Spring Security Authorized Access with Customized Login from Database


 

Spring Security Authorized Access with Customized Login from Database

In this section, you will learn about authorized access with customized login from database using Spring Security.

In this section, you will learn about authorized access with customized login from database using Spring Security.

Spring Security Authorized Access with Customized Login from Database

In this section, you will learn about authorized access with customized login from database using Spring Security.

Sometimes you need to secure your page from unauthorized access. Authorized access is the secure access of page through a permitted username and password. For example, the admin section page can only have permission for admin only. This section deals with the username and password stored in database table.

For Spring Security authorized access using auto generated login form. Click Here.

For Spring Security authorized access using customized login form. Click Here.

The project structure and jar file used is given below :

The SQL query to create database table  logins is given below :

CREATE TABLE `logins` ( 
`LOGIN_ID` int(10) unsigned NOT NULL, 
`USERNAME` varchar(45) NOT NULL, 
`PASSWORD` varchar(45) NOT NULL, 
`ENABLED` tinyint(1) NOT NULL, 
PRIMARY KEY (`LOGIN_ID`) 
) ENGINE=InnoDB DEFAULT CHARSET=latin1 

The SQL query to create database table roles is given below :

CREATE TABLE `roles` ( 
`ROLE_ID` int(10) unsigned NOT NULL, 
`LOGIN_ID` int(10) unsigned NOT NULL, 
`ROLE` varchar(45) NOT NULL, 
PRIMARY KEY (`ROLE_ID`), 
KEY `FK_roles` (`LOGIN_ID`), 
CONSTRAINT `FK_roles` FOREIGN KEY (`LOGIN_ID`) REFERENCES `logins` (`LOGIN_ID`) 
) ENGINE=InnoDB DEFAULT CHARSET=latin1

You can check user authenticity using customized login from database table(in spring-security.xml ) as follows :

spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

<http auto-config="true">
<intercept-url pattern="/index*" access="ROLE_USER,ROLE_ADMIN" />
<intercept-url pattern="/admin*" access="ROLE_ADMIN" />
<form-login login-page="/login" default-target-url="/index" authentication-failure-url="/failLogin" />
<logout logout-success-url="/logoff" />
</http>

<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource" 
users-by-username-query="select username,password, enabled from logins where username=?"
authorities-by-username-query="select l.username, r.role from logins l, roles r where l.login_id = r.login_id and l.username =? " />
</authentication-provider>
</authentication-manager>

</beans:beans>

It means the user with authority as ROLE_ADMIN can have access to URL /admin . Also, the URL /index is open for both type of users having authority ROLE_USER or ROLE_ADMIN .

The rest of the code is given below :

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>SpringSecurityAuthorizedAccessCustomLoginFrmDB</display-name>
<servlet>
<servlet-name>Dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/Dispatcher-servlet.xml,
/WEB-INF/spring-datasource.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

spring-datasource.xml

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">

<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">

<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://192.168.10.13:3306/anky" />
<property name="username" value="root" />
<property name="password" value="root" />
</bean>

</beans>

Dispatcher-servlet.xml

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context 
http://www.springframework.org/schema/context/spring-context-3.0.xsd">

<context:component-scan base-package="net.roseindia" />

<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/views/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>

<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>LoginMsg</value>
</list>
</property>
</bean>

</beans>

LoginController.java

package net.roseindia;

import java.security.Principal;

import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
public class LoginController {
@RequestMapping(value = "/admin", method = RequestMethod.GET)
public String welcomeAdmin(ModelMap model, Principal principal) {
String username = principal.getName();
model.addAttribute("user", username);
model.addAttribute("msg", "Spring Security - ADMIN PAGE");
return "welcome";

}
@RequestMapping(value = "/index", method = RequestMethod.GET)
public String printMessage(ModelMap model, Principal principal) {

String username = principal.getName();
model.addAttribute("user", username);
model.addAttribute("msg", "Spring Security Custom Login Form");
return "welcome";

}

@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(ModelMap model) {

return "login";

}

@RequestMapping(value = "/failLogin", method = RequestMethod.GET)
public String failedLogin(ModelMap model) {

model.addAttribute("error", "true");
return "login";

}

@RequestMapping(value = "/logoff", method = RequestMethod.GET)
public String logoff(ModelMap model) {

return "login";

}
}

LoginMsg.properties

AbstractUserDetailsAuthenticationProvider.badCredentials=Wrong username\ /\ password

login.jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login Page</title>
<style>
.errorblock {
color: #ff0000;
background-color: #ffEEEE;
border: 3px solid #ff0000;
padding: 8px;
margin: 16px;
}
</style>
</head>
<body onload='document.f.j_username.focus();'>
<h3>Login with Username and Password (Custom Page)</h3>

<c:if test="${not empty error}">
<div class="errorblock">
Login error : Please try again.<br />Root Cause:
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>
</c:if>

<form name='f' action="<c:url value='j_spring_security_check' />"
method='POST'>

<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
<tr>
<td colspan='2'><input name="reset" type="reset" />
</td>
</tr>
</table>

</form>
</body>
</html>

welcome.jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
<h3>${msg}</h3> 
<h3>Username : ${user}</h3> 

<a href="<c:url value="/j_spring_security_logout" />" > Logoff</a>

</body>
</html>

OUTPUT

When you try to access the following URL for admin section :

http://localhost:9090/SpringSecurityAuthorizedAccessCustomLoginFrmDB/admin

You will get the following page :

If you provide correct login(username: admin , password: deepak), you will get the following page :

If you try to login with a user login credential (username: user, password : roseindia), you will get the following error page :

Download Source Code

Ads