mardi 15 avril 2014

Spring security authentication

In this tutorial we'll learn how to secure a web application using spring security with users stored on a database

P.S In this example, we are using MySQL database and deploy to Tomcat 7 web container.

1. Database Script
script to create the user table on the database.
CREATE TABLE `user` 
  ( 
     `userid`   BIGINT(20) UNSIGNED NOT NULL auto_increment,
     `login`    VARCHAR(50) NOT NULL,
     `password` VARCHAR(50) NOT NULL,
     `role`     VARCHAR(50) NOT NULL, 
     `enabled`     TINYINT(1) NOT NULL, 
     PRIMARY KEY (`userid`)
  ) engine=innodb auto_increment=17 DEFAULT charset=utf8;
INSERT INTO `user`(`userid`, `login`, `password`, `role`, `enabled`)

VALUES      (1, 'raouf', 'raouf', 'user', 1);


2. Project structure










3. Datasource configuration : 
application-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
   http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
   <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource">
      <property name="user" value="root" />
      <property name="driverClass" value="org.gjt.mm.mysql.Driver"/>
      <property name="jdbcUrl" value="jdbc:mysql://localhost/tutorial" />
      <property name="password" value="root" />
   </bean>
</beans>
4. Security configuration : 
we'll secure our web application so only logged users can access on our resources.
spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
   xmlns:beans="http://www.springframework.org/schema/beans" 
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
   xmlns:security="http://www.springframework.org/schema/security"
   xmlns:sec="http://www.springframework.org/schema/security"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
   http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
   http://www.springframework.org/schema/security
   http://www.springframework.org/schema/security/spring-security.xsd">
   <sec:http auto-config="true" use-expressions="true">
      <sec:intercept-url pattern="/login.html" access="permitAll" />
      <sec:intercept-url pattern="/*" access="hasRole('user')"/>
      <sec:session-management invalid-session-url="/login.html" />
      <sec:form-login login-page="/login.html"/>
      <sec:logout
         invalidate-session="true"
         delete-cookies="JSESSIONID,SPRING_SECURITY_REMEMBER_ME_COOKIE"
         logout-success-url="/login.html"></sec:logout>
   </sec:http>
   <authentication-manager>
      <authentication-provider>
         <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query="
            select `login` as username, `password`, `enabled` 
            from `user` where login=?" 
            authorities-by-username-query="
            select `login` as username, `role` as authority from `user` where login =?" 
            />
      </authentication-provider>
   </authentication-manager>
</beans:beans>
5. Web Config :
here the code of the web config file
web.xml


6. Login page :
here the code of the login page
login.html
<!DOCTYPE html>
<html>
   <head>
      <meta charset="ISO-8859-1">
      <title>Login page</title>
   </head>
   <body>
      <h1>Authentication</h1>
      <br />
      <form name="login-form" action="j_spring_security_check" method="post">
         <input name="j_username" type="text" />
         <input name="j_password" type="password" />
         <input type="submit" name="submit" value="Connection" />
      </form>
   </body>
</html>
6. Welcome page :
here the code of the welcome page with the logout link
index.html
<html>
   <head>
      <title>Welcome</title>
   </head>
   <body>
      <h1>Welcome</h1>
      <a href="j_spring_security_logout">Logout</a>
   </body>
</html>
Publié par à
Libellés :

4 commentaires:

Inscription à : Publier les commentaires (Atom)