In last post I wrote about implementing a simple authentication and authorization code using filters to provide security to your web application.
Well, Spring security is there to make our life easier.
Lets take a very simple example of hello world application.
Simply create a new web application (in eclipse dynamic web application, cover to maven application to use maven).
Modify Web.xml
<servlet> <servlet-name>controlServlet</servlet-name> <servlet-class>com.spring.test.HelloWorld</servlet-class> </servlet> <servlet-mapping> <servlet-name>controlServlet</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping>
And create HelloWorld.java
package com.spring.test; import java.io.IOException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @WebServlet (urlPatterns ={"/hello" } ) public class HelloWorld extends HttpServlet { @Override public void doGet (HttpServletRequest request , HttpServletResponse response){ try { response.getWriter( ).write( "Hello World" ) ; } catch(IOException e) { e.printStackTrace( ) ; } } }
Only dependency added to maven
<dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.0.1</version> </dependency>
Build using maven and execute on any webserver. The /hello url will show a Hello World Message.
Lets add some security to this application now using Spring Security.
Tell your maven about Spring Jars
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>3.1.3.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>3.1.3.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>3.1.3.RELEASE</version> </dependency> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.1.1</version> </dependency>
Add to web.xml
<listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/spring-security.xml </param-value> </context-param> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
And create spring-security.xml inside WEB-INF
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <security:http auto-config="true"> <security:intercept-url pattern="/hello" access="ROLE_ADMIN" /> </security:http> <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user authorities="ROLE_ADMIN" name="kamal" password="kamal" /> <security:user authorities="ROLE_ADMIN" name="admin" password="admin" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> </beans>