Spring Security basics : How to configure your first security-config.xml

To get up and running with basic Spring Security your application needs a entry in the web.xml and  security-config.xml.
So lets have a look at the configuration needed to enable Spring Security in your application and what they really mean.
Step 1:
The first entry you need to make is in the web.xml
Spring Security web xml configuration
Spring Security web xml configuration
From Spring’s documentation “This provides a hook into the Spring Security web infrastructure.DelegatingFilterProxyis a Spring Framework class which delegates to a filter implementation which is defined as a Spring bean in your application context. In this case, the bean is named springSecurityFilterChain, which is an internal infrastructure bean created by the namespace to handle web security.”
Step 2:
Create security-config.xml, all the spring security setting will be configured using this file.
security config xml XSD config
security config xml XSD config Note the security namespace and schema location
Step 3: Use auto-config, this configuration actually adds quite a few services to the application because we have used the auto-config attribute. For example, form-based login processing is automatically enabled.
auto config configuration
auto config configuration
Step 4: Configure URl’s for security based on User roles
Secure Urls for access based on User Roles
Secure Urls for access based on User Roles
Step 5: Add some mock users to check/test the login form user authentication.
Mock User configuration for Login Form test
Mock User configuration for Login Form test
Thats all you require to get basic security for you application, try it with the mock user credentials.


Basic Authentication Login Page using Spring Security
Basic Authentication Login Page using Spring Security

Comments

Post a Comment

Popular posts from this blog

Java Interview : Threads

Java came up with multi threading long time back, still the kind of response it invokes when this topic raises its head during interviews is not very encouraging. If you have attended an java interview, a couple of suppose to be very smart guys also know as lead developers will shower you with questions on multi threading, grilling you down to make sure what you are talking about, even asking you to write fork-join snippets to solve hadoop use cases. But if you are hired and you write a piece code using executor framework, you will be seen with suspicion generally reserved for people with casual shoes at cocktail parties. So here is post to start out thinking about threads. So a path of execution in java is known as a thread, appropriately an instance of Thread class. The main method runs in its own thread and starts up the program execution. If you implement the Runnable interface, you can run in a thread of you own. The Runnable interface has a run() method you implement your...
Read more

Spring Framework Interview Notes : Part Two Wiring

Image
The Spring container is the guy responsible to get the train moving when working with the Spring framework.  The dependency magic gets the things working by somehow getting all the stuff up and running. Now somehow we need to indicate to the spring container as to where and how to “wire” these beans. Remember these beans are also known as components. Components combine to form the structure and thus make the functionality. The concept of component scanning or component finding comes into the picture, literally searching the applications to find the beans required to create these beans. @ComponentScan is the annotation used by giving the the base packages where these components are defined using annotation or xml . Spring Framework Interview Wiring You can also use Autowiring with its attributes, which finds the beans by-name or by-type and injects them appropriately. @Component, @ComponentScan, @Autowired, @Named,  @Bean  with requires and quali...
Read more

Card Dealer In Java in Less than 5 minutes

Image
Code: package design; import java.util.Collections; import java.util.Stack; public class CardDealer { private int totalPlayers; private static Stack<Card> deck; CardDealer(int players){ totalPlayers=players; deck =  Deck.getCardDeck(); } public static void main(String[] args) { CardDealer cardDealer = new CardDealer(5); cardDealer.dealCards(); } public void dealCards(){ int cardsToPlayer = deck.size()/totalPlayers; for(int i=0;i<cardsToPlayer;i++){ for(int j=1;j<=totalPlayers;j++){ System.out.println("Player:"+j+ " gets "+deck.pop()); } } } private int getPlayers() { return totalPlayers; } }  class Deck{ static Stack<Card> deck = new Stack<Card>(); static Deck d=null; static { d = new Deck(); } public static Stack<Card> getCardDeck(){ return deck; } private Deck(){ populateDeckWithcards(); shuffle(); } pr...
Read more