Spring Boot - JDBC Authentication

[Updated: Jun 7, 2018, Created: Jun 7, 2018]

Following example shows how to configure JDBC authentication in Spring Boot. Check out this tutorial to see how to do that in plain Spring Security.


We are using H2 in-memory database to persist the usernames/passwords and Thymeleaf for views.



Configuration class

public class ExampleMain {

  public WebSecurityConfigurerAdapter webSecurityConfig(DataSource dataSource) {
      return new WebSecurityConfigurerAdapter() {
          protected void configure(HttpSecurity http) throws Exception {

          protected void configure(AuthenticationManagerBuilder builder) throws Exception {
                     .passwordEncoder(new BCryptPasswordEncoder())

  public static void main(String[] args) {;

SQL scripts


create table users(
	username varchar_ignorecase(50) not null primary key,
	password varchar_ignorecase(200) not null,
	enabled boolean not null

create table authorities (
	username varchar_ignorecase(50) not null,
	authority varchar_ignorecase(50) not null,
	constraint fk_authorities_users foreign key(username) references users(username)


insert into users (username, password, enabled) values ('bob', '$2a$10$/ns.CwZ9sdhQaVjw/bwBQeelnmTZTI19trLtyY/bjbIVUokAckX8y', true);
insert into authorities (username, authority) values ('bob', 'ROLE_USER');

insert into users (username, password, enabled) values ('sara', '$2a$10$WPDbKLCRnV0UrkEs2IEtUejsZiicxt0/GhUcOkg2.UscjBi8tOmxa', true);
insert into authorities (username, authority) values ('sara', 'ROLE_ADMIN');

Password encoding

In above script we have encoded the passwords by using following utility class. We are using BCryptPasswordEncoder in this example.

public class PasswordEncoderUtil {
  public static void main(String[] args) {
      BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
      String encoded = encoder.encode("123");//bob's password
      encoded = encoder.encode("234");//sara's password

MVC controller

public class AppController {

  public String handler(ModelMap model, HttpServletRequest request) {
      Authentication auth = SecurityContextHolder.getContext()
      model.addAttribute("uri", request.getRequestURI());
      model.addAttribute("user", auth.getName());
      model.addAttribute("roles", auth.getAuthorities());
      return "app";

Thymeleaf view


<!DOCTYPE html>
<html xmlns=""

<h2>Spring Secured App</h2>
<p>app content ......... at uri <span th:text="${uri}"/></p>
<p>User: <span th:text="${user}"/></p>
<p>Roles: <span th:text="${roles}"/></p>
<form action="/logout" method="post">
    <input type="hidden"
    <input type="submit" value="Logout">

Running example

To try examples, run spring-boot maven plugin (configured in pom.xml of example project below):

mvn spring-boot:run

Or run the main method class from IDE.


Accessing http://localhost:8080 in the browser:

On entering valid user/password and submitting:

Example Project

Dependencies and Technologies Used:

  • Spring Boot 2.0.2.RELEASE
    Corresponding Spring Version 5.0.6.RELEASE
  • spring-boot-starter-security : Starter for using Spring Security.
    Uses version 5.0.5.RELEASE
  • spring-boot-starter-web : Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container.
  • spring-boot-starter-thymeleaf : Starter for building MVC web applications using Thymeleaf views.
    Uses org.thymeleaf:thymeleaf-spring5 version 3.0.9.RELEASE
  • spring-boot-starter-jdbc : Starter for using JDBC with the HikariCP connection pool.
    Uses org.springframework:spring-jdbc version 5.0.6.RELEASE
    Uses com.zaxxer:HikariCP version 2.7.9
  • h2 1.4.197: H2 Database Engine.
  • JDK 1.8
  • Maven 3.3.9

JDBC Authentication Select All Download
  • boot-security-jdbc-authentication
    • src
      • main
        • java
          • com
            • logicbig
              • example
        • resources
          • templates

See Also