This week's giveaway is in the JDBC forum.
We're giving away four copies of Java Database Connections & Transactions (e-book only) and have Marco Behler on-line!
See this thread for details.
Win a copy of Java Database Connections & Transactions (e-book only) this week in the JDBC forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

Using JPA for Username Password Authenticaion with MySQL in Spring REST Service?  RSS feed

 
Ranch Hand
Posts: 420
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The book Spring in Action discusses how to use JPA in a Spring REST service.

Is there spring support for using JPA to store usernames and passwords for authentication?

Does the book discuss this? Last I remember, there is no discussion of using JPA for storing usernames and passwords in the book.

Can someone point me to a discussion/example/tutorial of how to store usernames and passwords using JPA?

Thanks
Siegfried
 
Ranch Hand
Posts: 90
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Siegfried,

I don't know a lot about Spring myself, but I was looking into this because I will probably need this for a project that I am planning.

Here are two comprehensive-looking tutorials with example code for how to use Spring Security to store usernames and passwords:
  • Hashing and Salting Passwords With Spring Security 2
  • Spring Security: Configuring Secure Passwords


  • Those tutorials both use JDBC, but the first page claims that the actual storage mechanism is abstracted away.

    As far as a general discussion of storing passwords securely, see:

  • Salted Password Hashing - Doing it Right
  • Password Encryption: PBKDF2 (using sha512 x 1000) vs Bcrypt


  • Daniel
     
    author
    Posts: 396
    8
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator

    The book doesn't cover this, but the approach is fairly straightforward.

    First, store user data in the database via a JPA repository just like you would for any entity type. (Be sure to encrypt the password!) Then you can create a custom UserService implementation for Spring Security that uses your JPA repository to fetch the user entity given the username.

    The book doesn't go to this level of detail, but it's certainly possible. I could possibly bake up a simple example if you need one.


    Siegfried Heintze wrote:The book Spring in Action discusses how to use JPA in a Spring REST service.

    Is there spring support for using JPA to store usernames and passwords for authentication?

    Does the book discuss this? Last I remember, there is no discussion of using JPA for storing usernames and passwords in the book.

    Can someone point me to a discussion/example/tutorial of how to store usernames and passwords using JPA?

    Thanks
    Siegfried

     
    Siegfried Heintze
    Ranch Hand
    Posts: 420
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Craig:
    Thanks! I would love to have you "bake up" an example! That would be wonderful!
    Siegfried
     
    Craig Walls
    author
    Posts: 396
    8
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator

    I'm not sure I'll have opportunity to do so this week, but if you follow me on GitHub (https://github.com/habuma) you'll be notified when I push it out there.

    Siegfried Heintze wrote:Craig:
    Thanks! I would love to have you "bake up" an example! That would be wonderful!
    Siegfried

     
    Siegfried Heintze
    Ranch Hand
    Posts: 420
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Well if anyone has time I'd love a minimal example that demonstrates
    (1) Username password authentication/authorization security with JPA
    (2) JPA for a domain object like a guest book visitor or a spittle (yucko! I prefer tweet!)
    (3) REST & JSON service
    (4) Two Simple MVC pages (login page and a get list of tweets or spittles)
    (5) The best of all worlds with an executable spring boot WAR that I could run independently or drop into a jetty or tomcat deploy directory.
    (6) A brief example of a integration test I could run with maven or gradle that would fire up the service and login to the service (with AND without the MVC login web page) and get a session cookie and then subsequently get list of guests or tweets or spittles. I think you said this could be done more easily with spring boot?
    (7) some directions on how to run the integration test.

    OK, I'm asking a lot! I'd love it if you could help me! I've been trying very hard to make this work for a long time now!

    I think this is partially redundant with my other post My other Post: how to run companion code from Spring In Action.

    Thanks
    Siegfried

     
    The knights of nee want a shrubbery. And a tiny ad:
    how do I do my own kindle-like thing - without amazon
    https://coderanch.com/t/711421/engineering/kindle-amazon
    • Post Reply Bookmark Topic Watch Topic
    • New Topic
    Boost this thread!