CodesJava

Easy learning with example program codes

spring security hello world annotation example


Spring security

Spring security is a flexible and powerful authentication and authorization framework to create secure J2EE-based Enterprise Applications.

Authentication: It is a process or action of verifying the identity of a user or process i.e. who are you?

Authorization: It is a process of checking the authority of a user to perform actions in the application i.e. what are you allowed to do?

Spring security hello world example

Directory Structure

Spring security

pom.xml file

<project xmlns="http://maven.apache.org/POM/4.0.0" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
  http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>codesjava</groupId>
  <artifactId>SpringSecurity02</artifactId>
  <packaging>war</packaging>
  <version>0.0.1-SNAPSHOT</version>
  <name>SpringSecurityld Maven Webapp</name>
  <url>http://maven.apache.org</url>
 
  <properties>
  	<spring.version>5.0.2.RELEASE</spring.version>
  	<spring.security.version>5.0.0.RELEASE</spring.security.version>
  	<jstl.version>1.2</jstl.version>
  </properties>
 
  <dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>3.8.1</version>
      <scope>test</scope>
    </dependency>
    <!-- Spring dependencies -->
	<dependency>
		<groupId>org.springframework</groupId>
		<artifactId>spring-core</artifactId>
		<version>${spring.version}</version>
	</dependency>
 
	<dependency>
		<groupId>org.springframework</groupId>
		<artifactId>spring-web</artifactId>
		<version>${spring.version}</version>
	</dependency>
 
	<dependency>
		<groupId>org.springframework</groupId>
		<artifactId>spring-webmvc</artifactId>
		<version>${spring.version}</version>
	</dependency>
 
	<!-- Spring Security -->
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-web</artifactId>
		<version>${spring.security.version}</version>
	</dependency>
 
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-config</artifactId>
		<version>${spring.security.version}</version>
	</dependency>
 
	<!-- jstl for jsp page -->
	<dependency>
		<groupId>jstl</groupId>
		<artifactId>jstl</artifactId>
		<version>${jstl.version}</version>
	</dependency>
 
	<!-- Servlet API -->
	<dependency>  
	    <groupId>javax.servlet</groupId>  
	    <artifactId>javax.servlet-api</artifactId>  
	    <version>3.1.0</version>  
	    <scope>provided</scope>  
	</dependency>  
  </dependencies>
 
  <build>  
    <plugins>  
    	<plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-compiler-plugin</artifactId>
        <version>3.7.0</version>
        <configuration>
          <source>1.8</source>
          <target>1.8</target>
        </configuration>
      </plugin>
 
        <plugin>  
            <groupId>org.apache.maven.plugins</groupId>  
            <artifactId>maven-war-plugin</artifactId>  
            <version>2.6</version>  
            <configuration>  
                <failOnMissingWebXml>false</failOnMissingWebXml>  
            </configuration>  
        </plugin>  
    </plugins>  
</build>  
</project>

AppConfig.java

package com.codesjava.config;
 
import org.springframework.context.annotation.Bean;  
import org.springframework.context.annotation.ComponentScan;  
import org.springframework.context.annotation.Configuration;  
import org.springframework.web.servlet.config.annotation.EnableWebMvc;  
import org.springframework.web.servlet.view.InternalResourceViewResolver;  
import org.springframework.web.servlet.view.JstlView;  
 
@EnableWebMvc  
@Configuration  
@ComponentScan({ "com.codesjava.controller.*" })  
public class AppConfig {  
    @Bean  
    public InternalResourceViewResolver viewResolver() {  
        InternalResourceViewResolver viewResolver  
                          = new InternalResourceViewResolver();  
        viewResolver.setViewClass(JstlView.class);  
        viewResolver.setPrefix("/WEB-INF/views/");  
        viewResolver.setSuffix(".jsp");  
        return viewResolver;  
    }  
}

SecurityConfig.java

Spring security configuration file. It will contains the security configurations. It creates a springSecurityFilterChain which is a servlet filter.

package com.codesjava.config;
 
import org.springframework.context.annotation.*;   
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.*;  
import org.springframework.security.core.userdetails.User;  
import org.springframework.security.core.userdetails.UserDetailsService;  
import org.springframework.security.provisioning.InMemoryUserDetailsManager;  
 
@EnableWebSecurity
@ComponentScan("com.codesjava") 
public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
    @Bean  
    public UserDetailsService userDetailsService() {  
        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();  
        manager.createUser(User.withDefaultPasswordEncoder()  
        .username("jai").password("123456").roles("ADMIN").build());  
        return manager;  
    }  
 
    @Override
    protected void configure(HttpSecurity http) throws Exception {
	http                              
        .authorizeRequests()  
            .anyRequest().hasRole("ADMIN")  
            .and().formLogin();		
    }
}

SpringSecurityInitializer.java

Now we have to create a class which extends AbstractSecurityWebApplicationInitializer, it will load the springSecurityFilterChain automatically.

package com.codesjava.config.core;
 
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
 
public class SpringSecurityInitializer  extends AbstractSecurityWebApplicationInitializer{
 
}

SpringMvcInitializer.java

It is initializer class which will load everything.

package com.codesjava.config.core;
 
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
import com.codesjava.config.SecurityConfig;
 
public class SpringMvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
	@Override
	protected Class<?>[] getRootConfigClasses() {
		return new Class[] { SecurityConfig.class };
	}
 
	@Override
	protected Class<?>[] getServletConfigClasses() {
		// TODO Auto-generated method stub
		return null;
	}
 
	@Override
	protected String[] getServletMappings() {
		return new String[] { "/" };
	}
}

HelloWorldController.java

package com.codesjava.controller;
 
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
 
@Controller
public class HelloWorldController {
	@RequestMapping(value =  "/" , method = RequestMethod.GET)
	public ModelAndView helloPage() {
		ModelAndView model = new ModelAndView();
		model.addObject("message", "Welcome page.");
		model.setViewName("helloUser");
		return model;
	}
 
}

helloUser.jsp file

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<html>
<body>
	<h2>Spring MVC + Spring Security</h2>	
	<h3>${message}</h3>	
</body>
</html>

Run the application on server.
As we add spring security on every page, so when we hit http://localhost:8080/SpringSecurity02/. Browser will open a login page to validate the user. We did not create this page. It is provides by spring security framework by default. Enter user credentials here.

Spring security

After login, following screen will open.
Spring security

With wrong credentials, it will show following error
Spring security



Copyright © 2018 CodesJava DMCA.com Protection Status SiteMap