Spring Security 3.1 login example with User details in File

In this tutorial we will learn how to create and use custom Login page in spring authentication. User Details will be saved here in security XML file.

Technologies Used :

  • Spring Framework 3.1.1
  • Spring Security 3.1.0

Tools Used

  • Eclipse Indigo

 

1. Create Dynamic Web Project

Create dynamic web project by choosing  File >> New >> Other select “Dynamic Web Project” and select the name as “JBTSpringSecurityLogin” and click Finish. For Full details how to create project click here.

2. Adding Dependent Jars

It’s now time to ass all dependent jars in WEB-INF >> Jar Folder.

Required Jars would be

  • com.springsource.org.apache.commons.lang-2.1.0.jar
  • com.springsource.org.apache.commons.logging-1.1.1.jar
  • jstl-1.2.jar (Used for Tags in Login JSP)
  • org.springframework.aop-3.1.1.RELEASE.jar
  • org.springframework.asm-3.1.1.RELEASE.jar
  • org.springframework.beans-3.1.1.RELEASE.jar
  • org.springframework.context-3.1.1.RELEASE.jar
  • org.springframework.core-3.1.1.RELEASE.jar
  • org.springframework.expression-3.1.1.RELEASE.jar
  • org.springframework.web-3.1.1.RELEASE.jar
  • org.springframework.web.servlet-3.1.1.RELEASE.jar
  • spring-security-config-3.1.0.RELEASE.jar
  • spring-security-core-3.1.0.RELEASE.jar
  • spring-security-web-3.1.0.RELEASE.jar
  • aopalliance-1.0.jar

 

3. Configure Web.XML

Now need to configure application to forward all request to pass through Spring framework and through Spring Security.

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	id="WebApp_ID" version="2.5">
	<display-name>JBTSpringSecurityLogin</display-name>

	<servlet>
		<servlet-name>dispatcher</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>dispatcher</servlet-name>
		<url-pattern>*.do</url-pattern>
	</servlet-mapping>
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath:applicationContext-security.xml	</param-value>

	</context-param>
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<session-config>
		<session-timeout>10</session-timeout>
	</session-config>

</web-app>

4.  Configuring Spring Security

Here we will configure which part of the appication should be secured and which part shouldn’t be. Also here we will configure our customize Login and logout page.

<?xml version="1.0" encoding="UTF-8"?>

<b:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

	<http pattern="/logout.jsp" security="none" />
	<http pattern="/login.jsp" security="none" />
	<http pattern="/img/**" security="none" />
	<http pattern="/css/**" security="none" />

	<http realm="Contacts Realm">
		<intercept-url pattern="/**" access="ROLE_USER" />
		<form-login login-page="/login.jsp"
			authentication-failure-url="/login.jsp?login_error=1"
			default-target-url="/index.jsp" />
		<logout logout-success-url="/logout.jsp" logout-url="/logout"
			invalidate-session="true" />
		<remember-me />
	</http>

	<authentication-manager>
		<authentication-provider>
			<!-- <password-encoder hash="md5"/> -->
			<user-service>
				<user name="vivek" authorities="ROLE_USER" password="password" />
			</user-service>
		</authentication-provider>
	</authentication-manager>

</b:beans>

Now if we try to access “http://localhost:8080/JBTSpringSecurityLogin/index.jsp” Custom Login page will be displayed

Here you can see customize login page got displayed instead of Spring Provided Login page and user is authenticated against the credential available in XML file itself.

To get the code of this application click here

3 Comments

  1. Admin I’ve tried copying the .war file in webapps folder of Apache Tomcat 5.5 and tried the URL in my browser. But I’m sorry this didn’t work. Can you help me please?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.