authentication in spring security case insensitive

Question

i found that in my app the security with spring security does not check the case of my usernames at loging.

I have this code:

        authBuilder
                .jdbcAuthentication()
                .dataSource(dataSource)
                .usersByUsernameQuery("SELECT username, password, enabled FROM Utenti WHERE username = ?")
                .authoritiesByUsernameQuery("SELECT username, role FROM Utenti WHERE username = ?");

I dont know why when i use different particular cases for the username, the authentication of spring permits all. Can someone help me?

Thanks

score 0 · Answer 1 · answered Jan 30 '22 at 17:27

0

It is probably caused by your DB schema definition. Please check the types of your database columns. By default, Spring provides a schema for H2 which uses type VARCHAR_IGNORECASE. The schema can be adapted though, depending on your requirements and your specific database.

Spring Reference: https://docs.spring.io/spring-security/reference/servlet/appendix/database-schema.html
H2 Type VARCHAR_IGNORECASE: http://h2database.com/html/datatypes.html#varchar_ignorecase_type

answered Jan 30 '22 at 17:27

Bastis Programming Corner

447
2
5

I use Mysql and my table is created with: username varchar(100) not null, password varchar(100) not null, What should I change? – luker74 Feb 06 '22 at 21:53

authentication in spring security case insensitive

1 Answers1