Spring Security default database authentication schema - spring

I've been working with the default database model provided by Spring Security to authenticate users. I've realized that Spring Security looks for these tables in the default schema configured for the database engine.
Now, suppose the following:
You are working with PostgreSQL and you have 2 schema: schemaOne and schemaTwo, where schemaOne is configured as the dafault one for the engine. Then, suppose that you have an application that uses schemaTwo, then you will need Spring Security database model to be in that schema. So, once you try to run your application, Spring Security will try to look for the authentication model in schemaOne.
So, my question is: is there a way to push Spring Security to use a different schema than the default one configured for the database engine?.
Thank you.

Well, you can configure custom JDBC queries, for example:
With XML - override authorities-by-username-query, etc.
With JavaConfig - set authoritiesByUsernameQuery(String), etc.
But, I don't think you can just set the schema name.

Related

Spring Security: does it provide an authentication provider for XML database?

We are currently trying to integrate Spring Security into our application.
Our application used to store data in native XMLs. We are in the process of integrating with MySQL.
However, certain sites are still having lots of data in XML and we want to provide backward compatibility.
So does spring security provide authentication mechanism for XML based database just like it does for SQL and LDAP?
Is there a way around this problem?

spring security oauth2 manually generate authcode

HI I am implementing oauth2 using spring security. This application will be deployed in a multi-node clustered environment. How spring will synchronize authorization code between multiple nodes? It can be achieved via jdbcAuthorizationCodeServices but I can't use relational DB. Requirement is to use NoSql DB. Is there a way to add custom plug-in custom authorization code generator which will be used by spring to create and consume auth code (Code example will be really helpful)?
Thanks

Spring-boot JPA connect to postgres where database and schema are provided at runtime

I am building a multi-tenant application, where the tenant database configuration are stored in Redis. Based on the request, I will query the Redis to get the database and schema configured for that tenant, this application is built on spring boot.
I took a look at spring boot's JPA sample, and did some more google to find a suitable solution for this, unfortunately, I couldn't find one.
Is this really possible to use JPA sample provided here ?
https://github.com/spring-projects/spring-boot/tree/master/spring-boot-samples/spring-boot-sample-data-jpa
Please suggest me any other best possible way to tackle this problem
Thanks
Spring Data JPA uses JPA annotations to define domain model. These JPA entities define schema for your database. Obviously you can't change these entities, nor DB schema on runtime.
So no, updating schema on runtime is not possible with Spring Boot + Spring Data JPA combo.
Database connection (e.g. DB URL, username password) could be more flexible. You would need to create DataSource beans programmatically and somehow programatically define which data source to use for each query per tenant. But this wasn't requirement of Spring nor JPA ecosystem, therefore you may face lot of issues.
I was working on such system before, but we were using plain SQL queries via JDBC and were creating DB connection programatically to achieve schema changes on runtime.

Spring JPA change datasource depending on request header

I developed an application with spring-data-rest.
I love it and it works like a charme.
What I want to do (to implement one backend for multiple customers) is to change the datasource of my repository depending on an apikey which is sent in a custom request header.
The connection info (url, credentials, database) can be retrieved from an external microservice which manages all the database configurations.
The idea is to retrieve all available database connections on startup and store them in a map with apikey as key and the connection info as value.
I´m not clear about how I can change the datasource of my repo for each incoming request at runtime.
Any ideas?
Depending on your JPA provider, what you are wanting will be multi-tenancy support.
For Hibernate, there is a nice multi-tenancy API available that plugs in with Spring very nicely for configuring what data source to use. MultiTenantConnectionProvider and CurrentTenantIdentifierResolver for some API details.
I finally found a solution using the AbstractRoutingDataSource.
This article saved my day. A really easy to use and to understand solution.
http://fizzylogic.nl/2016/01/24/Make-your-Spring-boot-application-multi-tenant-aware-in-2-steps/

Spring Security - Preventing Users access to a page if an id is invalid

I am new to Spring Security and am mulling over the idea of using it or not in my application.
The requirement is as follows :
In my web application i store a session information inside the database,a key for this is stored in a cookie
2.Now whenever someone tries to access a url which is not according to the flow i want to deny access.
3.Can i use Spring Security for this.
I am using Spring MVC,Mongo DB and MySQL as the develeoment environment.
Regards,
Abhishek
If you're trying to simply control the flow of an application, I'd suggest using Spring Webflow. This allows you to define set flows in a multi-page application.
Spring Security can be used to control flows, but only for access control. It integrates well with Webflow (and with Spring MVC) to ensure you can secure some or all of your flows.

Resources