In this example, we will create a simple application to understand the basics of Spring Security.First we will understand the flow of the application.We will access our application using the link, http://localhost:8080/SimpleSpringSecurity.It will display the following page:
We will enter 'sandeep' and 'swastik' in username and password fields respectively.After hitting the Login button, we will see the secure page.(Sandeep is an Admin, so he is allowed to see the secure Page)
We will login again, this time with 'vijay' and 'yadav' in the username/password field.This time we will see the Denied Page.(Vijay is a normal User, therefore he can't see the Secure Page)
Step1 : Login Page
This is ia simple login page (login.jsp) with Usename,password fields and Login button.
Step2 : Spring Security Configuration
Keep this file(applicationContext-security.xml) in WEB-INF folder.
Step3 : Edit web.xml
We will enter 'sandeep' and 'swastik' in username and password fields respectively.After hitting the Login button, we will see the secure page.(Sandeep is an Admin, so he is allowed to see the secure Page)
We will login again, this time with 'vijay' and 'yadav' in the username/password field.This time we will see the Denied Page.(Vijay is a normal User, therefore he can't see the Secure Page)
Step1 : Login Page
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login Page</title>
</head>
<body>
<h1>Login</h1>
<form action="/SimpleSpringSecurity/j_spring_security_check" method="post">
<label for="j_username">Username</label>
<input id="j_username" name="j_username" type="text" /> <br />
<label for="j_password">Password</label>
<input id="j_password" name="j_password" type="password" /> <br/>
<input type="submit" value="Login" />
</form>
</body>
</html>This is ia simple login page (login.jsp) with Usename,password fields and Login button.
Step2 : Spring Security Configuration
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<global-method-security
secured-annotations="enabled">
</global-method-security>
<http auto-config="true" access-denied-page="/deniedPage.jsp">
<intercept-url pattern="/securePage**" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<form-login login-processing-url="/j_spring_security_check"
login-page="/login.jsp"
default-target-url="/securePage.jsp"
authentication-failure-url="/login.jsp" />
</http>
<!--
Use These Usernames/Passwords
sandeep/swastik
vijay/yadav
-->
<authentication-provider>
<user-service>
<user name="sandeep" password="swastik" authorities="ROLE_ADMIN, ROLE_USER" />
<user name="vijay" password="yadav" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</beans:beans>
Keep this file(applicationContext-security.xml) in WEB-INF folder.
Step3 : Edit web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="springsecurity" version="2.5"> <welcome-file-list> <welcome-file>/login.jsp</welcome-file> </welcome-file-list> <session-config> <session-timeout>10</session-timeout> </session-config> <!-- Spring Config --> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/applicationContext-security.xml </param-value> </context-param> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>REQUEST</dispatcher> </filter-mapping> </web-app>Step4 : securePage.jsp
<html> <head> <title>Secure Page</title> </head> <body> <h2>Welcome to the Secure Page</h2> </body> </html>Step 5: deniedPage.jsp
<html> <head> <title>Denied Page</title> </head> <body> <h2>Access Denied</h2> </body> </html>
