• Home
• Tutorial
• Spring
• Spring3
• Springsecurity
• Spring Security customized login form to secure URL access

• Questions: Ask
• Latest
• Tutorials:Latest
• Topics

Spring Security customized login form to secure URL access

In this section, you will learn Spring Security custom login form to secure URL access in web application.

In this section, you will learn Spring Security custom login form to secure URL access in web application.

Spring Security customized login  form to secure URL access

In this section, you will learn Spring Security custom login form to secure URL access in web application.

In the previous example(click here), you have learn to secure URL access through auto generated Login  form using Spring Security.

In this section, you will learn to secure URL access but the Login form is not auto generated, it is designed and developed by us. This Login form is used for authentication  of the user to secure URL access.

EXAMPLE

The tools and technology used in this tutorial are given below :

• jdk1.6.0_18
  
  
• apache-tomcat-6.0.29
  
  
• Eclipse 3.5.1
  
  
• Spring 3.0.5.RELEASE
  
  
• Spring Security 3.0.5.RELEASE

Sometimes you need to secure your page from unauthorized access. In the below example, we will ensure secure URL access by providing custom Login form . User need to provide correct login credential to view the page.

Using Servlet filters, Spring Security catch the incoming HTTP request and enforce security checking by providing custom Login form. 

The project hierarchy and jar file used in the example is given below :

CODE

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>SpringSecurityCustomLoginForm</display-name>
<!-- Spring MVC -->
<servlet>
<servlet-name>Dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>

<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/Dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>

<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

</web-app>

spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

<http auto-config="true">
<intercept-url pattern="/index*" access="ROLE_USER" />
<form-login login-page="/login" default-target-url="/index"
authentication-failure-url="/failLogin" />
<logout logout-success-url="/logoff" />
</http>

<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="roseindia" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>

</beans:beans>

Dispatcher-servlet.xml

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context 
http://www.springframework.org/schema/context/spring-context-3.0.xsd">

<context:component-scan base-package="net.roseindia" />

<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/views/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>

<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>LoginMsg</value>
</list>
</property>
</bean>

</beans>

ProjectController.java

package net.roseindia;

import java.security.Principal;

import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
public class ProjectController {
@RequestMapping(value = "/index", method = RequestMethod.GET)
public String printMessage(ModelMap model, Principal principal) {

String username = principal.getName();
model.addAttribute("user", username);
model.addAttribute("msg", "Spring Security Custom Login Form");
return "welcome";

}

@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(ModelMap model) {

return "login";

}

@RequestMapping(value = "/failLogin", method = RequestMethod.GET)
public String failedLogin(ModelMap model) {

model.addAttribute("error", "true");
return "login";

}

@RequestMapping(value = "/logoff", method = RequestMethod.GET)
public String logoff(ModelMap model) {

return "login";

}
}

LoginMsg.properties

AbstractUserDetailsAuthenticationProvider.badCredentials=Wrong username\ /\ password

login.jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login Page</title>
<style>
.errorblock {
color: #ff0000;
background-color: #ffEEEE;
border: 3px solid #ff0000;
padding: 8px;
margin: 16px;
}
</style>
</head>
<body onload='document.f.j_username.focus();'>
<h3>Login with Username and Password (Custom Page)</h3>

<c:if test="${not empty error}">
<div class="errorblock">
Login error : Please try again.<br />Root Cause:
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>
</c:if>

<form name='f' action="<c:url value='j_spring_security_check' />"
method='POST'>

<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
<tr>
<td colspan='2'><input name="reset" type="reset" />
</td>
</tr>
</table>

</form>
</body>
</html>

welcome.jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
<h3>${msg}</h3> 
<h3>Username : ${user}</h3> 

<a href="<c:url value="/j_spring_security_logout" />" > Logoff</a>

</body>
</html>

OUTPUT

When you try to access the following URL :

http://localhost:9090/SpringSecurityCustomLoginForm/index

It will redirect you to the following URL and the below page will appear :

http://localhost:9090/SpringSecurityCustomLoginForm/login

If your login credential are incorrect, following page will appear :

If your login credential are correct, following page will appear :

When you logoff, it will redirect you to the below page :

Download Source Code

• 
• 
• 
• 
• 
• 
• 
• 
• 
•