Note: I suggest reading the following tutorial as well which uses the latest Spring Security 3.1
Spring Security 3.1 - Implement UserDetailsService with Spring Data JPA
Spring Security 3.1 - Implement UserDetailsService with Spring Data JPA
What is Spring Security?
Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications
Spring Security is one of the most mature and widely used Spring projects. Founded in 2003 and actively maintained by SpringSource since, today it is used to secure numerous demanding environments including government agencies, military applications and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.
Source: http://static.springsource.org/spring-security/site/
Our first task is to setup our Spring 3 MVC application. We dive directly to the main controller.
MainController
This controller declares two mappings:
/main/admin /main/commonEach handler will resolve to a specific JSP page. The common JSP page is accessible by everyone, while the admin page is accessible only by admins. Right now, everyone has access to these pages because we haven't enabled Spring Security yet.
Next we enable Spring MVC in the web.xml
web.xml
Take note of the URL pattern. When accessing any pages in our MVC application, the host name must be appended with
/kramsFor example, to access the commonpage.jsp, the complete URL should be http://localhost:8080/myapp/krams/main/common
In the web.xml we declared a servlet-name spring. By convention, we must declare a spring-servlet.xml as well.
spring-servlet.xml.
This XML config declares a view resolver. All references to a JSP name in the controllers will map to a corresponding JSP in the /WEB-INF/jsp location.
By convention, we must declare an applicationContext.xml
applicationContext.xml
This XML config declares three beans to activate the Spring 3 MVC programming model.
Our web application is almost done. The final piece is to create the JSP pages. We will create a commonpage.jsp for the common view and adminpage.jsp for the admin view.
commonpage.jsp
adminpage.jsp
Here's a screenshot of these JSP pages:
Our Spring 3 MVC application is now finish!
To access the common page, enter the following URL:
http://localhost:8080/spring-security-integration/krams/main/common
To access the admin page, enter the following URL:
http://localhost:8080/spring-security-integration/krams/main/admin
The best way to learn further is to try the actual application.
Download the project
You can access the project site at Google's Project Hosting at http://code.google.com/p/spring3-security-mvc-integration-tutorial/
You can download the project as a Maven build. Look for the spring-mvc.zip in the Download sections.
You can run the project directly using an embedded server via Maven.
For Tomcat: mvn tomcat:run
For Jetty: mvn jetty:run
Here's Spring Security - MVC Integration Tutorial (Part 2)
Share the joy:
|
Subscribe by reader Subscribe by email Share
Thank you for this and all others tutorials! Very helpful!
ReplyDelete(I've added this site to Google Reader.)
You're welcome :)
ReplyDeleteHi krams, may i know the need lib files??
ReplyDelete@Anonymous, you'll find the required files inside the pom.xml. If you use Maven, those files will be automaticall downloaded for you.
ReplyDeleteThank u krams...
ReplyDeleteI am new to Maven, so il download all the dependency manually as mention in pom.xml..
Thanks Krams, Fantastic tutorial on Spring security.
ReplyDeleteHi Krams. I'm trying to get this to deploy using the tomcat plugin and having some trouble. I've listed my problem at stack overflow (http://stackoverflow.com/questions/11652658/maven-tomcat-plugin-not-deploying-and-connection-refused).
ReplyDeleteAny ideas why it wouldn't deploy? I'm using tomcat 6, maven 2.
Please see my post about the new issues and fix for this plugin http://krams915.blogspot.com/2012/08/copy-maven-plugin-updates.html
DeleteThanks Mark. I haven't had a chance to look at the plugins since but appreciate your research. I've posted a note to the link above on stack overflow
DeleteThank u, very helpful :)
ReplyDeleteUh, where is the security enabled via xml, as you state in the intro?
ReplyDeleteI have read your blog its very attractive and impressive. I like it your blog.
ReplyDeleteSpring online training Spring online training Spring Hibernate online training Spring Hibernate online training Java online training
spring training in chennai spring hibernate training in chennai
I have read your blog its very attractive and impressive. I like it your blog.
ReplyDeleteBest BCA Colleges in Noida
Thanks for Fantasctic blog and its to much informatic which i never think ..Keep writing and grwoing your self
ReplyDeleteBirth certificate in delhi
Birth certificate in ghaziabad
Birth certificate in gurgaon
Birth certificate in noida
How to get birth certificate in ghaziabad
how to get birth certificate in delhi
birth certificate agent in delhi
how to download birth certificate
birth certificate in greater noida
birth certificate agent in delhi
Birth certificate in delhi
Programming is my favorite subject. good blog with so much information.
ReplyDeleteToppersmind
your post is very informative english speaking course greater noida
ReplyDeletePrestige Park Grove is a futuristic pre-launch residential project in Whitefield, East Bangalore. Amenities: Play Area, Swimming pool, Community Hall and many more.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteI love the podcasts available on this site.
ReplyDelete