How to configure Spring Security to access H2 database console in Spring Boot project

In the previous post, We had set-up a SpringBoot project to develop with H2 database. But if you enable Spring Security in your project, the H2 database console will be blocked with 403 error. So in the tutorial, JavaSampleApproach will show you how to make configuration for resolving the Access Denied problem.

I. Technologies

– Java 8
– Maven build
– Spring Tool Suite editor
– Spring Boot
– H2 database
– Spring Security

II. Problem

If your project uses H2 database to develop and also enable Spring Security, then when accessing to H2 console path: /h2_console, an error Access Denied Page will be thrown.

Why?
-> By default, Spring Security will block /h2_console path of H2 database.
How to resolve it?
-> Solution is a simple configuration with Spring Security as below segment code:

http.csrf().disable(): disable CRSF.
http.headers().frameOptions().disable(): H2 database console runs inside a frame, So we need to disable X-Frame-Options in Spring Security.

III. Practice

In the tutorial, we create a SpringBoot project that uses H2 database for development and be secured by Spring Security.
The H2 console path: /h2_console will be only enabled for admin users.

Step to do:
– Create Spring Security project
– Implement bussiness Web Application with H2 database
– Run and Check results

Project structure:

h2 database security - project structure

1. Create Spring Security project

Using the post: Spring Security – Config Security for Web MVC by Spring Boot to create a Spring Security project.
Then modify the file SecurityConfig as below segment code:

2. Implement bussiness Web Application with H2 database

Follow the tutorial: Integrate H2 database with SpringBoot & Spring JPA in Embedded mode to configure H2 database and implement logic for Web application:

H2 dependency

H2 configuration

– Implement CustomerRestController.java:

3. Run & check results

Build and Run the SpringBoot with commandlines: mvn clean install and mvn spring-boot:run.
Make a request to access H2’s console: http://localhost:8080/h2_console

-> It will redirect to Login page.

Login with an account: user/user, it will redirect to Access Denied Page.
-> Sign out the account by logout request: http://localhost:8080/login?logout

Again, make the request to access H2’s console: http://localhost:8080/h2_console,
then login with user: admin/admin, it will redirect to H2’s login page:

h2 database console security - h2 login page

Press Connect. Then make an request in another tab: http://localhost:8080/save. Then select customers, We have:

h2 database security - successfully working

-> Now, It’s already for development Spring Boot project with Spring Security and H2 database!

IV. Sourcecode

SpringSecurityH2Integration


Related Posts



Got Something To Say:

Your email address will not be published. Required fields are marked *

*