• Home
• Tutorial
• Spring
• Spring3
• Springsecurity
• Spring Security auto generated login to secure URL access

• Questions: Ask
• Latest
• Tutorials:Latest
• Topics

Spring Security auto generated login to secure URL access

In this section, you will learn how to secure URL access through auto generated Login form using Spring Security.

In this section, you will learn how to secure URL access through auto generated Login form using Spring Security.

Spring Security auto generated login to secure URL access

In this section, you will learn how to secure URL access through auto generated Login  form using Spring Security.

The tools and technology used in this tutorial are given below :

• jdk1.6.0_18
  
  
• apache-tomcat-6.0.29
  
  
• Eclipse 3.5.1
  
  
• Spring 3.0.5.RELEASE
  
  
• Spring Security 3.0.5.RELEASE

EXAMPLE

Sometimes you need to secure your page from unauthorized access. In the below example, we will ensure secure URL access by providing  auto generated Login  form using Spring Security. User need to provide correct login credential to view the page.

Using Servlet filters, Spring Security catch the incoming HTTP request and enforce security checking by providing auto generated Login form. 

The project hierarchy and jar file used in the example is given below :

CODE

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>SpringSecurityLoginToSecureURL</display-name>
<servlet>
<servlet-name>Dispatcher</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/Dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

Dispatcher-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context 
http://www.springframework.org/schema/context/spring-context-3.0.xsd">

<context:component-scan base-package="net.roseindia" />

<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/views/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>

</beans>

spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

<http auto-config="true">
<intercept-url pattern="/login*" access="ROLE_USER" />
</http>

<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="roseindia" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>

</beans:beans>

ProjectController.java

package net.roseindia;

import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
@RequestMapping("/welcome")
public class ProjectController {

@RequestMapping(method = RequestMethod.GET)
public String printWelcome(ModelMap model) {

model.addAttribute("msg", "Hello Friend!! Welcome to Roseindia");
return "hello";

}
}

welcome.jsp

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Display Hello World Message</title>
</head>
<body>
<h1>Message : ${msg}</h1> 
</body>
</html>

OUTPUT

When you access the below URL :

http://localhost:9090/SpringSecurityLoginToSecureURL/index

it will redirect you to the following login page :

When you provide correct login credential which is admin as User and roseindia as Password , you will get the following web page :

If your credential is wrong, you will get the following messages on Login page :

Download Source Code

• 
• 
• 
• 
• 
• 
• 
• 
• 
•