Spring Security customized login from database


 

Spring Security customized login from database

In this section, you will learn how to secure URL access using customized login where password stored in database table.

In this section, you will learn how to secure URL access using customized login where password stored in database table.

Spring Security customized login from database

In this section, you will learn how to secure URL access using customized login where password stored in database table.

EXAMPLE

In the below example, we have created a customized login page but the login is checked from the database table. We have added spring-datasource.xml, to configure database with the application.

The tools and technologies used in the below example is given below :

  • jdk1.6.0_18

  • apache-tomcat-6.0.29

  • Eclipse 3.5.1

  • Spring 3.0.5.RELEASE

  • Spring Security 3.0.5.RELEASE

The project structure and jar files used are given below :

The query used to create the database table logins is given below :

CREATE TABLE `logins` ( 
`LOGIN_ID` int(10) unsigned NOT NULL, 
`USERNAME` varchar(45) NOT NULL, 
`PASSWORD` varchar(45) NOT NULL, 
`ENABLED` tinyint(1) NOT NULL, 
PRIMARY KEY (`LOGIN_ID`) 
) ENGINE=InnoDB DEFAULT CHARSET=latin1

We need the following record  in our example :

The query used to create the database table roles is given below :

CREATE TABLE `roles` ( 
`ROLE_ID` int(10) unsigned NOT NULL, 
`LOGIN_ID` int(10) unsigned NOT NULL, 
`ROLE` varchar(45) NOT NULL, 
PRIMARY KEY (`ROLE_ID`), 
KEY `FK_roles` (`LOGIN_ID`), 
CONSTRAINT `FK_roles` FOREIGN KEY (`LOGIN_ID`) REFERENCES `logins` (`LOGIN_ID`) 
) ENGINE=InnoDB DEFAULT CHARSET=latin1

We need the following record  in our example :

CODES

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>SpringSecurityLoginFrmDB</display-name>
<!-- Spring MVC -->
<servlet>
<servlet-name>Dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>

<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/Dispatcher-servlet.xml,
/WEB-INF/spring-datasource.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>

<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

</web-app>

Dispatcher-servlet.xml

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context 
http://www.springframework.org/schema/context/spring-context-3.0.xsd">

<context:component-scan base-package="net.roseindia" />

<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/views/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>

<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>LoginMsg</value>
</list>
</property>
</bean>

</beans>

spring-security.xml

In spring-security.xml, we have added <jdbc-user-service> tag .. The data-source-ref of <jdbc-user-service> tag is used to refer to the "dataSource" bean used in spring-datasource.xml to configure the database table. Authentication manager uses the added SQL query to <jdbc-user-service> tag  to check the authority and login credential from the database table.

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

<http auto-config="true">
<intercept-url pattern="/index*" access="ROLE_USER" />
<form-login login-page="/login" default-target-url="/index"
authentication-failure-url="/failLogin" />
<logout logout-success-url="/logoff" />
</http>

<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password, enabled from logins where username=?"
authorities-by-username-query="select l.username, r.role from logins l, roles r where l.login_id = r.login_id and l.username =? " />
</authentication-provider>
</authentication-manager>

</beans:beans>

spring-datasource.xml

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">

<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">

<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://192.168.10.13:3306/anky" />
<property name="username" value="root" />
<property name="password" value="root" />
</bean>

</beans>

ProjectController.java

package net.roseindia;

import java.security.Principal;

import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
public class ProjectController {
@RequestMapping(value = "/index", method = RequestMethod.GET)
public String printMessage(ModelMap model, Principal principal) {

String username = principal.getName();
model.addAttribute("user", username);
model.addAttribute("msg", "Spring Security Custom Login Form");
return "welcome";

}

@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(ModelMap model) {

return "login";

}

@RequestMapping(value = "/failLogin", method = RequestMethod.GET)
public String failedLogin(ModelMap model) {

model.addAttribute("error", "true");
return "login";

}

@RequestMapping(value = "/logoff", method = RequestMethod.GET)
public String logoff(ModelMap model) {

return "login";

}
}

login.jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login Page</title>
<style>
.errorblock {
color: #ff0000;
background-color: #ffEEEE;
border: 3px solid #ff0000;
padding: 8px;
margin: 16px;
}
</style>
</head>
<body onload='document.f.j_username.focus();'>
<h3>Login with Username and Password (Custom Page)</h3>

<c:if test="${not empty error}">
<div class="errorblock">
Login error : Please try again.<br />Root Cause:
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>
</c:if>

<form name='f' action="<c:url value='j_spring_security_check' />"
method='POST'>

<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
<tr>
<td colspan='2'><input name="reset" type="reset" />
</td>
</tr>
</table>

</form>
</body>
</html>

welcome.jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
<h3>${msg}</h3> 
<h3>Username : ${user}</h3> 

<a href="<c:url value="/j_spring_security_logout" />" > Logoff</a>

</body>
</html>

LoginMsg.properties


AbstractUserDetailsAuthenticationProvider.badCredentials=Wrong username\ /\ password

OUTPUT

Call the following URL :

http://localhost:9090/SpringSecurityLoginFrmDB/index

If login is correct, the following page will appear to you :

If login is incorrect, you will get the following error :

Download Source Code

Ads