Spring security hello world xml

Directory Structure

pom.xml file

<project xmlns="http://maven.apache.org/POM/4.0.0" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
  http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>w3spoint</groupId>
  <artifactId>SpringSecurity</artifactId>
  <packaging>war</packaging>
  <version>0.0.1-SNAPSHOT</version>
  <name>SpringSecurityld Maven Webapp</name>
  <url>http://maven.apache.org</url>
 
  <properties>
  	<spring.version>5.0.2.RELEASE</spring.version>
  	<spring.security.version>5.0.0.RELEASE</spring.security.version>
  	<jstl.version>1.2</jstl.version>
  </properties>
 
  <dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>3.8.1</version>
      <scope>test</scope>
    </dependency>
    <!-- Spring dependencies -->
	<dependency>
		<groupId>org.springframework</groupId>
		<artifactId>spring-core</artifactId>
		<version>${spring.version}</version>
	</dependency>
 
	<dependency>
		<groupId>org.springframework</groupId>
		<artifactId>spring-web</artifactId>
		<version>${spring.version}</version>
	</dependency>
 
	<dependency>
		<groupId>org.springframework</groupId>
		<artifactId>spring-webmvc</artifactId>
		<version>${spring.version}</version>
	</dependency>
 
	<!-- Spring Security -->
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-web</artifactId>
		<version>${spring.security.version}</version>
	</dependency>
 
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-config</artifactId>
		<version>${spring.security.version}</version>
	</dependency>
 
	<!-- jstl for jsp page -->
	<dependency>
		<groupId>jstl</groupId>
		<artifactId>jstl</artifactId>
		<version>${jstl.version}</version>
	</dependency>
 
	<!-- Servlet API -->
	<dependency>  
	    <groupId>javax.servlet</groupId>  
	    <artifactId>javax.servlet-api</artifactId>  
	    <version>3.1.0</version>  
	    <scope>provided</scope>  
	</dependency>  
  </dependencies>
 
  <build>  
    <plugins>  
    	<plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-compiler-plugin</artifactId>
        <version>3.7.0</version>
        <configuration>
          <source>1.8</source>
          <target>1.8</target>
        </configuration>
      </plugin>
 
        <plugin>  
            <groupId>org.apache.maven.plugins</groupId>  
            <artifactId>maven-war-plugin</artifactId>  
            <version>2.6</version>  
            <configuration>  
                <failOnMissingWebXml>false</failOnMissingWebXml>  
            </configuration>  
        </plugin>  
    </plugins>  
</build>  
</project>

dispatcher-servlet.xml file

<?xml version="1.0" encoding="UTF-8"?>  
<beans xmlns="http://www.springframework.org/schema/beans"  
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
xmlns:mvc="http://www.springframework.org/schema/mvc"  
xmlns:context="http://www.springframework.org/schema/context"  
xsi:schemaLocation="  
http://www.springframework.org/schema/mvc  
http://www.springframework.org/schema/mvc/spring-mvc.xsd  
http://www.springframework.org/schema/beans  
http://www.springframework.org/schema/beans/spring-beans.xsd  
http://www.springframework.org/schema/context   
http://www.springframework.org/schema/context/spring-context.xsd">  
<mvc:annotation-driven />  
   <context:component-scan base-package="com.w3spoint">  
   </context:component-scan>  
   <context:annotation-config></context:annotation-config>  
   <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">  
      <property name="prefix" value="/WEB-INF/views"></property>  
      <property name="suffix" value=".jsp"></property>  
   </bean>  
</beans>

spring-security.xml file

<beans:beans xmlns="http://www.springframework.org/schema/security"  
    xmlns:beans="http://www.springframework.org/schema/beans"  
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
    xsi:schemaLocation="http://www.springframework.org/schema/beans  
    http://www.springframework.org/schema/beans/spring-beans.xsd  
    http://www.springframework.org/schema/security  
    http://www.springframework.org/schema/security/spring-security.xsd">  
    <http auto-config="true">  
        <intercept-url pattern="/user" access="hasRole('ROLE_USER')" />  
    </http>  
    <authentication-manager>  
      <authentication-provider>  
        <user-service>  
        <user name="jai" password="1234" authorities="hasRole(ROLE_USER)" />  
        </user-service>  
      </authentication-provider>  
    </authentication-manager>  
</beans:beans>

web.xml file

<?xml version="1.0" encoding="UTF-8"?>  
<!DOCTYPE xml>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee  
         http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
	version="3.1">
 
	<!-- Spring Configuration -->
	<servlet>
		<servlet-name>dispatcher</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>dispatcher</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>
 
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
 
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
 
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/dispatcher-servlet.xml
			/WEB-INF/spring-security.xml
		</param-value>
	</context-param>
</web-app>

HelloWorldController.java

package com.w3spoint;
 
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
 
@Controller
public class HelloWorldController {
	@RequestMapping(value =  "/" , method = RequestMethod.GET)
	public ModelAndView helloPage() {
		ModelAndView model = new ModelAndView();
		model.addObject("message", "Welcome page.");
		model.setViewName("hello");
		return model;
	}
 
	@RequestMapping(value = "/user**", method = RequestMethod.GET)
	public ModelAndView helloUserPage() {
		ModelAndView model = new ModelAndView();
		model.addObject("message", "Welcome page for user.");
		model.setViewName("helloUser");
		return model;
	}
}

hello.jsp file

<%@page session="false"%>
<html>
<body>
	<h2>Spring MVC + Spring Security</h2>	
	<h3>${message}</h3>	
</body>
</html>

helloUser.jsp file

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<html>
<body>
	<h2>Spring MVC + Spring Security</h2>	
	<h3>${message}</h3>	
</body>
</html>

Run the application on server. The URL http://localhost:8080/SpringSecurity/ will display the following output on browser. Spring security As we add spring security on user page, so when we hit http://localhost:8080/SpringSecurity/user. Browser will open a login page to validate the user. We didnot create this page. It is provides by spring security framework by default.

Spring security

Enter wrong credentials Spring security

The credentials will be matched against the values mentioned in spring-security.xml file. With wrong credentials, it will show following error Spring security

Note: If you try to login with right credentials you will get the following error. java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id “null”.

It is because, in spring-security-core:5.0.0.RC1, the default PasswordEncoder is built as a DelegatingPasswordEncoder. When we store the users in memory, we are providing the passwords in plain text and when trying to retrieve the encoder from the DelegatingPasswordEncoder to validate the password it can’t find one that matches the way in which these passwords were stored.

We can create user with this way:

User.withDefaultPasswordEncoder().username("user").password("user").roles("USER").build();

We will see it in next example with annotations.

Please follow and like us:
Content Protection by DMCA.com