Friday, January 13, 2012

Spring Security 3.1 - Implement UserDetailsService with Spring Data JPA (Part 4)

Review

In the previous section, we have created the configuration files and discussed them accordingly. In this section, we will focus on the view layer, in particular the HTML files.


HTML Files

After the configuration files, we'll now move to the HTML files. Actually, we'll be editing JSP files instead.

Login Page

The login page can be designed in any way you like. But there areimportant points to remember. Here they are:
  • Use POST not GET!
  • Use j_spring_security_check for the action value. You may have to modify the action value depending on your URL mapping structure, i.e. it could be ../j_spring_security_check or ../../j_spring_security_check in certain cases.
  • Use j_username for the username input
  • Use j_password for the password input

Here's our complete login.jsp source:


Menu Page

The menu page needs extra configuration because we're required to display all links to admin users but regular users can only see non-admin pages. Particularly, the "Admin" link must be secured.

If you examine carefully the spring-security.xml configuration file, we've already marked the /admin url to be accessible to admins only. But why do we need to secure it again in the menu page? That's because the declaration in spring-security.xml only secures the URL but it doesn't hide the HTML link. To hide and secure the link, we must manually declare it.


User's view


Admin's view

To hide a section of HTML (i.e. a link), follow these steps:
  • Add the following line in the top section of your JSP page (Make sure to edit the role accordingly):
  • Add the following lines to whatever HTML section you need to secure:

Here's our complete menu.jsp source:


Next

In the next section, we will build and run the application using Maven, and show how to import the project in Eclipse. Click here to proceed.
StumpleUpon DiggIt! Del.icio.us Blinklist Yahoo Furl Technorati Simpy Spurl Reddit Google I'm reading: Spring Security 3.1 - Implement UserDetailsService with Spring Data JPA (Part 4) ~ Twitter FaceBook

Subscribe by reader Subscribe by email Share

8 comments:

  1. /* Excuse me for my english */
    First, I thank Mr. Krams for this very interesting tutorial. and i wonder if
    someone can help me by posting an updated pom.xml for this project, in fact there is some problems in the "goldin" dependency.
    thank you

    ReplyDelete
    Replies
    1. I know this is a very, very late reply. I have updated the project so that it uses maven-resources-plugin. See http://krams915.blogspot.com/2012/08/copy-maven-plugin-updates.html

      Delete
  2. Hi Krams I didn't get j_spring_security_check. Does it point to some webpage or some controller is invoked.???

    ReplyDelete
    Replies
    1. farooq, I suggest you enable DEBUG-level logging so you can verify what's happening behind the scenes. Did you change anything in the sample code?

      Delete
  3. Hello Krams,

    Is possible to get the user id at the JSP pages? Because I want to retrieve a few more informations about the user and it will be necessary to get the current user id. Thanks and best regard´s, I´m one of your online students...

    ReplyDelete
  4. Hi krams
    spring-data.xml no persistence unit with name HibernatePersistenceUnit found. Could anybody help?

    ReplyDelete
  5. I have Intelij Idea and Jboss

    ReplyDelete
  6. I have read your blog its very attractive and impressive. I like it your blog.

    Spring online training Spring online training Spring Hibernate online training Spring Hibernate online training Java online training

    spring training in chennai spring hibernate training in chennai

    ReplyDelete