WebLogin is Spring Security 5 application intended as a starting point for other Spring security based projects. For example, this project has been integrated with SRM-Spring project to yield Secure-SRM.
Developed with the following technologies:
- MySQL 8
- Spring MVC 4 (including Thymeleaf)
- Maven 3
- BCrypt password encryption
- Variable session length
- MySQL persistent user accounts and Remember-Me tokens
- Granular permissions
- Bootstrap (CSS) and Thymeleaf front-end
- Example database entity (TestRecord) to demonstrate CRUD operations
- User account lock-out after repeated failed login attempts
There are two implementations of the in-memory service: a HashMap based service, @Profile 'map' and a JPA enabled service, @Profile 'SDjpa'. The latter is the more developed and up to date of the two. The marking 'dev' is required to connect to a persistent MySQL database, so to enable connection to MySQL mark the application.properties file with the 'SDjpa' and 'dev' annotations.
An SQL script to build the user's database is here. To build the latest SQL script, enable 'SDjpa' and 'dev', and then uncomment application-dev.yml as directed. Connection to a MySQL daemon is not required when re-building a script.
The data models are defined in /dbUsers. The service methods are declared in /services/BaseService interface, and then defined in /services/map and /services/springDataJPA for the HashMap and MySQL JPA implementations, respectively. Additional custom methods, respectively, can be declared in /services/dbUserServices and/or /repositories.
A BootStrap class which populates the HashMap and JPA services is provided by DataLoader.
Initial security options (credentials, authorisation, session cookies and duration) are set in /config/SecurityConfiguration and the aforementioned DataLoader class.
MySQL database network port, table, and other credentials are located in application-dev.yml. This is enabled by setting @Profile to 'dev'. One will also find the script needed to produce a SQL script based (when connected to a MySQL daemon) on the data models and can be commented out when not required.