Spring Security XML based with Spring MVC

  • Facebook
  • Google
  • LinkedIn
  • Twitter

You will configure Spring Security in this example and will make the page secure. Only admin User have to authenticate to view welcome page otherwise it will say bad credential.

Web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
  <display-name>HelloWorldExampleWithSpring3MVC</display-name>
  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
			/WEB-INF/app-config.xml
        </param-value>
  </context-param>
  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <servlet>
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>
      	/WEB-INF/app-config.xml
      </param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>
  <servlet-mapping>
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    <url-pattern>*.htm</url-pattern>
  </servlet-mapping>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>
</web-app>

org.springframework.web.filter.DelegatingFilterProxy filter in web.xml. This filter manages the securing of the web pages.

AdminController.java

package com.javatutsworld.actions;

import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

@Controller
public class WelcomeController {
	
	@RequestMapping(value="/welcomeadmin",method=RequestMethod.GET)
	public ModelAndView sayHelloAdmin(Model model){
		ModelAndView mv = new ModelAndView();
		mv.setViewName("welcomeadmin");
		model.addAttribute("Message", "Hi, This is admin page from Spring Security application.");
		return mv;
	}

}

Welcomeadmin.jsp

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<%@ page session="true" %>
<%@ taglib uri="http://java.sun.com/jstl/core" prefix="c"%>
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<title>Spring Security 3 - This is a secure page</title>
		<meta />
	</head>
	<body>
		<h1>Welcome!</h1><br />
		${Message}<br />
	</body>
</html>

Spring security file (securily.xml)

You have to define the security constrains that are to be applied to your application.

<?xml version="1.0" encoding="UTF-8"?>

<b:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:b="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    
    <http realm="Project Realm" auto-config="true">
        <intercept-url pattern="/**" access="ROLE_ADMIN"/>        
    </http>
    
    <authentication-manager>
        <authentication-provider>
        	<user-service>
          		<user name="admin" password="admin123" authorities="ROLE_ADMIN"/>
          	</user-service>
        			
        </authentication-provider>
    </authentication-manager>
    
</b:beans>

Spring Configuration File (app-config.xml)

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:mvc="http://www.springframework.org/schema/mvc"
	xsi:schemaLocation="
		http://www.springframework.org/schema/beans	http://www.springframework.org/schema/beans/spring-beans.xsd
		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
		http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">

	<!-- Scans the classpath of this application for @Components to deploy as beans -->
	<context:component-scan base-package="com.javatutsworld" />
	
	<!-- Importing Spring Security Settings  -->
	<import resource="security.xml"/>
	
	<!-- Configures the @Controller programming model -->
	<mvc:annotation-driven />
	
	<!-- Resolves view names to protected .jsp resources within the /WEB-INF/views directory -->
	<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="prefix" value="/WEB-INF/jsp/"/>
		<property name="suffix" value=".jsp"/>
	</bean>

</beans>

Jar Required

commons-logging-1.1.3
jstl-1.2
spring-aop-3.2.8.RELEASE
spring-beans-3.2.8.RELEASE
spring-context-3.2.8.RELEASE
spring-core-3.2.8.RELEASE
spring-expression-3.2.8.RELEASE
spring-security-config-3.2.3.RELEASE
spring-security-core-3.2.3.RELEASE
spring-security-web-3.2.3.RELEASE
spring-web-3.2.8.RELEASE
spring-webmvc-3.2.8.RELEASE

build and deploy on the tomcat 6 server. Run project now you will get the below screen for logging:

Spring security

After giving user and password below is the welcome page

Spring security

After giving wrong user and password below is the failed login page

Spring security

      Advertisements