Spring Security 4 for Spring MVC using Spring Data JPA and Spring Boot. I have been writing a series of tutorials on using Spring Security 4 in Spring MVC application starting from the basic in memory authentication. In this post, I am writing a step by step guide to secure a Spring MVC application using Spring Security 4 along with Spring Data JPA and Spring Boot. That sounds like a lot of different concepts to learn, but it is really simple. If you do not know or if you are new to Spring Data JPA or even JPA Java Persistence API, you might probably think why should you go for Spring Data JPA when you can simply use Spring JDBC to secure the application with the user details stored in a database. To understand this, read the next paragraph. Java Persistence API JPA Unlike writing a plain DAO that consists of plain JDBC code everywhere full of Prepared. Statements and Sql. Connections etc, we just map the original fields in the database table to Java classes called Entities, provide SQL queries and let the persistence api handle the connections, query execution etc without writing much boilerplate code. JPA is just a specification and to use it, you must use a provider of this Specification such as Hibernate. In other words, consider JPA as a set of interfaces and you need an implementation of these interfaces to actually use it, which is called a Provider. Any provider or implementation of JPA specification, lets you create Java classes called Entities, provide SQL queries and handle the connections, query execution etc. Overview. The Template Method design pattern is one of the twentythree wellknown GoF design patterns that describe how to solve recurring design problems to design. This article is a step by step guide to secure a Spring MVC application using Spring Security 4 along with Spring Data JPA and Spring Boot. MVC.jpg?w=530&ssl=1' alt='Dao Design Pattern In Java Pdf' title='Dao Design Pattern In Java Pdf' />Spring Data JPA takes a step forward and handles the DAO layer around data repositories with out of the box query generation for most commonly required scenarios. It is not an implementation or a provider of JPA, but it sits on top of JPA and uses the provider of your choice, to generate queries and to do all that the JPA specification is meant to do. It provides a stronger design which is also easy for anyone to implement and you are not tied to any JPA provider. For instance if you are using Hibernate directly in your project, and if it has a bug, your development will halt. But if you use Spring Data JPA and use Hibernate as the provider for Spring Data JPA, you can switch anytime to any other provider like Eclipse. Link or Object. DB etc with very minimal level of code change. I am also going to use Spring Boot which takes care of, Setting up and initializing Spring MVC spring boot starter web Setting up and initializing Spring Security spring boot starter security Setting up and initializing Spring Data JPA with Hibernate as provider spring boot starter data jpaNote Spring Boot Starter JPA uses Hibernate by default and it configures everything that is needed to use Spring Data JPA along with Hibernate. Intent. The Dependency Injection design pattern solves problems like How can an application be independent of how its objects are created How can a class be. Fidget Spinner is a toy. Small child is used for entertainment purpose. You only need to write your entity classes and data repositories. If you want to use any other provider other than Hibernate you should not use Spring Boot Starter JPA, instead include required jars in classpath and write configuration classes to let Spring Data JPA know which provider you are using. Enough of theory now, lets do some real experiment. Create user database and set up user and roles tables with some data. I am using mysql server. DROP TABLE IF EXISTS userroles. DROP TABLE IF EXISTS users. CREATE TABLE users. NOT NULL AUTOINCREMENT. VARCHAR4. 5 NOT NULL. VARCHAR2. 55 NOT NULL. VARCHAR6. 0 NOT NULL. TINYINT NOT NULL DEFAULT 1. PRIMARY KEY userid. CREATE TABLE userroles. NOT NULL AUTOINCREMENT. NOT NULL. role varchar4. NOT NULL. PRIMARY KEY userroleid. UNIQUE KEY uniuseridrole role,userid. KEY fkuseridx userid. CONSTRAINT fkuserid FOREIGN KEY userid REFERENCES users userid. INSERT INTO usersusername,email,password,enabled. VALUES priya,abcabc. CO9. 3CT2. Obg. Mi. Sn. MAWwo. Bke. FOb. Jl. MYiwzz. On. Pls. TP4. 4r. 7q. Vq. 0Jln. INSERT INTO usersusername,email,password,enabled. VALUES naveen,defdef. Jp. PUp. 6CTAe. k. MWmd. RNC. Wie. 58x. DNPfc. Yz. 0DBJx. Wkuc. J6ek. Jui. Jm, true. INSERT INTO userroles userid, role. VALUES 0. 01, ROLEUSER. INSERT INTO userroles userid, role. Il Baricentro Sconcerto. VALUES 0. 02, ROLEADMIN. INSERT INTO userroles userid, role. VALUES 0. 02, ROLEUSER. UTF 8. lt project xmlnshttp maven. POM4. 0. 0 xmlns xsihttp www. XMLSchema instance. Locationhttp maven. POM4. 0. 0 http maven. Version 4. 0. Version. Id org. programmingfreelt group. Id. lt artifact. Id Spring. Security. Spring. Data. Jpa. Applt artifact. Id. lt version 0. Id org. springframework. Id. lt artifact. Id spring boot starter parentlt artifact. Id. lt version 1. RELEASElt version. Id org. apache. Id. Id tomcat embed jasperlt artifact. Id. lt scope providedlt scope. Id javax. servletlt group. Id. lt artifact. Id jstllt artifact. Id. lt dependency. Id org. springframework. Id. lt artifact. Id spring boot starter weblt artifact. Id. lt dependency. Spring Data JPA. Id org. Id. lt artifact. Id spring boot starter data jpalt artifact. Id. lt dependency. Spring Data JPA. Id org. Id. lt artifact. Id spring boot starter securitylt artifact. Id. lt dependency. My. SQL. lt dependency. Id mysqllt group. Id. lt artifact. Id mysql connector javalt artifact. Id. lt dependency. Id org. springframework. Id. lt artifact. Id spring boot maven pluginlt artifact. Id. lt plugin. We have included all dependencies that is required to set up Spring Security using Spring Data JPA, in the pom. Create application. Replace with your connection string. Class. Namecom. mysql. Driver. spring. datasource. My. SQL5. Dialect. Create entity and repository classes. User. javapackage domain. Serializable. import javax. Tablename users. User implements Serializable. Version. UID 1. L. Generated. Valuestrategy Generation. Type. AUTO. Columnnameuserid. Long user. Id. Columnname username. String user. Name. Columnname password. String password. Columnname email. String email. Columnname enabled. User. public UserUser user. Id user. user. Id. Name user. user. Name. Enabled. return enabled. Enabledint enabled. Long get. Userid. Id. public void set. UseridLong userid. Id userid. public String get. Password. return password. PasswordString password. String get. Email. EmailString email. String get. User. Name. return user. Name. public void set. User. NameString user. Name. this. user. Name user. Name. User. Role. javapackage domain. Tablenameuserroles. User. Role. Generated. Valuestrategy Generation. Type. AUTO. Columnnameuserroleid. Long userroleid. Columnnameuserid. Long userid. Columnnamerole. String role. public String get. Role. public void set. RoleString role. Long get. Userid. UseridLong userid. Long get. Userroleid. UserroleidLong userroleid. User class is annotated with Entity, indicating that it is a JPA entity. We also have Table annotation, with the table name to which this entity will be mapped to. In case the table name and the name of entity class is the same you can omit Table annotation.