Easy learning with example program codes

spring security hello world xml example

Spring security

Spring security is a flexible and powerful authentication and authorization framework to create secure J2EE-based Enterprise Applications.

Authentication: It is a process or action of verifying the identity of a user or process i.e. who are you?

Authorization: It is a process of checking the authority of a user to perform actions in the application i.e. what are you allowed to do?

Spring security hello world example

Directory Structure

Spring security

pom.xml file

<project xmlns="" 
  <name>SpringSecurityld Maven Webapp</name>
    <!-- Spring dependencies -->
	<!-- Spring Security -->
	<!-- jstl for jsp page -->
	<!-- Servlet API -->

dispatcher-servlet.xml file

<?xml version="1.0" encoding="UTF-8"?>  
<beans xmlns=""  
<mvc:annotation-driven />  
   <context:component-scan base-package="com.codesjava">  
   <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">  
      <property name="prefix" value="/WEB-INF/views/"></property>  
      <property name="suffix" value=".jsp"></property>  

spring-security.xml file

<beans:beans xmlns=""  
    <http auto-config="true">  
        <intercept-url pattern="/user" access="hasRole('ROLE_USER')" />  
        <user name="jai" password="1234" authorities="hasRole(ROLE_USER)" />  

web.xml file

<?xml version="1.0" encoding="UTF-8"?>  
<!DOCTYPE xml>
<web-app xmlns="" 
	xsi:schemaLocation="  "
	<!-- Spring Configuration -->

package com.codesjava;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
public class HelloWorldController {
	@RequestMapping(value =  "/" , method = RequestMethod.GET)
	public ModelAndView helloPage() {
		ModelAndView model = new ModelAndView();
		model.addObject("message", "Welcome page.");
		return model;
	@RequestMapping(value = "/user**", method = RequestMethod.GET)
	public ModelAndView helloUserPage() {
		ModelAndView model = new ModelAndView();
		model.addObject("message", "Welcome page for user.");
		return model;

hello.jsp file

<%@page session="false"%>
	<h2>Spring MVC + Spring Security</h2>	

helloUser.jsp file

<%@taglib prefix="c" uri=""%>
<%@page session="true"%>
	<h2>Spring MVC + Spring Security</h2>	

Run the application on server. The URL http://localhost:8080/SpringSecurity/ will display the following output on browser.
Spring security
As we add spring security on user page, so when we hit http://localhost:8080/SpringSecurity/user. Browser will open a login page to validate the user. We didnot create this page. It is provides by spring security framework by default.

Spring security

Enter wrong credentials
Spring security

The credentials will be matched against the values mentioned in spring-security.xml file. With wrong credentials, it will show following error
Spring security

Note: If you try to login with right credentials you will get the following error.
java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id “null”.

It is because, in spring-security-core:5.0.0.RC1, the default PasswordEncoder is built as a DelegatingPasswordEncoder. When we store the users in memory, we are providing the passwords in plain text and when trying to retrieve the encoder from the DelegatingPasswordEncoder to validate the password it can’t find one that matches the way in which these passwords were stored.

We can create user with this way:


We will see it in next example with annotations.

Spring Tutorial

Spring framework.
Spring framework architecture.
Spring ioc container.
Spring bean.
Spring bean scopes.
Spring bean life cycle.
Spring callback methods.
Spring hello world.
Spring bean definition inheritance.
Spring bean definition template.
Spring dependency injection.
Spring constructor based injection.
Constructor injection type ambiguities.
Setter based dependency injection.
Spring dependency injection collections.
Spring autowire
Spring autowire by name
Spring autowire by type
Spring autowire by constructor
Spring JDBC tutorial
Spring JDBC Prepared Statement
Spring ResultSetExtractor
Spring RowMapper
Spring aop tutorial.
Spring AOP AspectJ Xml.
Spring AOP AspectJ Annotation.
Spring MVC tutorial.
Spring mvc framework.
Spring mvc configuration file.
Spring mvc hello world.
Spring MVC multiple controller.
Spring MVC login.
Spring mvc form handling.
Spring mvc exception handling.
Spring spel tutorial.
Spring spel hello world.
Spring spel operators.
Spring spel ternary operator.
Spring spel standardevaluationcontext.
Spring spel bean reference.
Spring spel method invocation.
Spring spel list, map.
Spring spel regex.
Maven Eclipse Spring
Spring boot overview
Spring boot architecture diagram
Spring boot components
Spring boot starter parent
Spring boot web app configuration
Run spring boot application
Spring boot change port
Spring boot change context path
Spring boot log sql statements
Spring boot hello world
Spring boot JSP
Spring boot thymeleaf
Spring boot with mysql
Spring security overview
Spring security architecture
Spring security maven dependency
Spring security xml
Spring security annotation
Spring security custom login xml
Spring security custom login annotation
Spring security form login
Spring security remember me
Spring security method level

Copyright © 2019 CodesJava Protection Status SiteMap Reference: Java Wiki