Tutorial 0 : Authentication with spring security

spring security logo

Tutorial 0 : Authentication with spring security

This tutorial will show you how to implement a login process using the following tech stack:
  • Spring Boot
  • Spring Security
  • JPA (Hibernate)
  • Spring Data JPA
  • PostgreSQL
  • Spring MVC
  • Thymeleaf
  • Bootstrap
  • Java 8



Spring Security is one of the Spring Framework’s Security modules. It is a Java SE/Java EE Security Framework to provide Authentication, Authorization, SSO and other Security features for Web Applications or Enterprise Applications.


Define JPA Entities

JPA Entity is defined with annotation, represent a table in the database.

maps the entity with the table. If no is defined, the default value is used for the class name of the entity.

declares the identifier property of the entity (primary key).

indicates the entity is the owner of the relationship: the corresponding table has a column with a foreign key to the referenced table.

indicates the entity is the inverse of the relationship.




Spring Data JPA Repositories

Spring Data JPA contains some built-in implemented some common functions to work with database: ,…



Service Layer

Now let´s create user service layer(interface and implementation). We will inject the UserRepository into our service class.



Secure the application

To implement login/authentication with Spring Security, we need to implement interface.This interface requires only one method loadUserByUsername(String username).

For web applications, we need to create a specific class that extends . This class have multiples methods we ovveride to setup our security configuration.

  • protected void configure(HttpSecurity http): this method will embed all the authorized requests and urls allowed for public access in application and the ones that are secured. In our case we permit access to all just for the home page. Any other request from users must be over authenfication before access. We have also the possibility to define a login page for authentificate users.
  • protected void configure(AuthenticationManagerBuilder authManagerBuilder): This overriden method serves to specify to the AuthentificationManagerBuilder which UserDetailsService and PasswordEncoder we are going to use.



Manage the views

The register request is used to map all views in the application.
it’s mapping the two views:

  • login.html page
  • welcome.html page


Here is the thymeleaf code source for the two views described above. Thymeleaf based view should be located in resources/templates folder :



Run the application

First you need to create a database with name and run the application by launching the SpringBootApplication class using the command mvn spring-boot:run and visit

Run the script in PostgreSQL database :

Authenticate with one of the two users:
: username=admin, password=admin
: username=user, password=user

Download Source code from



Information about the tutorial

Avatar for Nizar Ellouze

Author: Nizar Ellouze

No Comments

Post a Comment