Spring Security - JDBC Authentication

Spring Security JDBC Authentication is a mechanism in which user credentials (username and password) and roles/authorities are stored in a relational database. During login, Spring Security uses JDBC to query the database, validate user credentials, and determine user permissions.

• User credentials are stored in a relational database.
• Spring Security authenticates users using JDBC queries.
• Supports authentication and authorization.

Importance of JDBC Authentication

JDBC Authentication is important because it stores user credentials and roles in a database instead of hardcoding them in the application. This makes user management easier, more secure, and suitable for real-world applications.

• Centralized User Management – All user accounts and roles are stored in a single database.
• Persistent Storage – User data remains available even after the server restarts.
• Scalability – Can handle a large number of users efficiently.
• Enhanced Security – Supports encrypted passwords and secure authentication mechanisms.
• Easy User Updates – Users, passwords, and roles can be modified directly in the database without changing application code.
• Production Ready – Widely used in enterprise and real-world applications.

Example: Spring Security JDBC Authentication in a Spring MVC Web Project

Step 1: Create a Spring MVC Project

Create a Dynamic Web Project in STS and configure Apache Tomcat.

• STS 4 IDE
• Apache Tomcat Server
• Maven Project
• Java
• MySQL Database

Step 2: Database Setup

Create a database and tables in MySQL:

Insert some test users:

👁 JDBC-Authentication-2.png

👁 JDBC-Authentication-3.png

Step 3: Project Folder Structure

Your project structure should look like this:

Step 4: Add Dependencies in pom.xml

Add the following dependencies to your pom.xml file

• Spring Web MVC
• Java Servlet API
• Spring Security Config
• Spring Security Web
• Spring JDBC
• MySQL Connector Java

pom.xml:

Step 5: Configure Dispatcher Servlet

Go to the src > main > java and create a class WebAppInitilizer. DispatcherServlet acts as the Front Controller and handles all incoming HTTP requests.

WebAppInitilizer.java

Step 6: Configure Spring MVC

Create another class in the same location (src > main > java) and name it MyAppConfig.

MyAppConfig.java

Step 7: Create Controller

Go to the src > main > java and create a class GfgController. This controller handles requests to /gfg.

GfgController.java

Step 8: Create View

Go to the src > main > webapp > WEB-INF > right-click > New > Folder and name the folder as views. Then views > right-click > New > JSP File and name your first view.

hello-gfg.jsp

Step 9: Configure JDBC Authentication

Go to the src > main > java and create a class MySecurityAppConfig and annotate the class with @EnableWebSecurity annotation. This class will help to create the spring security filter chain.

MySecurityAppConfig.java

Step 10: Register Security Filter

Go to the src > main > java and create a class SecurityInitializer. This class will help to register the spring security filter chain with our application.

Step 11: Configure DataSource

Update MyAppConfig.java to include a DataSource bean:

Step 12: Run the Application

• Right-click project -> Run As -> Run on Server.
• Open browser:

http://localhost:8080/springsecurity/gfg

And it will ask for authentication to use the endpoint and a pop-up screen will be shown like this.

👁 Image

Now sign in with your database credentials

• Username: ami
• Password: 123

Note: For learning purposes, plain-text passwords are used; in real applications, passwords must be encrypted using a PasswordEncoder.

And now you can access your endpoint.