An app built from the spring petclinic sample app has added spring security with a custom login form.
The app does not have a WebMvcConfiguration.java class as suggested by this tutorial. Instead, it has the following line in mvc-core-config.xml
:
<mvc:view-controller path="/login" view-name="login" />
I have done Ctrl-H
in eclipse and done a key word search for the term /login
in the entire workspace, but no controller is visible. I also looked in the messages-jc
sample project referred to in the tutorial link above, but could not find a "/login
" controller there either.
How can I add a controller that will perform spring authentication with the standard username and password, but that will also allow me to subsequently add additional code to the authentication process when the login form at the "/login" url is submitted?
Is it as simple as adding the following to SomeOtherController.java
:
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String showLoginForm(Model model) {
//what goes here?
return "public/loginform";
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String processLoginForm(HttpSession session, @ModelAttribute("user") User user,
BindingResult result, Model model, final RedirectAttributes redirectAttributes)
{
//what goes here?
return "secure/main";
}
For adding a Spring Boot Security to your Spring Boot application, we need to add the Spring Boot Starter Security dependency in our build configuration file. Maven users can add the following dependency in the pom. xml file. Gradle users can add the following dependency in the build.
In spring-security-core jar, there is an interface UserDetailsService which has a method
UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
You can implement this interface and create your code your own logic, like
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Transactional(readOnly = true)
public UserDetails loadUserByUsername(String username) {
User user = userService.findUserByUsername(username);
if (user != null) {
String password = user.getPassword();
boolean enabled = user.getActive();
boolean accountNonExpired = user.getActive();
boolean credentialsNonExpired = user.getActive();
boolean accountNonLocked = user.getActive();
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (Role r : user.getRoles()) {
authorities.add(new SimpleGrantedAuthority(r.getAuthority()));
}
org.springframework.security.core.userdetails.User securedUser = new org.springframework.security.core.userdetails.User(
username, password, enabled, accountNonExpired,
credentialsNonExpired, accountNonLocked, authorities);
return securedUser;
} else {
throw new UsernameNotFoundException(
"Unable to find user with username provided!!");
}
}
and then create an object of DaoAuthenticationProvider using
<bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"></property>
</bean>
Finally, supply this DaoAuthenticationProvider to ProviderManager
<bean class="org.springframework.security.authentication.ProviderManager">
<constructor-arg>
<list>
<ref bean="daoAuthenticationProvider" />
</list>
</constructor-arg>
</bean>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="userDetailsService">
<security:password-encoder hash="plaintext"></security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
adding web.xml details
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-config/spring-*.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With