for ADMIN role as we set Authorization in SpringSecurityConfig.java class.

 

User role authorization in Spring Boot



Happy coding... Happy learning...

Other articles :


Comments

Post a Comment

Popular posts from this blog

Plus Minus HackerRank Solution in Java | Programming Blog

Java Solution for HackerRank Plus Minus Problem Given an array of integers, calculate the ratios of its elements that are positive , negative , and zero . Print the decimal value of each fraction on a new line with 6 places after the decimal. Example 1 : array = [1, 1, 0, -1, -1] There are N = 5 elements, two positive, two negative and one zero. Their ratios are 2/5 = 0.400000, 2/5 = 0.400000 and 1/5 = 0.200000. Results are printed as:  0.400000 0.400000 0.200000 proportion of positive values proportion of negative values proportion of zeros Example 2 : array = [-4, 3, -9, 0, 4, 1]  There are 3 positive numbers, 2 negative numbers, and 1 zero in array. Following is answer : 3/6 = 0.500000 2/6 = 0.333333 1/6 = 0.166667 Lets see solution Solution 1 import java.io.*; import java.math.*; import java.security.*; import java.text.*; import java.util.*; import java.util.concurrent.*; import java.util.function.*; import java.util.regex.*; import java.util.stream.*; import static java.util.st
Post a Comment
Read more

Flipping the Matrix HackerRank Solution in Java with Explanation

Java Solution for Flipping the Matrix | Find Highest Sum of Upper-Left Quadrant of Matrix Problem Description : Sean invented a game involving a 2n * 2n matrix where each cell of the matrix contains an integer. He can reverse any of its rows or columns any number of times. The goal of the game is to maximize the sum of the elements in the n *n submatrix located in the upper-left quadrant of the matrix. Given the initial configurations for q matrices, help Sean reverse the rows and columns of each matrix in the best possible way so that the sum of the elements in the matrix's upper-left quadrant is maximal.  Input : matrix = [[1, 2], [3, 4]] Output : 4 Input : matrix = [[112, 42, 83, 119], [56, 125, 56, 49], [15, 78, 101, 43], [62, 98, 114, 108]] Output : 119 + 114 + 56 + 125 = 414 Full Problem Description : Flipping the Matrix Problem Description   Here we can find solution using following pattern, So simply we have to find Max of same number of box like (1,1,1,1). And last
Post a Comment
Read more