Spring Security Login Page

Question

I developed an application that uses Spring Security's default login page. However I want to implement my own login page. I will put a login.html instead of a jsp page. I want to use JQuery for it. I examined many examples but couldn't achieve. I am new to Spring and Spring Security, I use Spring Security 3. Any ideas which steps I should follow?

Answer 1

There are four requirements for a custom login page in Spring Security:

1. There is an input field named j_username which will contain the name used for the authentication credentials.
2. There is an input field named j_password which will contain the password used for the authentication credentials.
3. The url to which these values are POSTed matches the url defined in the login-processing-url attribute of the form-login element in your Spring Security configuration.
4. The location of the custom login form must be specified in the login-page attribute of the form-login element in your Spring Security configuration.

Login.html

    <body>       <form action="/j_spring_security_check" method="POST">         <label for="username">User Name:</label>         <input id="username" name="j_username" type="text"/>         <label for="password">Password:</label>         <input id="password" name="j_password" type="password"/>         <input type="submit" value="Log In"/>       </form>     </body> 

Spring Security Configuration File

    <http use-expressions="true">       <intercept-url pattern="/login*" access="isAnonymous()"/>       <intercept-url pattern="/**" access="isFullyAuthenticated()"/>       <form-login         login-page="/login.html"         login-processing-url="/j_spring_security_check.action"         authentication-failure-url="/login_error.html"         default-target-url="/home.html"         always-use-default-target="true"/>     </http> 

Answer 2

I have been working for a couple of days on implementing spring security in my project and the configuration that finally did it was the following:

spring-security.xml

<security:http auto-config="true" disable-url-rewriting="true" use-expressions="true">      <security:form-login          login-page="/login.html"         login-processing-url="/j_spring_security_check.action"         default-target-url="/index.html"         always-use-default-target="true"         authentication-failure-url="/login.html?error=true" />     <security:intercept-url pattern="/login*" access="isAnonymous()" />     <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> </security:http>  <security:authentication-manager>     <security:authentication-provider>         <security:jdbc-user-service             data-source-ref="dataSource"             users-by-username-query="select username, password, enabled from smartcaldb.users where username=?"             authorities-by-username-query="select u.username, r.authority from smartcaldb.users u, smartcaldb.roles r where u.userid = r.userid and u.username =?" />     </security:authentication-provider> </security:authentication-manager> 

spring-config.xml

<mvc:annotation-driven /> <context:component-scan base-package="com.smartcal.**" />  <!-- setup database connectivity bean -->  <bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource"     destroy-method="close">     <property name="driverClassName" value="${jdbc.driverClassName}" />     <property name="url" value="${jdbc.url}" />     <property name="username" value="${jdbc.username}" />     <property name="password" value="${jdbc.password}" /> </bean>  <context:property-placeholder location="/WEB-INF/jdbc.properties" />  <bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">     <constructor-arg ref="dataSource"/> </bean> 

web.xml

<welcome-file-list>     <welcome-file>index.html</welcome-file> </welcome-file-list>  <context-param>     <param-name>contextConfigLocation</param-name>     <param-value>         /WEB-INF/spring-config.xml         /WEB-INF/spring-security.xml     </param-value> </context-param>  <listener>     <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> </listener> <listener>     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener>  <servlet>     <servlet-name>dispatcher</servlet-name>     <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>     <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping>     <servlet-name>dispatcher</servlet-name>     <url-pattern>/login</url-pattern>     <url-pattern>/</url-pattern> </servlet-mapping>  <filter>     <filter-name>springSecurityFilterChain</filter-name>     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>     <init-param>         <param-name>contextAttribute</param-name>         <param-value>org.springframework.web.context.WebApplicationContext.ROOT</param-value>     </init-param> </filter> <filter-mapping>     <filter-name>springSecurityFilterChain</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping>  <error-page>     <error-code>403</error-code>     <location>/403</location> </error-page> 

login.html

<body>     <form action="/smartcal/j_spring_security_check.action" method="POST">         <label for="username">User Name:</label>         <input id="username" name="j_username" type="text" />         <label for="password">Password:</label>         <input id="password" name="j_password" type="password" />         <input type="submit" value="Log In" />     </form> </body> 

for logout use url - "/{yourAppPathInTheContainer}/j_spring_security_logout"