Spring Security hello world example

Use Spring security to provide a simple login authentication form to secure URL access in web application.

Thanks to mkyong. This tutorial is based on his tutorial

Spring Security allows developer to integrate security features with J2EE web application easily, it highjacks incoming HTTP request via servlet filters, and implements “user defined” security checking.

In this tutorial, we show you how to integrate Spring Security 3.0 with Spring MVC web application to secure URL access. After implemented Spring security, to view the content of the page, users need to key in correct “username” and “password”

Technologies used :

    • Spring 3.0.5.RELEASE
    • Spring Security 3.0.5.RELEASE
    • Eclipse Indigo
    • JDK 1.6
    • Maven 3

 

      Step : 1 

      If you are new java and Maven, then first setup environment in your local document. This document will help you to set up Java, Maven and Tomcat.

      Step : 2

      In the Eclipse IDE, Select File –> New –> Other –> Maven Project as shown here.

      clip_image002

      In the next screen, Verify that the Create a simple project checkbox is disabled and click Next.

      clip_image002[4]

      In the next screen, Enter maven-archetype-webapp as a filter, select maven-archetype-webapp in the artifact list and click Next

      clip_image002[6]

      In the next screen, enter the values as shown and Click Finish

      clip_image002[8]

      After finish, the following project will be created with the folders as shown.

      clip_image002[1]

      Step : 3

      Let us create our java folder where we will create all required java classes here. Goto the Project SpringDemomvc->Src->Main and Right click and say  new folder. 
      Enter the new folder name as   "Java".
      Now let include this folder into Project build path.Follow the steps

      1. Select springdemomvc in the Navigator.
      2. Right Click and Select Properties
      3. Select Java Build Path in the Left hand Tree.
      4. Go to Source Tab
      5. Select "Add Folder" in the right hand side.
      6. Select Java Folder and click ok.
      7. Now select Edit and enter "**/*.java" in inclusion pattern in the top.


        image[23]

      Step : 4

      POM File changes. Let us do the following changes in the POM.XML File

      1. By default, Maven 3 will use the JDK 1.4 to compile the source of your project, which is rather old and obsolete. Fortunately, Maven comes with a Maven Compiler Plugin, which enable Maven to compile the project source with a particular JDK version.

      2. Spring Security Dependencies: To use Spring security 3.0, you need “spring-security-core.jar“, “spring-security-web.jar” and “spring-security-config.jar“.    

      Spring libraries are available in Maven central repository. Let us add this into POM.XML File as follows (You can remove all the content and copy from here and paste it)

      <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
      <modelVersion>4.0.0</modelVersion>
      <groupId>springdemomvc</groupId>
      <artifactId>springdemomvc</artifactId>
      <packaging>war</packaging>
      <version>0.0.1-SNAPSHOT</version>
      <name>springdemomvc Maven Webapp</name>
      <url>http://maven.apache.org</url>

      <properties>
      <spring.version>3.0.5.RELEASE</spring.version>
      </properties>

      <dependencies>
      <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>3.8.1</version>
      <scope>test</scope>
      </dependency>

      <!-- Spring 3 -->
      <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-core</artifactId>
      <version>${spring.version}</version>
      </dependency>

      <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-web</artifactId>
      <version>${spring.version}</version>
      </dependency>

      <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-webmvc</artifactId>
      <version>${spring.version}</version>
      </dependency>

      <!-- Spring Security -->
      <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-core</artifactId>
      <version>${spring.version}</version>
      </dependency>

      <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-web</artifactId>
      <version>${spring.version}</version>
      </dependency>

      <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-config</artifactId>
      <version>${spring.version}</version>
      </dependency>

      </dependencies>
      <build>
      <finalName>springdemo</finalName>
      <plugins>
      <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-compiler-plugin</artifactId>
      <version>2.3.1</version>
      <configuration>
      <source>1.6</source>
      <target>1.6</target>
      </configuration>
      </plugin>
      </plugins>
      </build>
      </project>




       


      Step : 5



      A simple Spring MVC to return a “hello.jsp” page, via URI “/welcome“. Later use Spring security to secure this URL access. Select java folder and Select new Class.  Give the package name as "com.example.common.controller" and class name as "HelloController". After clicking Finish, folders will be created and will look as follows

      image
      And paste the following code in the java file


      package com.example.common.controller;

      import org.springframework.stereotype.Controller;
      import org.springframework.ui.ModelMap;
      import org.springframework.web.bind.annotation.RequestMapping;
      import org.springframework.web.bind.annotation.RequestMethod;

      @Controller
      @RequestMapping("/welcome")
      public class HelloController {

      @RequestMapping(method = RequestMethod.GET)
      public String printWelcome(ModelMap model) {

      model.addAttribute("message", "Spring Security Hello World");
      return "hello";

      }

      }







      Step : 6



      Now let us create the JSP Page. Create a new folder called "Pages" under webapp\web-inf folder as shown here.

      image
      Now right click on pages folder and Select new jsp file and give the name as "hello.jsp". Replace the default content and paste the following



      <html>
      <body>
          <h1>Message : ${message}</h1>
      </body>
      </html>

      image



      Step : 7



      Right click on web-INF Folder and Select new file and Enter the file name as "mvc-dispatcher-servlet.xml"

      image
      Paste the following content


      <beans xmlns="http://www.springframework.org/schema/beans"
      xmlns:context="http://www.springframework.org/schema/context"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="
      http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
      http://www.springframework.org/schema/context
      http://www.springframework.org/schema/context/spring-context-3.0.xsd"
      >

      <context:component-scan base-package="com.example.common.controller" />

      <bean
      class="org.springframework.web.servlet.view.InternalResourceViewResolver">
      <property name="prefix">
      <value>/WEB-INF/pages/</value>
      </property>
      <property name="suffix">
      <value>.jsp</value>
      </property>
      </bean>

      </beans>





      Step : 8



      Now let us add the spring security. Right click on web-INF Folder and Select new file and Enter the file name as "spring-security.xml"
      image
      Paste the following content



      <beans:beans xmlns="http://www.springframework.org/schema/security"
      xmlns:beans="http://www.springframework.org/schema/beans"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
      http://www.springframework.org/schema/security
      http://www.springframework.org/schema/security/spring-security-3.0.3.xsd"
      >

      <http auto-config="true">
      <intercept-url pattern="/welcome*" access="ROLE_USER" />
      </http>

      <authentication-manager>
      <authentication-provider>
      <user-service>
      <user name="mkyong" password="123456" authorities="ROLE_USER" />
      </user-service>
      </authentication-provider>
      </authentication-manager>

      </beans:beans>



      Step : 9



      To integrate Spring security with web application, just declare “DelegatingFilterProxy” as servlet filter to intercept incoming request.Open WEB.xml and replace with the following one.


      <web-app id="WebApp_ID" version="2.4"
      xmlns="http://java.sun.com/xml/ns/j2ee"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
      http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
      >

      <display-name>Spring MVC Application</display-name>

      <!-- Spring MVC -->
      <servlet>
      <servlet-name>mvc-dispatcher</servlet-name>
      <servlet-class>
      org.springframework.web.servlet.DispatcherServlet
      </servlet-class>
      <load-on-startup>1</load-on-startup>
      </servlet>
      <servlet-mapping>
      <servlet-name>mvc-dispatcher</servlet-name>
      <url-pattern>/</url-pattern>
      </servlet-mapping>

      <listener>
      <listener-class>
      org.springframework.web.context.ContextLoaderListener
      </listener-class>
      </listener>

      <context-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>
      /WEB-INF/mvc-dispatcher-servlet.xml,
      /WEB-INF/spring-security.xml
      </param-value>
      </context-param>

      <!-- Spring Security -->
      <filter>
      <filter-name>springSecurityFilterChain</filter-name>
      <filter-class>
      org.springframework.web.filter.DelegatingFilterProxy
      </filter-class>
      </filter>

      <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
      </filter-mapping>

      </web-app>


      Step : 10
                   Now let us start the server and type the url “http://localhost:8080/springdemo/welcome”. Now spring will redirect to login page.