SAP HANA Express Authentication with Spring Security

September 03, 2025

#1

This guide explains how to integrate Spring Security with SAP HANA Express for authentication.

1. Project Setup

Generate a Spring Boot project with dependencies: Spring Web, Spring Data JPA, Spring Security. Add SAP HANA JDBC driver (ngdbc.jar) to Maven as explained in earlier guides.

2. Configure application.properties

spring.datasource.url=jdbc:sap://localhost:39015/?databaseName=HXE
spring.datasource.username=SYSTEM
spring.datasource.password=YourPassword
spring.datasource.driver-class-name=com.sap.db.jdbc.Driver

spring.jpa.hibernate.ddl-auto=update
spring.jpa.database-platform=org.hibernate.dialect.HANARowStoreDialect

3. Create User Entity

import jakarta.persistence.*;

@Entity
public class AppUser {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;
    private String username;
    private String password;
    private String role;

    // getters and setters
}

4. Repository

import org.springframework.data.jpa.repository.JpaRepository;

public interface UserRepository extends JpaRepository<AppUser, Long> {
    AppUser findByUsername(String username);
}

5. Custom UserDetailsService

import org.springframework.security.core.userdetails.*;
import org.springframework.stereotype.Service;

@Service
public class CustomUserDetailsService implements UserDetailsService {
    private final UserRepository repo;

    public CustomUserDetailsService(UserRepository repo) {
        this.repo = repo;
    }

    @Override
    public UserDetails loadUserByUsername(String username) {
        AppUser user = repo.findByUsername(username);
        if (user == null) throw new UsernameNotFoundException("User not found");
        return User.withUsername(user.getUsername())
                .password(user.getPassword())
                .roles(user.getRole())
                .build();
    }
}

6. Security Configuration

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.context.annotation.Configuration;

@Configuration
public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(auth -> auth
                .requestMatchers("/public/**").permitAll()
                .anyRequest().authenticated()
            )
            .formLogin()
            .and()
            .httpBasic();
        return http.build();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

7. Test Authentication

Insert a user into SAP HANA Express:

INSERT INTO APPUSER (USERNAME, PASSWORD, ROLE) 
VALUES ('alice', '{bcrypt}$2a$10$12345encryptedPassword', 'USER');

Run the app and test:

• GET /public/hello → accessible without login
• GET /secure/data → requires username and password