Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to configure spring security in a web application?

Tags:

java

spring-security

How to configure Spring Security in a web application?
I added three JAR files to my lib: security-core, security-web and security-config. Now what do I need to add in configuration XML file with a custom login page?

like image 627
jayesh Avatar asked Dec 24 '12 09:12

jayesh

People also ask

How do I enable Spring Security for Web application?

The first thing you need to do is add Spring Security to the classpath. The WebSecurityConfig class is annotated with @EnableWebSecurity to enable Spring Security's web security support and provide the Spring MVC integration.

Which class is used to extended to configure Spring Security?

Java configuration was added to the Spring framework in Spring 3.1 and extended to Spring Security in Spring 3.2 and is defined in a class annotated @Configuration.

1 Answers

ref : http://www.mkyong.com/spring-security/spring-security-form-login-example/

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
    xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    <display-name>Spring</display-name>
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
    <servlet>
        <servlet-name>Spring</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/spring/app-config.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Spring</servlet-name>
        <url-pattern>/rest/*</url-pattern>
    </servlet-mapping>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/spring/spring-security.xml                          
        </param-value>
    </context-param>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
</web-app>

spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

    <http auto-config="true">
        <intercept-url pattern="/login.jsp" access="ROLE_ANONYMOUS" />
        <intercept-url pattern="/**" access="ROLE_USER" />
        <form-login login-page="/login.jsp" default-target-url="/" />
        <logout logout-url="/logout" logout-success-url="/login.jsp"/>
        <intercept-url pattern="/css/**" filters="none"/>
        <intercept-url pattern="/js/**" filters="none"/>
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="admin" password="admin"  authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>

app-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xmlns:task="http://www.springframework.org/schema/task"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
    http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.0.xsd
    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
    <mvc:annotation-driven />
    <task:annotation-driven/>

    <bean id="viewResolver"   class= "org.springframework.web.servlet.view.freemarker.FreeMarkerViewResolver">
        <property name="cache"  value= "true"/>
        <property name="prefix" value= ""/>
        <property name="suffix" value=".ftl"/>
        <property name="contentType" value="text/html;charset=UTF-8"/>
        <property name="exposeSpringMacroHelpers" value="true"/>
        <property name="requestContextAttribute" value="rc"/>
    </bean>

</beans>
like image 193
jayesh Avatar answered Sep 23 '22 18:09

jayesh
Sign in to Comment

Related questions

Messages with level Diagnostic.Kind.NOTE (and others) on Annotation Processors
Why does spring task scheduler wait for previous task to finish?
JPanel doesn't react to KeyBindings
Jar file ADD DIRECTORY ENTRIES Eclipse option while exporting jar
Java Choosing a recursive function
JSESSIONID suffixed with .undefined
ApplicationContextInitializer in a non-web Spring Context?
Thread Dump Analyzer [closed]
How do I insert a precondition in a java class method or constructor?
Installed Java 7u9 and Eclipse (Juno) but Eclipse doesn't see JavaFX2
'equals()' returns false, yet object is found in map
Debugging of a recursive algorithm
What is a mnemonic in java? [closed]
java copy constructor and inheritance
PDFBox - Issue with generating PDF from a image
I'm calling a method in java which I have no control of. If I don't get a response from it, I want to kill it and move on
Full LaTeX parser in Java [closed]
TestNG Run all class methods multiple times preliminary doing @BeforeClass with supplied data
Is Java runtime pre-installed on MAC OSX?
Regular expression to truncate a String

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!