Use Spring security to provide a simple login authentication form to secure URL access in web application.
Thanks to mkyong. This tutorial is based on his tutorial
Spring Security allows developer to integrate security features with J2EE web application easily, it highjacks incoming HTTP request via servlet filters, and implements “user defined” security checking.
In this tutorial, we show you how to integrate Spring Security 3.0 with Spring MVC web application to secure URL access. After implemented Spring security, to view the content of the page, users need to key in correct “username” and “password”
Technologies used :
- Spring 3.0.5.RELEASE
- Spring Security 3.0.5.RELEASE
- Eclipse Indigo
- JDK 1.6
- Maven 3
Step : 1
If you are new java and Maven, then first setup environment in your local document. This document will help you to set up Java, Maven and Tomcat.
Step : 2
In the Eclipse IDE, Select File –> New –> Other –> Maven Project as shown here.
In the next screen, Verify that the Create a simple project checkbox is disabled and click Next.
In the next screen, Enter maven-archetype-webapp as a filter, select maven-archetype-webapp in the artifact list and click Next
In the next screen, enter the values as shown and Click Finish
After finish, the following project will be created with the folders as shown.
Step : 3
Let us create our java folder where we will create all required java classes here. Goto the Project SpringDemomvc->Src->Main and Right click and say new folder.
Enter the new folder name as "Java".
Now let include this folder into Project build path.Follow the steps
Step : 4
POM File changes. Let us do the following changes in the POM.XML File
1. By default, Maven 3 will use the JDK 1.4 to compile the source of your project, which is rather old and obsolete. Fortunately, Maven comes with a Maven Compiler Plugin, which enable Maven to compile the project source with a particular JDK version.
2. Spring Security Dependencies: To use Spring security 3.0, you need “spring-security-core.jar“, “spring-security-web.jar” and “spring-security-config.jar“.
Spring libraries are available in Maven central repository. Let us add this into POM.XML File as follows (You can remove all the content and copy from here and paste it)
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>springdemomvc</groupId>
<artifactId>springdemomvc</artifactId>
<packaging>war</packaging>
<version>0.0.1-SNAPSHOT</version>
<name>springdemomvc Maven Webapp</name>
<url>http://maven.apache.org</url>
<properties>
<spring.version>3.0.5.RELEASE</spring.version>
</properties>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<!-- Spring 3 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.version}</version>
</dependency>
</dependencies>
<build>
<finalName>springdemo</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.3.1</version>
<configuration>
<source>1.6</source>
<target>1.6</target>
</configuration>
</plugin>
</plugins>
</build>
</project>
Step : 5
A simple Spring MVC to return a “hello.jsp” page, via URI “/welcome“. Later use Spring security to secure this URL access. Select java folder and Select new Class. Give the package name as "com.example.common.controller" and class name as "HelloController". After clicking Finish, folders will be created and will look as follows
And paste the following code in the java filepackage com.example.common.controller;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
@RequestMapping("/welcome")
public class HelloController {
@RequestMapping(method = RequestMethod.GET)
public String printWelcome(ModelMap model) {
model.addAttribute("message", "Spring Security Hello World");
return "hello";
}
}
Step : 6
Now let us create the JSP Page. Create a new folder called "Pages" under webapp\web-inf folder as shown here.
Now right click on pages folder and Select new jsp file and give the name as "hello.jsp". Replace the default content and paste the following
Step : 7
Right click on web-INF Folder and Select new file and Enter the file name as "mvc-dispatcher-servlet.xml"
Paste the following content<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<context:component-scan base-package="com.example.common.controller" />
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
</beans>
Step : 8
Now let us add the spring security. Right click on web-INF Folder and Select new file and Enter the file name as "spring-security.xml"
Paste the following content
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<http auto-config="true">
<intercept-url pattern="/welcome*" access="ROLE_USER" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="mkyong" password="123456" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
Step : 9
To integrate Spring security with web application, just declare “DelegatingFilterProxy” as servlet filter to intercept incoming request.Open WEB.xml and replace with the following one.
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Spring MVC Application</display-name>
<!-- Spring MVC -->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mvc-dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
Step : 10
Now let us start the server and type the url “http://localhost:8080/springdemo/welcome”. Now spring will redirect to login page.