Spring Security Hello World Example - Login & Logout with Spring Security

In this particular blog we will talk about a very useful feature of Spring i.e. Spring Security. It enables the developer to integrate security features easily and in a managed way. Spring security captures all incoming http requests by applying servlet filters and route them according to user defined security configurations. In this blog we will show you how to implement spring security in a spring MVC application. We will make all incoming requests starting from /home* to undergo a login process if the user is not logged in already.


Spring Security Dependencies

To implement spring security we need three jars mainly, 'spring-security-core', 'spring-security-web' & 'spring-security-config'.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">  
 <modelVersion>4.0.0</modelVersion>  
 <groupId>com.beingjavaguys.sample</groupId>  
 <artifactId>SpringSecurityExample</artifactId>  
 <packaging>war</packaging>  
 <version>1.0-SNAPSHOT</version>  
 <name>SpringSecurityExample Maven Webapp</name>  
 <url>http://maven.apache.org</url>  
 <properties>  
  <spring.version>3.2.4.RELEASE</spring.version>  
  <security.version>3.1.4.RELEASE</security.version>  
  <jdk.version>1.6</jdk.version>  
 </properties>  
  
 <dependencies>  
  
  <!-- Spring 3 -->  
  <dependency>  
   <groupId>org.springframework</groupId>  
   <artifactId>spring-core</artifactId>  
   <version>${spring.version}</version>  
  </dependency>  
  
  <dependency>  
   <groupId>org.springframework</groupId>  
   <artifactId>spring-web</artifactId>  
   <version>${spring.version}</version>  
  </dependency>  
  
  <dependency>  
   <groupId>org.springframework</groupId>  
   <artifactId>spring-webmvc</artifactId>  
   <version>${spring.version}</version>  
  </dependency>  
  
  <!-- Spring Security -->  
  <dependency>  
   <groupId>org.springframework.security</groupId>  
   <artifactId>spring-security-core</artifactId>  
   <version>${security.version}</version>  
  </dependency>  
  
  <dependency>  
   <groupId>org.springframework.security</groupId>  
   <artifactId>spring-security-web</artifactId>  
   <version>${security.version}</version>  
  </dependency>  
  
  <dependency>  
   <groupId>org.springframework.security</groupId>  
   <artifactId>spring-security-config</artifactId>  
   <version>${security.version}</version>  
  </dependency>  
  
  <dependency>  
   <groupId>jstl</groupId>  
   <artifactId>jstl</artifactId>  
   <version>1.2</version>  
  </dependency>  
  
  
 </dependencies>  
  
 <build>  
  <finalName>SpringSecurityExample</finalName>  
  <plugins>  
   <plugin>  
    <groupId>org.apache.tomcat.maven</groupId>  
    <artifactId>tomcat7-maven-plugin</artifactId>  
    <version>2.1</version>  
    <configuration>  
     <url>http://localhost:8080/manager/text</url>  
     <server>my-tomcat</server>  
     <path>/SpringSecurityExample</path>  
    </configuration>  
   </plugin>  
   <plugin>  
    <groupId>org.apache.maven.plugins</groupId>  
    <artifactId>maven-compiler-plugin</artifactId>  
    <version>3.0</version>  
    <configuration>  
     <source>${jdk.version}</source>  
     <target>${jdk.version}</target>  
    </configuration>  
   </plugin>  
  </plugins>  
 </build>  
</project> 
   


\src\main\webapp\WEB-INF\web.xml

We need to add some security configuration here in web.xml. We need to add spring-security filter chain here to tell the container about security settings and configurations.
<web-app id="WebApp_ID" version="2.4"  
 xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
 xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee   
 http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">  
  
 <display-name>Spring MVC Application</display-name>  
  
 <!-- Spring MVC -->  
 <servlet>  
  <servlet-name>mvc-dispatcher</servlet-name>  
  <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>  
  <load-on-startup>1</load-on-startup>  
 </servlet>  
 <servlet-mapping>  
  <servlet-name>mvc-dispatcher</servlet-name>  
  <url-pattern>/</url-pattern>  
 </servlet-mapping>  
  
 <listener>  
  <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>  
 </listener>  
  
 <context-param>  
  <param-name>contextConfigLocation</param-name>  
  <param-value>  
   /WEB-INF/mvc-dispatcher-servlet.xml,  
   /WEB-INF/spring-security.xml  
  </param-value>  
 </context-param>  
  
 <!-- Spring Security -->  
 <filter>  
  <filter-name>springSecurityFilterChain</filter-name>  
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
 </filter>  
  
 <filter-mapping>  
  <filter-name>springSecurityFilterChain</filter-name>  
  <url-pattern>/*</url-pattern>  
 </filter-mapping>  
  
</web-app>  


\src\main\webapp\WEB-INF\mvc-dispatcher-servlet.xml

This is a simple spring-dispatcher, we have added a view resolver here and a component scan attribute to scan application controllers.
<beans xmlns="http://www.springframework.org/schema/beans"  
 xmlns:context="http://www.springframework.org/schema/context"  
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
 xsi:schemaLocation="  
        http://www.springframework.org/schema/beans       
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd  
        http://www.springframework.org/schema/context   
        http://www.springframework.org/schema/context/spring-context-3.0.xsd">  
  
 <context:component-scan base-package="com.beingjavaguys.controller" />  
  
 <bean  
  class="org.springframework.web.servlet.view.InternalResourceViewResolver">  
  <property name="prefix">  
   <value>/WEB-INF/pages/</value>  
  </property>  
  <property name="suffix">  
   <value>.jsp</value>  
  </property>  
 </bean>  


\src\main\webapp\WEB-INF\spring-security.xml

This is so called spring-security configuration file to specify login details and security url's to check for login.
<beans:beans xmlns="http://www.springframework.org/schema/security"  
 xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
 xsi:schemaLocation="http://www.springframework.org/schema/beans  
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd  
           http://www.springframework.org/schema/security  
           http://www.springframework.org/schema/security/spring-security.xsd">  
  
 <http auto-config="true">  
  <intercept-url pattern="/home*" access="ROLE_ADMIN" />  
 </http>  
  
 <authentication-manager>  
  <authentication-provider>  
   <user-service>  
    <user name="nagesh" password="chauhan@123" authorities="ROLE_ADMIN" />  
   </user-service>  
  </authentication-provider>  
 </authentication-manager>  
  
</beans:beans>  


\src\main\java\com\beingjavaguys\controller\HomeController.java

This is simple spring controller having a single request mapping, after a success to the request the method will open a jsp view along with a sended message.
package com.beingjavaguys.controller;  
  
import org.springframework.stereotype.Controller;  
import org.springframework.web.bind.annotation.RequestMapping;  
import org.springframework.web.servlet.ModelAndView;  
  
@Controller  
public class HomeController {  
  
 @RequestMapping("/home")  
 public ModelAndView getHome() {  
  String string = "Congrats ! You are done with your first Spring Security configuration !";  
  return new ModelAndView("home", "string", string);  
 }  


\src\main\webapp\index.jsp

We have routed the flow to '/home' so that the login implementation with spring security can be demonstrated.
<%response.sendRedirect("home");%>  
<html>  
<body>  
<h2>Hello World!</h2>  
</body>  
</html>


\src\main\webapp\WEB-INF\pages\home.jsp

And finally it comes to logout part, 'j_spring_security_logout' just click on this and logged in user will be logeed out on the fly.
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>  
<html>  
<head>  
<title>Being Java Guys | Hello World</title>  
</head>  
<body>  
  
 <center>  
  <h2>Being Java Guys | Hello World</h2>  
  <h4>${string}</h4>  
  <h2>  
   Click To | <a href="<c:url value="j_spring_security_logout" />">  
    Logout</a>  
  </h2>  
 </center>  
</body>  

If everything goes right you will see following screens:





In this particular blog we came across 'Spring Security Hello World Example - Login & Logout with Spring Security'. In upcoming blogs we will see more about spring and Other Implementations in Java.

Download "Spring Security Hello World Example" from "SkyDrive"