Spring Boot, Spring Security, Spring JPA, Thymeleaf, and Liquibase example

1. Introduction

In this blog, we will be creating a Spring MVC project where we would use Spring Boot, Spring Security, Spring JPA, Thymeleaf, Liquibase, and Mysql.

  • Spring Boot makes it easy to create stand-alone, production-grade Spring-based Applications that you can “just run”.
  • Spring Security is a powerful and highly customizable authentication and access-control framework. Spring Security is a framework that focuses on providing both authentication and authorization to Java applications. Like all Spring projects, the real power of Spring Security is found in how easily it can be extended to meet custom requirements.
  • Spring JPA part of the larger Spring Data family, makes it easy to easily implement JPA-based repositories. This module deals with enhanced support for JPA-based data access layers. It makes it easier to build Spring-powered applications that use data access technologies.
  • Thymeleaf is a modern server-side Java template engine for both web and standalone environments. Thymeleaf’s main goal is to bring elegant natural templates to your development workflow — HTML that can be correctly displayed in browsers and also work as static prototypes, allowing for stronger collaboration in development teams.
  • Liquibase is an open-source database schema change management solution that enables you to manage revisions of your database changes easily.

2. Setup

In this section, we will quickly set up a project using Spring Initializr. Using this tool, we can quickly provide a list of Dependencies we need and download the bootstrapped application:


Spring Intialzr

3. Maven Dependencies

Here is the pom.xml file, you should see the below dependencies added:

Here’s the project directory:

4. Spring Security

We had used Spring Security for Authentication, Role-based access to URLs, redirect on the particular pages based on role, and configuring custom access denied page. We are using the database for the authentication part.

The above annotations are mandatory for enabling role-wise security on the method level.

We had also enabled a success handler for redirecting users based on roles.

We had created two users for demo purposes one is for ROLE_ADMIN and another ROLE_USER

For user “ROLE_ADMIN”:

  1. Able to access /admin
  2. Unable to access /user page, redirect to 403 access denied page.

For user “ROLE_USER“:

  1. Able to access /user
  2. Unable to access /admin page, redirect to 403 access denied page.

Below is the code of the Access denied handler:

5. Liquibase

We had integrated Liquibase for managing database revision changes easily throughout the different environments.

Code snippet for db.changelog-master.yaml

6. Thymeleaf

Earlier for page fragments, we were using Apache Tiles, over here we would be using Themeleaf fragments for layout purposes

Below is the config file for Thymeleaf

7. Demo

Start the Spring Boot web application by running the following command:

Access http://localhost:8080/

Access http://localhost:8080/admin , redirect to http://localhost:8080/login


Access http://localhost:8080/signup  page for creating users:

Login with the admin user, and that will redirect to the below page http://localhost:8080/admin

If the admin tries to access http://localhost:8080/user, URL he will be redirect to access denied page http://localhost:8080/403


8. Conclusion

In this quick tutorial, we saw how we can integrate Liquibase, Spring Security, and Thymeleaf in the Spring MVC application. The source code for this application is available over on GitHub.