Prerequisites
- JDK 17 or later
- Maven or Gradle
- IDE (IntelliJ IDEA, Eclipse, etc.)
Step 1: Set Up a Spring Boot Project
1.1 Create a New Spring Boot Project
Use Spring Initializr to create a new project with the following dependencies:
- Spring Web
- Spring Security
- Spring Data JPA
- H2 Database
- Thymeleaf (optional, for the frontend)
Download and unzip the project, then open it in your IDE.
1.2 Configure application.properties
Set up the application properties for your project. This file is located in the src/main/resources
directory.
# src/main/resources/application.properties
# Server port
server.port=8080
# H2 Database configuration
spring.datasource.url=jdbc:h2:mem:testdb
spring.datasource.driverClassName=org.h2.Driver
spring.datasource.username=sa
spring.datasource.password=password
spring.h2.console.enabled=true
spring.h2.console.path=/h2-console
# JPA configuration
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.H2Dialect
# Thymeleaf configuration (optional)
spring.thymeleaf.cache=false
Step 2: Configure Spring Security
2.1 Create a Security Configuration Class
Create a configuration class to set up Spring Security with "Remember Me" functionality.
package com.example.demo.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(authorizeRequests ->
authorizeRequests
.requestMatchers("/login", "/resources/**").permitAll()
.anyRequest().authenticated()
)
.formLogin(formLogin ->
formLogin
.loginPage("/login")
.permitAll()
)
.logout(logout ->
logout
.logoutUrl("/logout")
.logoutSuccessUrl("/login?logout")
.permitAll()
)
.rememberMe(rememberMe ->
rememberMe
.key("uniqueAndSecret")
.tokenValiditySeconds(86400) // 1 day
);
return http.build();
}
@Bean
public UserDetailsService userDetailsService() {
UserDetails user = User.builder()
.username("user")
.password("{noop}password")
.roles("USER")
.build();
UserDetails admin = User.builder()
.username("admin")
.password("{noop}admin")
.roles("ADMIN")
.build();
return new InMemoryUserDetailsManager(user, admin);
}
}
Explanation:
SecurityFilterChain
: Configures the security filter chain.authorizeHttpRequests
: Defines URL authorization.formLogin
: Configures form-based login.logout
: Configures logout functionality.rememberMe
: Configures "Remember Me" functionality.UserDetailsService
: Provides user details for authentication. Here, an in-memory user store is used.
Step 3: Create the Login and Home Pages
3.1 Create the Login Page
Create a login page using Thymeleaf. Create a file named login.html
in the src/main/resources/templates
directory.
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>Login</title>
</head>
<body>
<h1>Login</h1>
<form th:action="@{/login}" method="post">
<div>
<label>Username:</label>
<input type="text" name="username"/>
</div>
<div>
<label>Password:</label>
<input type="password" name="password"/>
</div>
<div>
<input type="checkbox" name="remember-me"/> Remember Me
</div>
<div>
<button type="submit">Login</button>
</div>
</form>
<div th:if="${param.logout}">
You have been logged out.
</div>
<div th:if="${param.error}">
Invalid username or password.
</div>
</body>
</html>
3.2 Create the Home Page
Create a home page that will be accessible only to authenticated users. Create a file named home.html
in the src/main/resources/templates
directory.
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>Home</title>
</head>
<body>
<h1>Welcome, <span th:text="${#httpServletRequest.remoteUser}">User</span>!</h1>
<a th:href="@{/logout}">Logout</a>
</body>
</html>
Step 4: Create a Controller
4.1 Create the HomeController
Create a controller to handle requests to the login and home pages.
package com.example.demo.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
@Controller
public class HomeController {
@GetMapping("/login")
public String login() {
return "login";
}
@GetMapping("/")
public String home() {
return "home";
}
}
Explanation:
@Controller
: Marks the class as a web controller.@GetMapping("/login")
: Maps GET requests for the login page.@GetMapping("/")
: Maps GET requests for the home page.
Step 5: Running and Testing the Application
5.1 Run the Application
Run the Spring Boot application using your IDE or the command line:
./mvnw spring-boot:run
5.2 Test the Login and Remember Me Functionality
- Open a web browser and navigate to
http://localhost:8080
. - You will be redirected to the login page.
- Enter the username
user
and passwordpassword
, and check the "Remember Me" checkbox. Click the "Login" button. - You should be redirected to the home page and see a welcome message.
- Close the browser and reopen it, then navigate to
http://localhost:8080
again. You should still be logged in and see the welcome message without needing to log in again.
Conclusion
In this tutorial, you have learned how to implement "Remember Me" functionality using Spring Security 6.1 in a Spring Boot 3.2 application. We covered:
- Setting up a Spring Boot project with Spring Security.
- Configuring Spring Security to handle "Remember Me" functionality.
- Creating login and home pages using Thymeleaf.
- Creating a controller to handle requests.
By following these steps, you can effectively manage authentication and session management in your Spring Boot applications using Spring Security.
Comments
Post a Comment