CodesJava

Easy learning with example program codes

spring security form based authentication example


Spring security

Spring security is a flexible and powerful authentication and authorization framework to create secure J2EE-basedĀ Enterprise Applications.

Authentication: It is a process or action of verifying the identity of a user or process i.e. who are you?

Authorization: It is a process of checking the authority of a user to perform actions in the application i.e. what are you allowed to do?

Spring security form based authentication example

As we discussed in our earlier examples that Spring Security will create a default login form automatically and we do not have to create any new jsp page. But we can create our custom login page with form.

Directory Structure

Spring security

pom.xml file

<project xmlns="http://maven.apache.org/POM/4.0.0" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
  http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>codesjava</groupId>
  <artifactId>SpringSecurity03</artifactId>
  <packaging>war</packaging>
  <version>0.0.1-SNAPSHOT</version>
  <name>SpringSecurityld Maven Webapp</name>
  <url>http://maven.apache.org</url>
 
  <properties>
  	<spring.version>5.0.2.RELEASE</spring.version>
  	<spring.security.version>5.0.0.RELEASE</spring.security.version>
  	<jstl.version>1.2</jstl.version>
  </properties>
 
  <dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>3.8.1</version>
      <scope>test</scope>
    </dependency>
    <!-- Spring dependencies -->
	<dependency>
		<groupId>org.springframework</groupId>
		<artifactId>spring-core</artifactId>
		<version>${spring.version}</version>
	</dependency>
 
	<dependency>
		<groupId>org.springframework</groupId>
		<artifactId>spring-web</artifactId>
		<version>${spring.version}</version>
	</dependency>
 
	<dependency>
		<groupId>org.springframework</groupId>
		<artifactId>spring-webmvc</artifactId>
		<version>${spring.version}</version>
	</dependency>
 
	<!-- Spring Security -->
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-web</artifactId>
		<version>${spring.security.version}</version>
	</dependency>
 
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-config</artifactId>
		<version>${spring.security.version}</version>
	</dependency>
 
	<!-- jstl for jsp page -->
	<dependency>
		<groupId>jstl</groupId>
		<artifactId>jstl</artifactId>
		<version>${jstl.version}</version>
	</dependency>
 
	<!-- Servlet API -->
	<dependency>  
	    <groupId>javax.servlet</groupId>  
	    <artifactId>javax.servlet-api</artifactId>  
	    <version>3.1.0</version>  
	    <scope>provided</scope>  
	</dependency>  
  </dependencies>
 
  <build>  
    <plugins>  
    	<plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-compiler-plugin</artifactId>
        <version>3.7.0</version>
        <configuration>
          <source>1.8</source>
          <target>1.8</target>
        </configuration>
      </plugin>
 
        <plugin>  
            <groupId>org.apache.maven.plugins</groupId>  
            <artifactId>maven-war-plugin</artifactId>  
            <version>2.6</version>  
            <configuration>  
                <failOnMissingWebXml>false</failOnMissingWebXml>  
            </configuration>  
        </plugin>  
    </plugins>  
</build>  
</project>

AppConfig.java

package com.codesjava.config;
 
import org.springframework.context.annotation.Bean;  
import org.springframework.context.annotation.ComponentScan;  
import org.springframework.context.annotation.Configuration;  
import org.springframework.web.servlet.config.annotation.EnableWebMvc;  
import org.springframework.web.servlet.view.InternalResourceViewResolver;  
import org.springframework.web.servlet.view.JstlView;  
 
@EnableWebMvc  
@Configuration  
@ComponentScan({ "com.codesjava.controller.*" })  
public class AppConfig {  
    @Bean  
    public InternalResourceViewResolver viewResolver() {  
        InternalResourceViewResolver viewResolver  
                          = new InternalResourceViewResolver();  
        viewResolver.setViewClass(JstlView.class);  
        viewResolver.setPrefix("/WEB-INF/views/");  
        viewResolver.setSuffix(".jsp");  
        return viewResolver;  
    }  
}

SecurityConfig.java

Spring security configuration file. It will contains the security configurations. It creates a springSecurityFilterChain which is a servlet filter.

package com.codesjava.config;
 
import org.springframework.context.annotation.*;   
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.*;  
import org.springframework.security.core.userdetails.User;  
import org.springframework.security.core.userdetails.UserDetailsService;  
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;  
 
@EnableWebSecurity
@ComponentScan("com.codesjava") 
public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
    @Bean  
    public UserDetailsService userDetailsService() {  
        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();  
        manager.createUser(User.withDefaultPasswordEncoder()  
        .username("jai").password("123456").roles("ADMIN").build());  
        return manager;  
    }  
 
	@Override
	protected void configure(HttpSecurity http) throws Exception {
	     http.authorizeRequests().  
	      antMatchers("/index","/").permitAll()  
	      .antMatchers("/admin").authenticated()  
	      .and()  
	      .formLogin()  
	      .loginPage("/login")  
	      .and()  
	      .logout()  
	      .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));  		
	}
}

SpringSecurityInitializer.java

Now we have to create a class which extends AbstractSecurityWebApplicationInitializer, it will load the springSecurityFilterChain automatically.

package com.codesjava.config.core;
 
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
 
public class SpringSecurityInitializer  extends AbstractSecurityWebApplicationInitializer{
 
}

SpringMvcInitializer.java

It is initializer class which will load everything.

package com.codesjava.config.core;
 
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
import com.codesjava.config.SecurityConfig;
 
public class SpringMvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
	@Override
	protected Class<?>[] getRootConfigClasses() {
		return new Class[] { SecurityConfig.class };
	}
 
	@Override
	protected Class<?>[] getServletConfigClasses() {
		// TODO Auto-generated method stub
		return null;
	}
 
	@Override
	protected String[] getServletMappings() {
		return new String[] { "/" };
	}
}

LoginController.java

package com.codesjava.controller;
 
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
 
@SuppressWarnings("unused")
@Controller
public class LoginController {
    @RequestMapping(value="/", method=RequestMethod.GET)    
    public String index() {    	            
        return "index";    
    }   
 
    @RequestMapping(value="/login", method=RequestMethod.GET)    
    public String login() {    	            
        return "login";    
    }    
 
    @RequestMapping(value="/admin", method=RequestMethod.GET)    
    public String admin() {    	            
        return "admin";    
    }    
}

index.jsp file

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<html>
<body>
	<h2>Spring MVC + Spring Security</h2>	
	<a href="admin">Login here</a>	
</body>
</html>

login.jsp file

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>  
<c:url value="/login" var="loginUrl"/>  
<form action="${loginUrl}" method="post">         
    <c:if test="${param.error != null}">          
        <p>  
            Invalid username and password.  
        </p>  
    </c:if>  
    <c:if test="${param.logout != null}">         
        <p>  
            You have been logged out.  
        </p>  
    </c:if>  
    <p>  
        <label for="username">Username</label>  
        <input type="text" id="username" name="username"/>      
    </p>  
    <p>  
        <label for="password">Password</label>  
        <input type="password" id="password" name="password"/>      
    </p>  
    <input type="hidden"                          
        name="${_csrf.parameterName}"  
        value="${_csrf.token}"/>  
    <button type="submit" class="btn">Login</button>  
</form>

admin.jsp file

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<html>
<body>
	<h2>Spring MVC + Spring Security</h2>	
	<h3>Admin login successfully.</h3>	
	<a href="logout">Logout</a>
</body>
</html>

Run the application on server.
We add spring security on admin page, so when we hit http://localhost:8080/SpringSecurity03/. Browser will open index page.
Spring security

Click on Login here link. Custom login page will open.
Spring security

Enter credentials and click on login
Spring security

Successfully login
Spring security

Click on logout
Spring security

Spring Tutorial

Spring framework.
Spring framework architecture.
Spring ioc container.
Spring bean.
Spring bean scopes.
Spring bean life cycle.
Spring callback methods.
Spring hello world.
Spring bean definition inheritance.
Spring bean definition template.
Spring dependency injection.
Spring constructor based injection.
Constructor injection type ambiguities.
Setter based dependency injection.
Spring dependency injection collections.
Spring autowire
Spring autowire by name
Spring autowire by type
Spring autowire by constructor
Spring JDBC tutorial
Spring JDBC Prepared Statement
Spring ResultSetExtractor
Spring RowMapper
Spring aop tutorial.
Spring AOP AspectJ Xml.
Spring AOP AspectJ Annotation.
Spring MVC tutorial.
Spring mvc framework.
Spring mvc configuration file.
Spring mvc hello world.
Spring MVC multiple controller.
Spring MVC login.
Spring mvc form handling.
Spring mvc exception handling.
Spring spel tutorial.
Spring spel hello world.
Spring spel operators.
Spring spel ternary operator.
Spring spel standardevaluationcontext.
Spring spel bean reference.
Spring spel method invocation.
Spring spel list, map.
Spring spel regex.
Maven Eclipse Spring
Spring boot overview
Spring boot architecture diagram
Spring boot components
Spring boot starter parent
Spring boot web app configuration
Run spring boot application
Spring boot change port
Spring boot change context path
Spring boot log sql statements
Spring boot hello world
Spring boot JSP
Spring boot thymeleaf
Spring boot with mysql
Spring security overview
Spring security architecture
Spring security maven dependency
Spring security xml
Spring security annotation
Spring security custom login xml
Spring security custom login annotation
Spring security form login
Spring security remember me
Spring security method level
Sign Up/ Sign In
Ask a Question


Industrial Training

We offers Placement Oriented Training on Java, Spring, JSF, Hibernate, PHP, AngularJS, Angular 4, PLSQL, Oracle BI Publisher etc. We also provides Online training, please mail us at hr@codesjava.com.

Development

We also provides the Development services for Website Development , Java Development, PHP Development, Android App Development etc. You can contact us on hr@codesjava.com.

Copyright © 2018 CodesJava DMCA.com Protection Status SiteMap Reference: Java Wiki