Monday, 26 November 2012

Spring Security hello world example

Use Spring security to provide a simple login authentication form to secure URL access in web application.

Thanks to mkyong. This tutorial is based on his tutorial

Spring Security allows developer to integrate security features with J2EE web application easily, it highjacks incoming HTTP request via servlet filters, and implements “user defined” security checking.

In this tutorial, we show you how to integrate Spring Security 3.0 with Spring MVC web application to secure URL access. After implemented Spring security, to view the content of the page, users need to key in correct “username” and “password”

Technologies used :

    • Spring 3.0.5.RELEASE
    • Spring Security 3.0.5.RELEASE
    • Eclipse Indigo
    • JDK 1.6
    • Maven 3


      Step : 1 

      If you are new java and Maven, then first setup environment in your local document. This document will help you to set up Java, Maven and Tomcat.

      Step : 2

      In the Eclipse IDE, Select File –> New –> Other –> Maven Project as shown here.


      In the next screen, Verify that the Create a simple project checkbox is disabled and click Next.


      In the next screen, Enter maven-archetype-webapp as a filter, select maven-archetype-webapp in the artifact list and click Next


      In the next screen, enter the values as shown and Click Finish


      After finish, the following project will be created with the folders as shown.


      Step : 3

      Let us create our java folder where we will create all required java classes here. Goto the Project SpringDemomvc->Src->Main and Right click and say  new folder. 
      Enter the new folder name as   "Java".
      Now let include this folder into Project build path.Follow the steps

      1. Select springdemomvc in the Navigator.
      2. Right Click and Select Properties
      3. Select Java Build Path in the Left hand Tree.
      4. Go to Source Tab
      5. Select "Add Folder" in the right hand side.
      6. Select Java Folder and click ok.
      7. Now select Edit and enter "**/*.java" in inclusion pattern in the top.


      Step : 4

      POM File changes. Let us do the following changes in the POM.XML File

      1. By default, Maven 3 will use the JDK 1.4 to compile the source of your project, which is rather old and obsolete. Fortunately, Maven comes with a Maven Compiler Plugin, which enable Maven to compile the project source with a particular JDK version.

      2. Spring Security Dependencies: To use Spring security 3.0, you need “spring-security-core.jar“, “spring-security-web.jar” and “spring-security-config.jar“.    

      Spring libraries are available in Maven central repository. Let us add this into POM.XML File as follows (You can remove all the content and copy from here and paste it)

      <project xmlns="" xmlns:xsi=""
      <name>springdemomvc Maven Webapp</name>



      <!-- Spring 3 -->



      <!-- Spring Security -->





      Step : 5

      A simple Spring MVC to return a “hello.jsp” page, via URI “/welcome“. Later use Spring security to secure this URL access. Select java folder and Select new Class.  Give the package name as "com.example.common.controller" and class name as "HelloController". After clicking Finish, folders will be created and will look as follows

      And paste the following code in the java file

      package com.example.common.controller;

      import org.springframework.stereotype.Controller;
      import org.springframework.ui.ModelMap;
      import org.springframework.web.bind.annotation.RequestMapping;
      import org.springframework.web.bind.annotation.RequestMethod;

      public class HelloController {

      @RequestMapping(method = RequestMethod.GET)
      public String printWelcome(ModelMap model) {

      model.addAttribute("message", "Spring Security Hello World");
      return "hello";



      Step : 6

      Now let us create the JSP Page. Create a new folder called "Pages" under webapp\web-inf folder as shown here.

      Now right click on pages folder and Select new jsp file and give the name as "hello.jsp". Replace the default content and paste the following

          <h1>Message : ${message}</h1>


      Step : 7

      Right click on web-INF Folder and Select new file and Enter the file name as "mvc-dispatcher-servlet.xml"

      Paste the following content

      <beans xmlns=""

      <context:component-scan base-package="com.example.common.controller" />

      <property name="prefix">
      <property name="suffix">


      Step : 8

      Now let us add the spring security. Right click on web-INF Folder and Select new file and Enter the file name as "spring-security.xml"
      Paste the following content

      <beans:beans xmlns=""

      <http auto-config="true">
      <intercept-url pattern="/welcome*" access="ROLE_USER" />

      <user name="mkyong" password="123456" authorities="ROLE_USER" />


      Step : 9

      To integrate Spring security with web application, just declare “DelegatingFilterProxy” as servlet filter to intercept incoming request.Open WEB.xml and replace with the following one.

      <web-app id="WebApp_ID" version="2.4"

      <display-name>Spring MVC Application</display-name>

      <!-- Spring MVC -->



      <!-- Spring Security -->



      Step : 10
                   Now let us start the server and type the url “http://localhost:8080/springdemo/welcome”. Now spring will redirect to login page.


      1. Thanks. I was just passing by and saw your post. Its a terrific presentation.

      2. This helps to start quickly. Very detailed step by step.

        1. Thank you for your feedback. I am happy my stuff helped some one in the world

      3. Thanks for the detailed post, I followed all your instructions but when i tried to visit url "http://localhost:8080/springdemomvc/welcome" it is giving me error 404:"The requested resource (/springdemomvc/WEB-INF/pages/hello.jsp) is not available."

        And when I visit link "http://localhost:8080/springdemomvc/" it si showing me message Hello World. please tell me where am I lacking???

        1. Hello, it is happen to me to. That's happen because he saied that the folder must be Pages and in the configuration es pagen "lowerCase" so, change the folder name or change the configuration.

      4. We are a third party technical support service. Avast Customer Support is here to help you out with the whole procedure to Download Avast Antivirus online, We not only fix your Avast Support related issues but will guide with how to get started with your new Avast product once it gets installed successfully. Call on our Toll Free no. 1 855 966 3855
        Gmail Customer service is a third party technical support service for Gmail users when they face any technical issue or error in their Gmail account. Our Gmail Customer Support team solves issues like forgot Gmail account password, Gmail configuration or Sync issues, recover deleted emails and many more. Toll Free number (800) 986-9271
        How you install or reinstall Office 365 or Office 2016 depends on whether your Office product is part of an Office for home or Office for business plan. If you're not sure what you have, see what office com setup products are included in each plan and then follow the steps for your product. The steps below also apply if you're installing a single, stand-alone Office application such as Access 2016 or Visio 2016. Need Help with office setup Enter Product Key? Call 1-800-000-0000 Toll Free
        Norton Tech Support is a third party service provider and not in any way associated with Norton or any of its partner companies. We offer support for Norton products and sell subscription based additional warranty on computer and other peripheral devices. Call our Toll Free number 1 855 966 3855
        Other Services
        Norton Toll Free , Office-Setup ,