Friday, January 13, 2012

Spring Security 3.1 - Implement UserDetailsService with Spring Data JPA (Part 1)

In this tutorial, we will create a simple Spring MVC application and secure it with Spring Security 3.1. We have a custom database schema where we will retrieve our authorized users and respective roles. Consequently, we will implement a custom UserDetailsService with the help of Spring Data JPA for quick implementation of JPA based repositories.


  • Spring core 3.1.0.RELEASE
  • Spring Security 3.1.0.RELEASE
  • Spring Data JPA 1.1.0.M1
  • See pom.xml for details


To access the source code, please visit the project's Github repository (click here)

Functional Specs

Before we start, we define our application's specs as follows:
  • Two types of users: admin and regular users
  • A login page that's accessible to all types of users, including unauthorized users
  • All other pages are visible to registered users only
  • A home page
  • A user page
  • An admin page which is visible only to admins


As mentioned earlier, our application relies on a custom database schema to obtain its users.
The database contains two tables: user and role tables.

user and role table design

User table

The user table contains personal information of each user. Notice the password values are hashed using Md5.

user table

Role table

The role table contains role values of each user. We define a role value of 1 as an admin, while a role value of 2 as a regular user.

role table


Before we start the actual development, let's preview how our application should look like by providing screenshots. This is also a good way to clarify further the application's specs.

Login page
The login page contains two input fields: a username and a password field.


Login failure page
When a user fails to login, the login page is displayed again with an error message Login Failure! at the bottom.

Login failure

User's view
When a regular user logs-in, the user should be redirected to the home page with Home, User, and Logout pages accessible to the user.

User's view

Admin's view
When an admin user logs-in, the user should be redirected to the home page with Home, User, Admin, and Logout pages accessible to the user.

Admin's view

Logout success page
When a user successfully logs out, the login page is displayed again with a success message Logout Success! at the bottom.

Logout success


In the next section, we will discuss the project's structure and start writing the Java classes. Click here to proceed.
StumpleUpon DiggIt! Blinklist Yahoo Furl Technorati Simpy Spurl Reddit Google I'm reading: Spring Security 3.1 - Implement UserDetailsService with Spring Data JPA (Part 1) ~ Twitter FaceBook

Subscribe by reader Subscribe by email Share


  1. /* Excuse me for my english */
    First, I thank Mr. Krams for this very interesting tutorial. and i wonder if
    someone can help me by posting an updated pom.xml for this project, in fact there is some problems in the "goldin" dependency.
    thank you

    1. Can you elaborate what specific problems are these?

    2. no persistence unit hibernate jpa found)) error Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/spring-data.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: No persistence unit with name 'hibernatePersistenceUnit' found
      at [spring-beans-3.1.0.RELEASE.jar:3.1.0.RELEASE]

  2. No doubt this tutorial is interesting and useful in some way. But Spring JPA in real production... too many Spring...

    1. I don't see what's wrong with Spring JPA in real production. We use Spring JPA in production and it saved us development time. Adding a new query is just a matter of updating the interface.

  3. Very thanks for this interesting tutorial.
    But it would be very helpful to add to this tutorial example how to implement
    internationalization and localization for Spring Security.
    I google a lot about this problem but find out only how to implement internationalization and localization
    for Spring MVC (for example
    I can't found working example of Spring Security. I mean that I want to have change locale on the login page
    and get error message on the login page accordingly to this locale.
    I trying to implement my own decision for this problem, but it always get messages in system locale.

    Thank you

  4. Hi, Is there anyway to define user roles in dynamically? instead of hard coding we can able to dynamically add/delete roles for a define entitlements.

  5. Great job ! Thanks for this nice tutorial ;)

  6. Hey Krams, I would like to ask you a question regarding a database schema of your example. I would suppose that if there are two tables for the user and his roles because one user can have one or many roles assigned. However, you are using OneToOne relationship with User and Role entity object further on. In this case I see no point of using two tables and entities there... We could have only user entity with additional "role" attribute.

  7. I have read your blog its very attractive and impressive. I like it your blog.

    Spring online training Spring online training Spring Hibernate online training Spring Hibernate online training Java online training

    spring training in chennai spring hibernate training in chennai

  8. Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.

    core java training in Electronic City

    Hibernate Training in electronic city

    spring training in electronic city

    java j2ee training in electronic city

  9. Great Article… I love to read your articles because your writing style is too good,
    its is very very helpful for all of us and I never get bored while reading your article because,
    they are becomes a more and more interesting from the starting lines until the end.

    Java training in Chennai

    Java training in Bangalore

    Java online training

    Java training in Pune