Using JPA for Username Password Authenticaion with MySQL in Spring REST Service?

The book Spring in Action discusses how to use JPA in a Spring REST service.

Is there spring support for using JPA to store usernames and passwords for authentication?

Does the book discuss this? Last I remember, there is no discussion of using JPA for storing usernames and passwords in the book.

Can someone point me to a discussion/example/tutorial of how to store usernames and passwords using JPA?

Thanks
Siegfried

Hi Siegfried,

I don't know a lot about Spring myself, but I was looking into this because I will probably need this for a project that I am planning.

Here are two comprehensive-looking tutorials with example code for how to use Spring Security to store usernames and passwords:

Hashing and Salting Passwords With Spring Security 2

Spring Security: Configuring Secure Passwords

Those tutorials both use JDBC, but the first page claims that the actual storage mechanism is abstracted away.

As far as a general discussion of storing passwords securely, see:

Salted Password Hashing - Doing it Right

Password Encryption: PBKDF2 (using sha512 x 1000) vs Bcrypt

Daniel

The book doesn't cover this, but the approach is fairly straightforward.

First, store user data in the database via a JPA repository just like you would for any entity type. (Be sure to encrypt the password!) Then you can create a custom UserService implementation for Spring Security that uses your JPA repository to fetch the user entity given the username.

The book doesn't go to this level of detail, but it's certainly possible. I could possibly bake up a simple example if you need one.

Siegfried Heintze wrote:The book Spring in Action discusses how to use JPA in a Spring REST service.

Is there spring support for using JPA to store usernames and passwords for authentication?

Does the book discuss this? Last I remember, there is no discussion of using JPA for storing usernames and passwords in the book.

Can someone point me to a discussion/example/tutorial of how to store usernames and passwords using JPA?

Thanks
Siegfried

Craig:
Thanks! I would love to have you "bake up" an example! That would be wonderful!
Siegfried

I'm not sure I'll have opportunity to do so this week, but if you follow me on GitHub (https://github.com/habuma) you'll be notified when I push it out there.

Siegfried Heintze wrote:Craig:
Thanks! I would love to have you "bake up" an example! That would be wonderful!
Siegfried

Well if anyone has time I'd love a minimal example that demonstrates
(1) Username password authentication/authorization security with JPA
(2) JPA for a domain object like a guest book visitor or a spittle (yucko! I prefer tweet!)
(3) REST & JSON service
(4) Two Simple MVC pages (login page and a get list of tweets or spittles)
(5) The best of all worlds with an executable spring boot WAR that I could run independently or drop into a jetty or tomcat deploy directory.
(6) A brief example of a integration test I could run with maven or gradle that would fire up the service and login to the service (with AND without the MVC login web page) and get a session cookie and then subsequently get list of guests or tweets or spittles. I think you said this could be done more easily with spring boot?
(7) some directions on how to run the integration test.

OK, I'm asking a lot! I'd love it if you could help me! I've been trying very hard to make this work for a long time now!

I think this is partially redundant with my other post My other Post: how to run companion code from Spring In Action.

Thanks
Siegfried