Spring Security Spring provides a configurable framework for implementing authentication and authorization for an application. The security framework provides ways to login and logout from an application. It also provides authentication at view level and method level. It can also provide you with the login page. Following are the provided by spring security framework • Provide capabilities for login and logout.
• Control access to a link based on the role of the user.
• Provide the ability to hide certain portion of the page if user does not have appropriate privileges.
• Link to database or LDAP for authentication.
To implements spring security we need three jar mainly spring-security-core, spring-security-web and spring-security-config download these jar and set in application class path.

\src\main\webapp\WEB-INF\web.xml

We need to add security configuration and spring-security filter chain in web.xml to tell the container about security setting and configuration.

<web-app id=“WebApp_ID” version=“2.4”

xmlns=“http://java.sun.com/xml/ns/j2ee” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”

xsi:schemaLocation=“http://java.sun.com/xml/ns/j2ee

    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd”>

<display-name>Helical Project</display-name>

<!– Spring MVC –>

<servlet>

<servlet-name>mvc-dispatcher</servlet-name>

<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

<load-on-startup>1</load-on-startup>

</servlet>

<servlet-mapping>

<servlet-name>mvc-dispatcher</servlet-name>

<url-pattern>/</url-pattern>

</servlet-mapping>

<listener>

<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

</listener>

<context-param>

<param-name>contextConfigLocation</param-name>

<param-value>

/WEB-INF/mvc-dispatcher-servlet.xml,

/WEB-INF/spring-security.xml

</param-value>

</context-param>

<!– Spring Security –>

<filter>

<filter-name>springSecurityFilterChain</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>springSecurityFilterChain</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

</web-app>

\src\main\webapp\WEB-INF\mvc-dispatcher-servlet.xml

Here is simple spring-dispatcher, we have added view resolver and component scan attribute to scan application controller

<?xml version=“1.0” encoding=“UTF-8”?>

<beans xmlns=“http://www.springframework.org/schema/beans”

xmlns:context=“http://www.springframework.org/schema/context”

xmlns:mvc=“http://www.springframework.org/schema/mvc”

xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”

xmlns:util=“http://www.springframework.org/schema/util”

xsi:schemaLocation=

            http://www.springframework.org/schema/mvc

            http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd 

            http://www.springframework.org/schema/beans      

            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 

            http://www.springframework.org/schema/context  

            http://www.springframework.org/schema/context/spring-context-3.0.xsd

            http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.2.xsd”>

<context:annotation-config />

<context:component-scan base-package=“com.helical.scrunch.controller” />

<bean class=“org.springframework.web.servlet.view.InternalResourceViewResolver”>

<property name=“prefix”>

<value>/WEB-INF/jsp/</value>

</property>

<property name=“suffix”>

<value>.jsp</value>

</property>

</bean>

</beans>

\src\main\webapp\WEB-INF\spring-security.xml

This is called spring-security configuration file to specify login details and security url’s to check for login.

<beans:beans xmlns=“http://www.springframework.org/schema/security”

xmlns:beans=“http://www.springframework.org/schema/beans” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”

xsi:schemaLocation=“http://www.springframework.org/schema/beans

       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd

       http://www.springframework.org/schema/security

       http://www.springframework.org/schema/security/spring-security-3.2.xsd”>

 

<!– enable use-expressions –>

<http auto-config=“true” use-expressions=“true”>

<intercept-url pattern=“/admin**” access=“ROLE_ADMIN” />

</http>

 

<authentication-manager>

<authentication-provider>

<user-service>

<user name=”test” password=”test” authorities=”ROLE_ADMIN”>

<password-encoder hash=“bcrypt” />

</user-service>

</authentication-provider>

</authentication-manager>

</beans:beans>


\src\main\java\com\helical\scrunch\controller\MainController.java

package com.helical.scrunch.controller;

@Controller

public class MainController {

@RequestMapping(value = “/admin**”, method = RequestMethod.GET)

public ModelAndView adminPage() {

ModelAndView model = new ModelAndView();

model.addObject(“title”, “Redirected to Admin Page”);

model.addObject(“message”, “This page is for ROLE_ADMIN only!”);

model.setViewName(“admin”);

return model;

}

}

Here is admin.jsp page which will display after successful login

\src\main\webapp\WEB-INF\jsp\admin.jsp

<%@taglib prefix=“c” uri=“http://java.sun.com/jsp/jstl/core”%>

<%@page session=“true”%>

<html>

<body>

<h1>Title : ${title}</h1>

<h1>Message : ${message}</h1>

</html>

</body>

Spring provides the build in login page for us or you can develop your own custom login page.

If everything is correct you can see the login page on http://localhost:8080/your-project-name/admin

 

Leave a Reply