Skip to content

esm712/session-spring-security

BranchesTags

Repository files navigation

Session Based Authentication with Spring Security and Redis

This project is a Spring Boot application that demonstrates how to implement session-based authentication using Spring Security. It uses Redis as the session store, allowing for scalable and distributed session management.

🚀 Features

  • User Authentication: Secure user registration and login.
  • Session Management: Utilizes Spring Session with Redis to manage user sessions.
  • Role-Based Access Control (RBAC): Endpoints are secured based on user roles (e.g., ROLE_USER).
  • Custom Authentication Filter: Implements a custom LoginFilter for handling authentication logic.
  • Centralized Security Configuration: All security rules, URL permissions, and filter chains are configured in SecurityConfig.

🛠️ Technologies Used

  • Framework: Spring Boot 3
  • Language: Java 17
  • Authentication: Spring Security
  • Database: Spring Data JPA, MySQL
  • Session Store: Spring Session Data Redis, Redis
  • Build Tool: Gradle

⚙️ Project Setup

Prerequisites

  • Java 17 or higher
  • Gradle
  • Docker and Docker Compose (Optional, for running DB/Redis)

Setup with Docker Compose (Recommended)

This project includes a docker-compose.yml file to easily set up the required MySQL and Redis services.

  1. Start the services: Run the following command in the root directory of the project:

    docker-compose up -d

    This will start MySQL on port 3306 and Redis on port 6379 in the background.

  2. Verify: The credentials and database name in docker-compose.yml are pre-configured to match the settings in src/main/resources/application.yml. No further configuration is needed if you use this method.

Manual Configuration

If you are not using Docker, ensure MySQL and Redis are running and accessible.

  1. Database and Redis: Open the src/main/resources/application.yml file and update the following properties to match your local environment:

    • spring.datasource.url
    • spring.datasource.username
    • spring.datasource.password
    • spring.data.redis.host
    • spring.data.redis.port

  2. Database Schema: The application uses spring.jpa.hibernate.ddl-auto: update, which will automatically update the schema based on the entity classes (UserEntity, Role). Ensure you have a database named session (or as configured in the datasource URL).

Running the Application

  1. Build the project:

    ./gradlew build

  2. Run the application:

    ./gradlew bootRun

    The application will start on the default port 8080.

API Endpoints

Method Path Description Authentication
POST /user Registers a new user. Not Required
POST /session Authenticates a user and creates a session. Not Required
DELETE /session Logs out the current user and invalidates the session. Required
GET / A sample protected endpoint that requires ROLE_USER. Required

Example Payloads

1. User Registration (POST /user)

{
  "username": "testuser",
  "password": "password123"
}

2. User Login (POST /session)

{
  "username": "testuser",
  "password": "password123"
}

About

Session 기반 인증(Authentication)/인가(Authorization) 연습 with Spring Security 6

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages