English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية
In this tutorial, we will useSpring MVC Framework Implementation Spring Security.All examples are Spring MVC and are created using Maven projects.
We are using Spring Security 5.0.0.RELEASE Version, the following are Maven dependencies that we have used in all examples.
<dependency> <groupId>org.springframework.security</groupId>/groupId <artifactId>spring-security-web/artifactId <version>5.0.0.RELEASE/version. </dependency <dependency> <groupId>org.springframework.security</groupId>/groupId <artifactId>spring-security-core/artifactId <version>5.0.0.RELEASE/version. </dependency <dependency> <groupId>org.springframework.security</groupId>/groupId <artifactId>spring-security-config/artifactId <version>5.0.0.RELEASE/version. </dependency
To implement Spring Security in a Spring application, we can configure it using XML or Java-based configuration.
Let's look at an example where XML will be used to configure Spring Security.
As we do, click File Menu find New→Maven Project in the following screenshot.
Enter the project name and then follow the steps below to select the packaging type as war (Web Archive).
CompleteThis project will create an empty directory structure for the project as follows.
Initially, it was empty. Therefore, let's create a Spring MVC application and integrate it with Spring Security.
This is the layout of our project. It includes a controller, three XML files, and two JSP files.
The name of our project is springsecurity ,which includes the following source files.
HomeController. Java
package com.w3codebox.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
public class HomeController {
@RequestMapping(value="/", method=RequestMethod.GET)
public String home() {
return "home";
}
@RequestMapping(value="/admin", method=RequestMethod.GET)
public String privateHome() {
return "privatePage";
}
}spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true">
<intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="1234" authorities="hasRole(ROLE_ADMIN)" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>spring-servlet.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation=" http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> <mvc:annotation-driven /> <context:component-scan base-package="com.w3codebox.controller"> </context:component-scan> <context:annotation-config></context:annotation-config> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix" value="/WEB-INF/views/></property> <property name="suffix" value=".jsp"></property> </bean> </beans>
web.xml
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE xml> <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1"> <!-- Spring Configuration --> <servlet> <servlet-name>spring</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>spring</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/spring-servlet.xml /WEB-INF/spring-security.xml </param-value> </context-param> </web-app>
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.w3codebox/groupId <artifactId>springsecurity/artifactId <version>0.0.1-SNAPSHOT/version. <packaging>war</packaging>/packaging <properties> <maven.compiler.target>1.8</maven.compiler.target <maven.compiler.source>1.8</maven.compiler.source </properties <dependencies> <dependency> <groupId>org.springframework</groupId>/groupId <artifactId>spring-webmvc/artifactId <version>5.0.2.RELEASE/version. </dependency <dependency> <groupId>org.springframework.security</groupId>/groupId <artifactId>spring-security-web/artifactId <version>5.0.0.RELEASE/version. </dependency <dependency> <groupId>org.springframework.security</groupId>/groupId <artifactId>spring-security-core/artifactId <version>5.0.0.RELEASE/version. </dependency <dependency> <groupId>org.springframework.security</groupId>/groupId <artifactId>spring-security-config/artifactId <version>5.0.0.RELEASE/version. </dependency <dependency> <groupId>javax.servlet</groupId>/groupId <artifactId>javax.servlet-api/artifactId <version>3.1.0/version. <scope>provided</scope>/scope </dependency </dependencies <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId>/groupId <artifactId>maven-war-plugin/artifactId <version>2.6</version. <configuration> <failOnMissingWebXml>false</failOnMissingWebXml>/failOnMissingWebXml </configuration </plugin </plugins </build </project
home.jsp
<html> <head> <meta/html; charset=UTF-8"> <title>Home/title> </head> <body> <h2Welcome to3codebox spring tutorial!/h2> </body> </html>
home.jsp
<html> <head> <meta-equiv-Type/html; charset=UTF-8"> <title>Admin</title> </head> <body> Hello Admin </body> </html>
Output
This example uses Apache Tomcat v9.0 executed. After running, it will produce the following output to the browser.
Initially, it will display home.jsp page, which will produce the following output.
If we enter/ admin If it is added to the admin page, the browser will produce the following output.
Request URL: http: //localhost: 8080/springsecurity/admin
Now, this is the real magic of Spring Security provided to protect resources.
This is a module provided by Spring Security that we did not create. It will also verify the user input.
provide incorrect credentials.
If we provide incorrect login credentials, it will use the ones we spring-security.xml The username and password mentioned in the file are verified.
If the login credentials are incorrect after verification, an error message will be triggered.
In this example, we have seen the Spring Security login module and how it verifies the username and password provided.
Next, we will implement further logic of the theme, such as: displaying the user after successful login.