Java and J2EE Tutorials, Jsp and Servlet Tutorials, Spring MVC, Solr, XML, JSON Examples, Hibernate & Struts 2 Hello World projects



Sunday, 8 September 2013

Spring Security Hello World Example - Login & Logout with Spring Security

In this particular blog we will talk about a very useful feature of Spring i.e. Spring Security. It enables the developer to integrate security features easily and in a managed way. Spring security captures all incoming http requests by applying servlet filters and route them according to user defined security configurations. In this blog we will show you how to implement spring security in a spring MVC application. We will make all incoming requests starting from /home* to undergo a login process if the user is not logged in already.


Spring Security Dependencies

To implement spring security we need three jars mainly, 'spring-security-core', 'spring-security-web' & 'spring-security-config'.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 <modelVersion>4.0.0</modelVersion>
 <groupId>com.beingjavaguys.sample</groupId>
 <artifactId>SpringSecurityExample</artifactId>
 <packaging>war</packaging>
 <version>1.0-SNAPSHOT</version>
 <name>SpringSecurityExample Maven Webapp</name>
 <url>http://maven.apache.org</url>
 <properties>
  <spring.version>3.2.4.RELEASE</spring.version>
  <security.version>3.1.4.RELEASE</security.version>
  <jdk.version>1.6</jdk.version>
 </properties>

 <dependencies>

  <!-- Spring 3 -->
  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-core</artifactId>
   <version>${spring.version}</version>
  </dependency>

  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-web</artifactId>
   <version>${spring.version}</version>
  </dependency>

  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-webmvc</artifactId>
   <version>${spring.version}</version>
  </dependency>

  <!-- Spring Security -->
  <dependency>
   <groupId>org.springframework.security</groupId>
   <artifactId>spring-security-core</artifactId>
   <version>${security.version}</version>
  </dependency>

  <dependency>
   <groupId>org.springframework.security</groupId>
   <artifactId>spring-security-web</artifactId>
   <version>${security.version}</version>
  </dependency>

  <dependency>
   <groupId>org.springframework.security</groupId>
   <artifactId>spring-security-config</artifactId>
   <version>${security.version}</version>
  </dependency>

  <dependency>
   <groupId>jstl</groupId>
   <artifactId>jstl</artifactId>
   <version>1.2</version>
  </dependency>


 </dependencies>

 <build>
  <finalName>SpringSecurityExample</finalName>
  <plugins>
   <plugin>
    <groupId>org.apache.tomcat.maven</groupId>
    <artifactId>tomcat7-maven-plugin</artifactId>
    <version>2.1</version>
    <configuration>
     <url>http://localhost:8080/manager/text</url>
     <server>my-tomcat</server>
     <path>/SpringSecurityExample</path>
    </configuration>
   </plugin>
   <plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-compiler-plugin</artifactId>
    <version>3.0</version>
    <configuration>
     <source>${jdk.version}</source>
     <target>${jdk.version}</target>
    </configuration>
   </plugin>
  </plugins>
 </build>
</project>



\src\main\webapp\WEB-INF\web.xml

We need to add some security configuration here in web.xml. We need to add spring-security filter chain here to tell the container about security settings and configurations.
<web-app id="WebApp_ID" version="2.4"
 xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
 http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

 <display-name>Spring MVC Application</display-name>

 <!-- Spring MVC -->
 <servlet>
  <servlet-name>mvc-dispatcher</servlet-name>
  <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
  <load-on-startup>1</load-on-startup>
 </servlet>
 <servlet-mapping>
  <servlet-name>mvc-dispatcher</servlet-name>
  <url-pattern>/</url-pattern>
 </servlet-mapping>

 <listener>
  <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
 </listener>

 <context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>
   /WEB-INF/mvc-dispatcher-servlet.xml,
   /WEB-INF/spring-security.xml
  </param-value>
 </context-param>

 <!-- Spring Security -->
 <filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 </filter>

 <filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
 </filter-mapping>

</web-app>


\src\main\webapp\WEB-INF\mvc-dispatcher-servlet.xml

This is a simple spring-dispatcher, we have added a view resolver here and a component scan attribute to scan application controllers.
<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:context="http://www.springframework.org/schema/context"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context-3.0.xsd">

 <context:component-scan base-package="com.beingjavaguys.controller" />

 <bean
  class="org.springframework.web.servlet.view.InternalResourceViewResolver">
  <property name="prefix">
   <value>/WEB-INF/pages/</value>
  </property>
  <property name="suffix">
   <value>.jsp</value>
  </property>
 </bean>

</beans>


\src\main\webapp\WEB-INF\spring-security.xml

This is so called spring-security configuration file to specify login details and security url's to check for login.
<beans:beans xmlns="http://www.springframework.org/schema/security"
 xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security.xsd">

 <http auto-config="true">
  <intercept-url pattern="/home*" access="ROLE_ADMIN" />
 </http>

 <authentication-manager>
  <authentication-provider>
   <user-service>
    <user name="nagesh" password="chauhan@123" authorities="ROLE_ADMIN" />
   </user-service>
  </authentication-provider>
 </authentication-manager>

</beans:beans>


\src\main\java\com\beingjavaguys\controller\HomeController.java

This is simple spring controller having a single request mapping, after a success to the request the method will open a jsp view along with a sended message.

package com.beingjavaguys.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;

@Controller
public class HomeController {

 @RequestMapping("/home")
 public ModelAndView getHome() {
  String string = "Congrats ! You are done with your first Spring Security configuration !";
  return new ModelAndView("home", "string", string);
 }

}



\src\main\webapp\index.jsp

We have routed the flow to '/home' so that the login implementation with spring security can be demonstrated.
<%response.sendRedirect("home");%>
<html>
<body>
<h2>Hello World!</h2>
</body>
</html>



\src\main\webapp\WEB-INF\pages\home.jsp

And finally it comes to logout part, 'j_spring_security_logout' just click on this and logged in user will be logeed out on the fly.
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Being Java Guys | Hello World</title>
</head>
<body>

 <center>
  <h2>Being Java Guys | Hello World</h2>
  <h4>${string}</h4>
  <h2>
   Click To | <a href="<c:url value="j_spring_security_logout" />">
    Logout</a>
  </h2>
 </center>
</body>
</html>


If everything goes right you will see following screens:





In this particular blog we came across 'Spring Security Hello World Example - Login & Logout with Spring Security'. In upcoming blogs we will see more about spring and Other Implementations in Java.








Thanks for reading !
Being Java Guys Team

Download "Spring Security Hello World Example" from "SkyDrive"





6 comments:

  1. thx for the tutorial nagesh, only thing download link is not working...

    ReplyDelete
  2. hey, this is working nice... but could you please tell me how can I customize the login form? I want to change how it appears, please help me with tha

    ReplyDelete
  3. If anyone want to become an oracle certified professional reach FITA, which offers best Oracle Training in Chennai with years of experienced professionals. For more details about oracle, sql training visit this site.

    Oracle Course in Chennai

    ReplyDelete
  4. joyce christopher7 April 2015 at 05:27

    HI, am looking python certification if possible in chennai Php training in chennai<./a>

    ReplyDelete
  5. Thank you so much for sharing this informative blog. Your technical information is really useful for me. Keep update your blog.

    Regards..

    PHP Training in Chennai

    ReplyDelete
  6. It was worth post for the reader, if you want to be a professional in salesforce just reach here,...Salesforce training in Chennai

    ReplyDelete

Like Us on Facebook


Like Us On Google+



Contact

Email: neel4soft@gmail.com
Skype: neel4soft