Wednesday, June 26, 2013

Spring Security: Spring MVC 3.0 + Spring Security 3.1



After so many days I am back again with some new and hot topic:-

Spring Security 3.1  :

As software developers, we must take steps to protect the information that resides in our applications. Whether it’s an email account protected with a username/pass- word pair or a brokerage account protected with a trading PIN, security is a crucial aspect of most applications.

                        Spring Security is a security framework that provides declarative security for your Spring-based applications. Spring Security provides a comprehensive security solution, handling authentication and authorization at both the web request level and at the method invocation level.


No matter what kind of application you want to secure using Spring Security, the first thing to do is to add the Spring Security modules to the application’s classpath. you’ll want to include the Spring-Core.3.1.1.jar and Spring-Config.3.1.1.jar modules in your application’s classpath. Spring Security is often used to secure web applications. That’s certainly the case with our Hello World MVC application, so we’ll also need to add the Spring-web.3.1.1.jar module.


Let’s Start building the spring security application :
 

Code Structure in Eclipse



 HelloController.java

package com.sushil.spring.security.controller;

import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.*;

@Controller
@RequestMapping("/hello")
public class HelloController {

       @RequestMapping(method = RequestMethod.GET)
       public String printWelcome(ModelMap model) {
              model.addAttribute("message", "learning Spring Security is DAMN Easy");
              return "hello";
       }
}

hello.jsp

<html>
<body>
       <h1>Sushil Spring Tutorials</h1>
       <h3>${message}</h3> 
</body>
</html>

springMvcSecurity-servlet.xml

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="
        http://www.springframework.org/schema/beans    
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context-3.0.xsd">

       <context:component-scan base-package="com.sushil.spring.security.controller" />

       <bean
              class="org.springframework.web.servlet.view.InternalResourceViewResolver">
              <property name="prefix">
                     <value>/WEB-INF/pages/</value>
              </property>
              <property name="suffix">
                     <value>.jsp</value>
              </property>
       </bean>
</beans>

spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
       xmlns:beans="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.1.xsd">

       <http auto-config="true">
              <intercept-url pattern="/hello*" access="ROLE_ADMIN" />
       </http>

       <authentication-manager>
              <authentication-provider>
                     <user-service>
                           <user name="sushil" password="sushil" authorities="ROLE_ADMIN" />
                     </user-service>
              </authentication-provider>
       </authentication-manager>
</beans:beans>


Web.xml

<web-app id="WebApp_ID" version="2.4"
       xmlns="http://java.sun.com/xml/ns/j2ee"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
       http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

       <display-name>Spring MVC Application</display-name>

       <!-- Spring MVC -->
       <servlet>
              <servlet-name>springMvcSecurity</servlet-name>
              <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
              <load-on-startup>1</load-on-startup>
       </servlet>
       <servlet-mapping>
              <servlet-name>springMvcSecurity</servlet-name>
              <url-pattern>/</url-pattern>
       </servlet-mapping>

       <listener>
              <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
       </listener>

       <context-param>
              <param-name>contextConfigLocation</param-name>
              <param-value>
                     /WEB-INF/springMvcSecurity-servlet.xml,
                     /WEB-INF/spring-security.xml
              </param-value>
       </context-param>

       <!-- Spring Security -->
       <filter>
              <filter-name>springSecurityFilterChain</filter-name>
              <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
       </filter>

       <filter-mapping>
              <filter-name>springSecurityFilterChain</filter-name>
              <url-pattern>/*</url-pattern>
       </filter-mapping>

</web-app>

Output Screens :
 
 Just hit ‘http://localhost:8080/Example1/hello’ on the browser :



In case you enter wrong username/password



Once you properly enter username and password, ‘sushil’ and ‘sushil’, you will get



Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)