In this section, you will learn Spring Security custom login form to secure URL access in web application.
In this section, you will learn Spring Security custom login form to secure URL access in web application.In this section, you will learn Spring Security custom login form to secure URL access in web application.
In the previous example(click here), you have learn to secure URL access through auto generated Login form using Spring Security.
In this section, you will learn to secure URL access but the Login form is not auto generated, it is designed and developed by us. This Login form is used for authentication of the user to secure URL access.
The tools and technology used in this tutorial are given below :
Sometimes you need to secure your page from unauthorized access. In the below example, we will ensure secure URL access by providing custom Login form . User need to provide correct login credential to view the page.
Using Servlet filters, Spring Security catch the incoming HTTP request and enforce security checking by providing custom Login form.
The project hierarchy and jar file used in the example is given below :
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>SpringSecurityCustomLoginForm</display-name> <!-- Spring MVC --> <servlet> <servlet-name>Dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>Dispatcher</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/Dispatcher-servlet.xml, /WEB-INF/spring-security.xml </param-value> </context-param> <!-- Spring Security --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
spring-security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd"> <http auto-config="true"> <intercept-url pattern="/index*" access="ROLE_USER" /> <form-login login-page="/login" default-target-url="/index" authentication-failure-url="/failLogin" /> <logout logout-success-url="/logoff" /> </http> <authentication-manager> <authentication-provider> <user-service> <user name="admin" password="roseindia" authorities="ROLE_USER" /> </user-service> </authentication-provider> </authentication-manager> </beans:beans>
Dispatcher-servlet.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <context:component-scan base-package="net.roseindia" /> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix"> <value>/WEB-INF/views/</value> </property> <property name="suffix"> <value>.jsp</value> </property> </bean> <bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource"> <property name="basenames"> <list> <value>LoginMsg</value> </list> </property> </bean> </beans>
ProjectController.java
package net.roseindia; import java.security.Principal; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @Controller public class ProjectController { @RequestMapping(value = "/index", method = RequestMethod.GET) public String printMessage(ModelMap model, Principal principal) { String username = principal.getName(); model.addAttribute("user", username); model.addAttribute("msg", "Spring Security Custom Login Form"); return "welcome"; } @RequestMapping(value = "/login", method = RequestMethod.GET) public String login(ModelMap model) { return "login"; } @RequestMapping(value = "/failLogin", method = RequestMethod.GET) public String failedLogin(ModelMap model) { model.addAttribute("error", "true"); return "login"; } @RequestMapping(value = "/logoff", method = RequestMethod.GET) public String logoff(ModelMap model) { return "login"; } }
LoginMsg.properties
AbstractUserDetailsAuthenticationProvider.badCredentials=Wrong username\ /\ password
login.jsp
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <html> <head> <title>Login Page</title> <style> .errorblock { color: #ff0000; background-color: #ffEEEE; border: 3px solid #ff0000; padding: 8px; margin: 16px; } </style> </head> <body onload='document.f.j_username.focus();'> <h3>Login with Username and Password (Custom Page)</h3> <c:if test="${not empty error}"> <div class="errorblock"> Login error : Please try again.<br />Root Cause: ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message} </div> </c:if> <form name='f' action="<c:url value='j_spring_security_check' />" method='POST'> <table> <tr> <td>User:</td> <td><input type='text' name='j_username' value=''> </td> </tr> <tr> <td>Password:</td> <td><input type='password' name='j_password' /> </td> </tr> <tr> <td colspan='2'><input name="submit" type="submit" value="submit" /> </td> </tr> <tr> <td colspan='2'><input name="reset" type="reset" /> </td> </tr> </table> </form> </body> </html>
welcome.jsp
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <html> <body> <h3>${msg}</h3> <h3>Username : ${user}</h3> <a href="<c:url value="/j_spring_security_logout" />" > Logoff</a> </body> </html>
When you try to access the following URL :
http://localhost:9090/SpringSecurityCustomLoginForm/index
It will redirect you to the following URL and the below page will appear :
http://localhost:9090/SpringSecurityCustomLoginForm/login
If your login credential are incorrect, following page will appear :
If your login credential are correct, following page will appear :
When you logoff, it will redirect you to the below page :