Spring Security

I have written about integrating Spring Security with Spring MVC earlier – https://javashine.wordpress.com/tag/spring-security/

Here is another step by step by instructions. This blog post assumes you already have a Spring MVC working in your workspace. This one uses annotation based configurations.

I have a simple test web application with two URLs.

/ (root URL)

/add_expense

While I’ll leave my / url unprotected, I want to secure /add_expense. Here is how we do it.

Adding Spring Security to Spring4 MVC

This is my project structure.

springmvc_spring_security

I wrote very simple MVC controller and it is working.

Add the following to Maven project dependencies.

<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.config.version}</version>
</dependency>

Under properties I’ve added this.

<spring.security.version>4.0.0.RELEASE</spring.security.version>

<spring.security.config.version>4.0.0.RELEASE</spring.security.config.version>

Following is the controller I’m going to secure. I’ll leave / open and protect /add_expense

springmvc_spring_security_1

Define a Spring security configuration. I have only one user admin.


package org.grassfield.gaja;


import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("password").roles("ADMIN");
}

@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/add**").access("hasRole('ROLE_ADMIN')")
.and().formLogin();
}
}

Initialize security filter chain.


package org.grassfield.gaja;

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SpringSecurityInitializer extends
AbstractSecurityWebApplicationInitializer {

}

Load the spring security to Spring MVC Application config. Check the highlighted path.

springmvc_spring_security_2

 

And finally load everything

package org.grassfield.gaja;

import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;

public class SpringMvcInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {

@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { ApplicationContextConfig.class };
}

@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}

@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}

Capture

 

Capture

 

Capture

Capture

Way to go!

And, finally, here is the pic of the day.

CYmwbxbUQAAWCGH.jpg large
Learning something is a time machine that can bring you back to your school days!

Happy Pongal.
Happy Sankaranti.Happy Utarayan.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s