6 Hands-On: A small secured web application
This chapter covers
- Applying authentication in a hands-on example.
- Defining the user with the UserDetails interface.
- Defining a custom UserDetailsService.
- Using a provided implementation of PasswordEncoder.
- Defining your authentication logic by implementing an AuthenticationProvider.
- Setting the Form Login authentication method.
We’ve come a long way and have already discussed plenty of details on authentication. And we have applied each of the new details individually. It is time to put what we have learned until now in action together in a more complex example. This hands-on example will help you have a better overview of how all the components we’ve discussed work together in a real application.
6.1 Requirements and setup of the project
In this section, we implement a small web application where the user, after successful authentication, can see a list of products on the main page. You find the complete implementation with the provided projects, in example ssia-ch6-ex1. The products, as well as the users, are stored in a database. The passwords for the users will be either hashed with BCrypt or with SCrypt, for each user. I’ve chosen two hashing algorithms to have a reason in the example to customize the authentication logic. A column in the “users” table will store the encryption type. A third table will store the authorities for the users.