Spring Security HTTP basic authentication


 

Spring Security HTTP basic authentication

In this section, you will learn about the HTTP basic authentication in Spring Security.

In this section, you will learn about the HTTP basic authentication in Spring Security.

Spring Security HTTP basic authentication

In this section, you will learn about the HTTP basic authentication in Spring Security.

You can configure HTTP basic authentication in spring-security.xml as follows :

<!--Spring Security HTTP basic authentication configuration-->
<http>
	<intercept-url pattern="/index*" access="ROLE_USER" />
	<http-basic />
</http>

This configuration will display a login dialog box for user authentication as follows :

http://localhost:9090/SpringSecurityHTTPBasicAuthentication/index 

When you try to access the above URL, the following page will appear :

 

When you provide correct login credential (User Name : admin, Password : roseindia), the following page will appear :

 

CODE

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>SpringSecurityHTTPBasicAuthentication</display-name>
<!-- Spring MVC -->
<servlet>
<servlet-name>Dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>

<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/Dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>

<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

</web-app>

Dispatcher-servlet.xml

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context 
http://www.springframework.org/schema/context/spring-context-3.0.xsd">

<context:component-scan base-package="net.roseindia" />

<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/views/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>

<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>LoginMsg</value>
</list>
</property>
</bean>

</beans>

spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

<!--Spring Security HTTP basic authentication configuration-->
<http>
<intercept-url pattern="/index*" access="ROLE_USER" />
<http-basic />
</http>

<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="roseindia" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>

</beans:beans>

ProjectController.java

package net.roseindia;

import java.security.Principal;

import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
public class ProjectController {
@RequestMapping(value = "/index", method = RequestMethod.GET)
public String printMessage(ModelMap model, Principal principal) {

String username = principal.getName();
model.addAttribute("user", username);
model.addAttribute("msg", "Spring Security Custom Login Form");
return "welcome";

}

@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(ModelMap model) {

return "login";

}

@RequestMapping(value = "/failLogin", method = RequestMethod.GET)
public String failedLogin(ModelMap model) {

model.addAttribute("error", "true");
return "login";

}

@RequestMapping(value = "/logoff", method = RequestMethod.GET)
public String logoff(ModelMap model) {

return "login";
}
}

LoginMsg.properties

AbstractUserDetailsAuthenticationProvider.badCredentials=Wrong username\ /\ password

welcome.jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
<h3>${msg}</h3> 
<h3>Username : ${user}</h3>
</body>
</html>

Download Source Code

Ads