In this section, you will learn how to secure URL access using customized login where password stored in database table.
In this section, you will learn how to secure URL access using customized login where password stored in database table.In this section, you will learn how to secure URL access using customized login where password stored in database table.
In the below example, we have created a customized login page but the login is checked from the database table. We have added spring-datasource.xml, to configure database with the application.
The tools and technologies used in the below example is given below :
The project structure and jar files used are given below :
The query used to create the database table logins is given below :
CREATE TABLE `logins` ( `LOGIN_ID` int(10) unsigned NOT NULL, `USERNAME` varchar(45) NOT NULL, `PASSWORD` varchar(45) NOT NULL, `ENABLED` tinyint(1) NOT NULL, PRIMARY KEY (`LOGIN_ID`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1
We need the following record in our example :
The query used to create the database table roles is given below :
CREATE TABLE `roles` ( `ROLE_ID` int(10) unsigned NOT NULL, `LOGIN_ID` int(10) unsigned NOT NULL, `ROLE` varchar(45) NOT NULL, PRIMARY KEY (`ROLE_ID`), KEY `FK_roles` (`LOGIN_ID`), CONSTRAINT `FK_roles` FOREIGN KEY (`LOGIN_ID`) REFERENCES `logins` (`LOGIN_ID`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1
We need the following record in our example :
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>SpringSecurityLoginFrmDB</display-name> <!-- Spring MVC --> <servlet> <servlet-name>Dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>Dispatcher</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/Dispatcher-servlet.xml, /WEB-INF/spring-datasource.xml, /WEB-INF/spring-security.xml </param-value> </context-param> <!-- Spring Security --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
Dispatcher-servlet.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <context:component-scan base-package="net.roseindia" /> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix"> <value>/WEB-INF/views/</value> </property> <property name="suffix"> <value>.jsp</value> </property> </bean> <bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource"> <property name="basenames"> <list> <value>LoginMsg</value> </list> </property> </bean> </beans>
spring-security.xml
In spring-security.xml, we have added <jdbc-user-service> tag .. The data-source-ref of <jdbc-user-service> tag is used to refer to the "dataSource" bean used in spring-datasource.xml to configure the database table. Authentication manager uses the added SQL query to <jdbc-user-service> tag to check the authority and login credential from the database table.
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd"> <http auto-config="true"> <intercept-url pattern="/index*" access="ROLE_USER" /> <form-login login-page="/login" default-target-url="/index" authentication-failure-url="/failLogin" /> <logout logout-success-url="/logoff" /> </http> <authentication-manager> <authentication-provider> <jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username,password, enabled from logins where username=?" authorities-by-username-query="select l.username, r.role from logins l, roles r where l.login_id = r.login_id and l.username =? " /> </authentication-provider> </authentication-manager> </beans:beans>
spring-datasource.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="com.mysql.jdbc.Driver" /> <property name="url" value="jdbc:mysql://192.168.10.13:3306/anky" /> <property name="username" value="root" /> <property name="password" value="root" /> </bean> </beans>
ProjectController.java
package net.roseindia; import java.security.Principal; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @Controller public class ProjectController { @RequestMapping(value = "/index", method = RequestMethod.GET) public String printMessage(ModelMap model, Principal principal) { String username = principal.getName(); model.addAttribute("user", username); model.addAttribute("msg", "Spring Security Custom Login Form"); return "welcome"; } @RequestMapping(value = "/login", method = RequestMethod.GET) public String login(ModelMap model) { return "login"; } @RequestMapping(value = "/failLogin", method = RequestMethod.GET) public String failedLogin(ModelMap model) { model.addAttribute("error", "true"); return "login"; } @RequestMapping(value = "/logoff", method = RequestMethod.GET) public String logoff(ModelMap model) { return "login"; } }
login.jsp
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <html> <head> <title>Login Page</title> <style> .errorblock { color: #ff0000; background-color: #ffEEEE; border: 3px solid #ff0000; padding: 8px; margin: 16px; } </style> </head> <body onload='document.f.j_username.focus();'> <h3>Login with Username and Password (Custom Page)</h3> <c:if test="${not empty error}"> <div class="errorblock"> Login error : Please try again.<br />Root Cause: ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message} </div> </c:if> <form name='f' action="<c:url value='j_spring_security_check' />" method='POST'> <table> <tr> <td>User:</td> <td><input type='text' name='j_username' value=''> </td> </tr> <tr> <td>Password:</td> <td><input type='password' name='j_password' /> </td> </tr> <tr> <td colspan='2'><input name="submit" type="submit" value="submit" /> </td> </tr> <tr> <td colspan='2'><input name="reset" type="reset" /> </td> </tr> </table> </form> </body> </html>
welcome.jsp
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <html> <body> <h3>${msg}</h3> <h3>Username : ${user}</h3> <a href="<c:url value="/j_spring_security_logout" />" > Logoff</a> </body> </html>
LoginMsg.properties
AbstractUserDetailsAuthenticationProvider.badCredentials=Wrong username\ /\ password
Call the following URL :
http://localhost:9090/SpringSecurityLoginFrmDB/index
If login is correct, the following page will appear to you :
If login is incorrect, you will get the following error :