Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Security example

Tags:

java

spring-mvc

spring

hibernate

spring-security

I am learning Spring and trying to implement Springs Security. I am not able to understand how it works. I read tutorials from which I understood the following:

  1. we have to configure web.xml for delegating proxy and pattern
  2. we need to add intercepts to dispatcher-servlet.xml

When request is made it triggers intercepts but after that I am unable to understand how it works. It would be helpful if somebody could provide a list of steps to be followed. I am using Hibernate and Spring (both with annotations), I want to authenticate users using Hibernate.

like image 519
Manish Mahajan Avatar asked Mar 18 '14 15:03

Manish Mahajan

People also ask

What is Spring Security with example?

Spring Security Configuration is using Builder Pattern and based on the authenticate method, some of the methods won't be available later on. For example, auth. userDetailsService() returns the instance of UserDetailsService and then we can't have any other options, such as we can't set DataSource after it.

What is Spring Security for?

Spring Security is the primary choice for implementing application-level security in Spring applications. Generally, its purpose is to offer you a highly customizable way of implementing authentication, authorization, and protection against common attacks.

How Spring Security is used in Spring boot with example?

For adding a Spring Boot Security to your Spring Boot application, we need to add the Spring Boot Starter Security dependency in our build configuration file. Maven users can add the following dependency in the pom. xml file. Gradle users can add the following dependency in the build.

1 Answers

A detailed article can be found here: Code Project
Or a tutorial with MVC and Spring Security here.

I tried to illustrate the process a little bit: enter image description here

  1. The user sends a HTTP-Request to the server
  2. The server processes the request according to the web.xml
  3. The web.xml contains a filter (AKA interceptor) and passes the request through this filter.
  4. Because the user is unknown/not authenticated, Spring Security does its best to get more details.
    Depending on the config, it
    • sends an HTTP header, so that a login popup pops up in the browser (client side).
    • redirects to a form where you can enter username and password.
    • does a lot of hidden interaction between server and browser to guarantee a "Single-Sign-On" (SSO)
  5. Except for SSO the user enters her/his/its credentials and create an additional request.
  6. Spring Security realizes the login attempt and authenticates the user against a
    • file with user and passwords
    • a built-in XML structure in a spring config file
    • a database
    • an LDAP
  7. When the access is granted, it assignes the necessary roles...
  8. ...and redirects to hard-coded "home page". (Spring Security let's you adjust this behaviour.)
  9. In your application you can check the authorization for certain actions
  10. .....
  11. The user clicks on "logout" or the session expires. With the next request the process starts again.

Annotations

I found a tutorial here (Link).

I understood/assume the following facts:

  • The filters still must be defined in the web.xml.
  • You can annotate your classes/methods with
    • @Controller (API)
    • @Secured (API)
    • @RequestMapping (API)

I admit that I only gave you a rough overview, because your question is not that specific.

Please let me know what you want to learn in detail (re-recognize users, authenticate against different resources, do a SSO, create a secured area on your webpage,...)

like image 149
Markus Avatar answered Oct 05 '22 23:10

Markus
Sign in to Comment

Related questions

toArray() method in Collection class
How to check a string in Java equals to a regex pattern?
Netbeans useful keyboard shortcuts [closed]
Neo4j 2.0, java - Failed to start Neo4j with an older data store version
Why does ByteArrayOutputStream use int?
Excluding NullNode when serializing a Jackson JSON tree model
Java getting mouse location on multiple monitor environment
How to construct query in querydsl without domain classes
Java generic Observer Pattern implementation unchecked call as raw type
JPA multithreaded Add if Not Exist?
Finding a repeated pattern in a string
Easiest way to read in svg path data with Java? [duplicate]
Bottom-Heavy Random Number
Java null element in ArrayList
How queue is create in ActiveMQ?
What can I do with a hex String literal? [duplicate]
How to convert Image into byte[] in Android
Java - Hello World Error
Java multidimensional Array to string and String to Array
how to check if one date is after another in java?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!