Spring MVC Security Login
Spring MVC Security Login
Scope : In this example explained that how to handle the default Spring security with MVC.
Objective : The user able to login successfully if specify the correct password only.
Requirements:
/SpringMVCLogin/WebContent/WEB-INF/web.xml
/SpringMVCLogin/WebContent/WEB-INF/spring-dispatcher-servlet.xml
/SpringMVCLogin/WebContent/WEB-INF/spring-security.xml
/SpringMVCLogin/WebContent/index.jsp
/SpringMVCLogin/WebContent/WEB-INF/pages/home.jsp
Step 7: Right click on the "SpringMVCLogin" project and go to Run As - Run on Server.
Objective : The user able to login successfully if specify the correct password only.
Requirements:
- Spring 3.0
- Eclipse JAVA EE IDE
- JDK 1.6
- ApacheTomcat - 6.0.26
Step 1: Create a dynamic web project in eclipse and named as "SpringMVCLogin".
File à New à Dynamic Web Project
Lets prepare the project structure as below.
Step 2: Add all the spring and other related jars to WebContent\WEB-INF\lib. Please refer the default set of jars here (in step 3). In addition the following spring security jars added to the same lib directory in this example.
- spring-security-config-3.0.5.RELEASE.jar
- spring-security-core-3.0.5.RELEASE.jar
- spring-security-web-3.0.5.RELEASE.jar
Step 3: The controller "LoginController" class created under the "com.prem.spring.controller" package.
/SpringMVCLogin/src/com/prem/spring/controller/LoginController.java
package com.prem.spring.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class LoginController {
@RequestMapping("/home")
public ModelAndView getHome() {
String welcomeNote = "Welcome to the Spring secure page...";
return new ModelAndView("home", "welcomenote", welcomeNote);
}
}
Step 4: In the "web.xml" need to specified the spring security filter. Find below the complete "web.xml" file for the reference.
/SpringMVCLogin/WebContent/WEB-INF/web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>SpringMVCLogin</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>spring-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
Step 5: For this example there are two spring-xxxxxx.xml's defined.
1. spring-dispatcher-servlet.xml - View resolver configured in the dispatcher file.
2. spring-security.xml - The user access credentials and roles defined.
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<context:component-scan base-package="com.prem.spring.controller" />
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
</beans>
/SpringMVCLogin/WebContent/WEB-INF/spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true">
<intercept-url pattern="/home*" access="ROLE_ADMIN" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="prem" password="premen" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
Step 6: Now the time to create the index & home jsp pages.
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<% response.sendRedirect("home"); %>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>SpringMVCLogin</title>
</head>
<body>Welcome to Spring Security...
</body>
</html>
/SpringMVCLogin/WebContent/WEB-INF/pages/home.jsp
<html>
<head>
<title>Authenticated User</title>
</head>
<body>
<center>
<h1><u>Spring Security</u></h1>
<h4>${welcomenote}</h4>
<c:url value="/j_spring_security_logout" var="logoutUrl" />
<a href="${logoutUrl}">Log Out</a>
</center>
</body>
</html>
Step 7: Right click on the "SpringMVCLogin" project and go to Run As - Run on Server.
The initial screen looks as below.
Once user enter the wrong username or password, the error screen displayed as below.
If the user enter the correct username & password, the following success screen displayed.
No comments:
Post a Comment