Presentation is loading. Please wait.

Presentation is loading. Please wait.

Registration, Login, Thymeleaf

Published byLaurence Paul Modified over 6 years ago

Similar presentations

Presentation on theme: "Registration, Login, Thymeleaf"— Presentation transcript:

1 Registration, Login, Thymeleaf
Spring Security Registration, Login, Thymeleaf Spring Security SoftUni Team Technical Trainers Software University

2 Table of Contents Spring Security Thymeleaf Security Configuration
Registration Login Remember Me CSFR Thymeleaf Security

3 Have a Question? sli.do #JavaWeb

4 What is Spring Security

5 Spring Security framework that focuses on providing both authentication and authorization Authentication Authorization

6 Spring Security Mechanism
Authentication Manager Access Decision Manager Intercept Request Intercept Request Secured Resources Web Client GET username password Valid Credentials Valid Authorization Validate username password Validate Roles Database

7 Spring Security Maven pom.xml <dependency>
<groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>

8 Spring Security Configuration (1)
Extend WebSecurityConfigurerAdapter SecurityConfiguration.java @Configuration @EnableWebSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter { //Configuration goes here } Enable Security

9 Spring Security Configuration (2)
Override configure(HttpSecurity http) SecurityConfiguration.java @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/", "/register").permitAll() .anyRequest().authenticated() } Authorize Requests Permit Routes Require Authentication

10 Registration - User We need to implement UserDetails interface
User.java @Entity public class User implements UserDetails { private String username; private String password; private boolean isAccountNonExpired; private boolean isAccountNonLocked; private boolean isCredentialsNonExpired; private boolean isEnabled; private Set<Role> authorities; }

11 Registration - Roles We need to implement GrantedAuthority interface
Role.java public class Role implements GrantedAuthority { private String authority; } Role Interface

12 Registration - UserService
We need to implement UserDetailsService interface UserServiceImpl.java @Service public class UserServiceImpl implements UserDetailsService { @Autowired private BCryptPasswordEncoder bCryptPasswordEncoder; @Override public void register(RegisterModel registerModel) { bCryptPasswordEncoder.encode(password)); } } Encrypt Password

13 Registration - Configuration
We need to disable CSRF protection temporally SecurityConfiguration.java @Override protected void configure(HttpSecurity http) throws Exception { http .and() .csrf().disable(); } Disable CSRF

14 Login Mechanism Create Session Web Client GET localhost:8080
Session Cookie Validate Session GET localhost:8080 Session Cookie

15 Login - Configuration SecurityConfiguration.java .and()
.formLogin().loginPage("/login").permitAll() .usernameParameter("username") .passwordParameter("password") login.html <input type="text" name="username"/> <input type="text" name="password"/>

16 User Service Interface
Login - UserService UserServiceImpl.java @Service public class UserServiceImpl implements UserDetailsService { @Autowired private BCryptPasswordEncoder bCryptPasswordEncoder; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { } } User Service Interface

17 Login - Controller Error Handling LoginController.java @Controller
public class LoginController { @GetMapping("/login") public String = false) String error, Model model) { if(error != null){ model.addAttribute("error", "Error"); } return "login"; } } Error Handling

18 Logout. No Controller is required
SecurityConfiguration.java .and() logout().logoutSuccessUrl("/login?logout").permitAll() Logout. No Controller is required

19 Remember Me SecurityConfiguration.java .and() .rememberMe()
.rememberMeParameter("remember") .key("remember Me Encryption Key") .rememberMeCookieName("rememberMeCookieName") .tokenValiditySeconds(10000) login.html <input name="remember" type="checkbox" />

20 Print Logged-In username
Principal This is the currently logged user UserController.java @GetMapping("/user") public String getUser(Principal principal){ System.out.println(principal.getName()); return "user"; } Print Logged-In username

21 Requires Admin Role to execute
Pre/Post Authorize Grant Access to specific methods SecurityConfiguration.java @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfiguration extends WebSecurityConfigurerAdapter { } Enables PreAuthorize UserService.java public interface UserService extends UserDetailsService { @PreAuthorize("hasRole('ADMIN')") void delete(); } Requires Admin Role to execute

22 No Access Handling SecurityConfiguration.java
.and() exceptionHandling().accessDeniedPage("/unauthorized") AcessController.java @GetMapping("/unauthorized") @ResponseBody public String unauthorized(){ return "no access"; }

23 CSRF

24 Spring CSFR Protection
AcessController.java .csrf() .csrfTokenRepository(csrfTokenRepository()) private CsrfTokenRepository csrfTokenRepository() { HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); repository.setSessionAttributeName("_csrf"); return repository; } form.html <input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}" />

25 What is Thymeleaf Security

26 Thymeleaf Security Functionality to display data based on authentication rules pom.xml <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity4</artifactId> </dependency>

27 Principal Show the username pom.xml <!DOCTYPE html>
<html lang="en" xmlns:th=" xmlns:sec=" <body> <div sec:authentication="name"> The value of the "name" property of the authentication object should appear here. </div> </body> </html> Show the username

28 Roles Show if you are admin pom.xml <!DOCTYPE html>
<html lang="en" xmlns:th=" xmlns:sec=" <body> <div sec:authorize="hasRole('ADMIN')"> This content is only shown to administrators. </div> </body> </html> Show if you are admin

29 Summary Spring Security – framework that focuses on providing both authentication and authorization Thymeleaf Security– functionality to display data based on authentication rules

30 Web Development Basics – Course Overview
© Software University Foundation – This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike license.

31 License This course (slides, examples, demos, videos, homework, etc.) is licensed under the "Creative Commons Attribution- NonCommercial-ShareAlike 4.0 International" license © Software University Foundation – This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike license.

32 Free Trainings @ Software University
Software University Foundation – softuni.org Software University – High-Quality Education, Profession and Job for Software Developers softuni.bg Software Facebook facebook.com/SoftwareUniversity Software YouTube youtube.com/SoftwareUniversity Software University Forums – forum.softuni.bg © Software University Foundation – This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike license.

Download ppt "Registration, Login, Thymeleaf"

Similar presentations

AngularJS Services Built-in and Custom Services SoftUni Team Technical Trainers Software University

AngularJS Services Built-in and Custom Services SoftUni Team Technical Trainers Software University
AngularJS Directives Defining Custom Directives SoftUni Team Technical Trainers Software University

AngularJS Directives Defining Custom Directives SoftUni Team Technical Trainers Software University
Asynchronous Web Services Writing Asynchronous Web Services SoftUni Team Technical Trainers Software University

Asynchronous Web Services Writing Asynchronous Web Services SoftUni Team Technical Trainers Software University
Sessions and Cookies State Management, Cookies, Sessions, Hidden Fields SoftUni Team Technical Trainers Software University

Sessions and Cookies State Management, Cookies, Sessions, Hidden Fields SoftUni Team Technical Trainers Software University
Processing JSON in.NET JSON, JSON.NET LINQ-to-JSON and JSON to XML SoftUni Team Technical Trainers Software University

Processing JSON in.NET JSON, JSON.NET LINQ-to-JSON and JSON to XML SoftUni Team Technical Trainers Software University
ASP.NET Identity System

ASP.NET Identity System
Doctrine The PHP ORM SoftUni Team Technical Trainers Software University

Doctrine The PHP ORM SoftUni Team Technical Trainers Software University
Web Storage and Cookies Cookies, Local and Session Storage SoftUni Team Technical Trainers Software University

Web Storage and Cookies Cookies, Local and Session Storage SoftUni Team Technical Trainers Software University
First Steps in PHP Creating Very Simple PHP Scripts SoftUni Team Technical Trainers Software University

First Steps in PHP Creating Very Simple PHP Scripts SoftUni Team Technical Trainers Software University
Stacks and Queues Processing Sequences of Elements SoftUni Team Technical Trainers Software University

Stacks and Queues Processing Sequences of Elements SoftUni Team Technical Trainers Software University
Version Control Systems

Version Control Systems
Helpers, Data Validation

Helpers, Data Validation
Auto Mapping Objects SoftUni Team Database Applications

Auto Mapping Objects SoftUni Team Database Applications
Introduction to Servlets

Introduction to Servlets
Sockets, Routing, Sessions, Handlers

Sockets, Routing, Sessions, Handlers
Interface Segregation / Dependency Inversion

Interface Segregation / Dependency Inversion
C# MVC Frameworks – ASP.NET

C# MVC Frameworks – ASP.NET
ASP.NET Essentials SoftUni Team ASP.NET MVC Introduction

ASP.NET Essentials SoftUni Team ASP.NET MVC Introduction
Web API - Introduction AJAX, Spring Data REST SoftUni Team Web API

Web API - Introduction AJAX, Spring Data REST SoftUni Team Web API
Introduction to MVC SoftUni Team Introduction to MVC

Introduction to MVC SoftUni Team Introduction to MVC

Similar presentations

Ads by Google