Topics Covered
1) Spring MVC basic wiring using annotation
2) Integrate Spring Security for login page.
3) How to use message bundle.
4) How to encrypt password instead of plain full text.
5) How to use multiple Controllers for each jsp. (ex: HelloWorldController.java will listen to hello.jsp )
6) How to use same controller for different form actions (ex LoginController.java will listen to login.jsp)
In this example, show you how to create a Spring @MVC annotation-based hello world example
1)AbstractController or SimpleFormController no longer needed to extend, just simply annotate the class with a @Controller annotation
2) No more declaration for the handler mapping like BeanNameUrlHandlerMapping, ControllerClassNameHandlerMapping or SimpleUrlHandlerMapping, all are replaced with a standard @RequestMapping annotation.
Maven Respository pom.xml
File: LoginController.java
This controller is defined as multi actions controller. Based on URI methods will be invoked.
In this case, if an URI pattern “/login” is requested, it will map to login() method.
We can also define entire controller for a single URI or single action. For this @RequestMapping is applied at class level and at method level @RequestMapping(method = RequestMethod.GET) to indicate which method to handle the mapping request.
Integrate Spring in our Web application
for this we have to modify web.xml
File: web.xml
ContextLoaderListener:
SpringSecurityFilterChain
The 'springSecurityFilterChain' filter needs to be configured to intercept all URLs so Spring Security can control access to them.
In the above web.xml ContextConfigLocation is referring to 2 xmls.
1) springDispatcher-Servlet.xml 2) spring-Security.xml
Below are the xmls.
File: springDispatcher-Servlet.xml
1) Spring MVC basic wiring using annotation
2) Integrate Spring Security for login page.
3) How to use message bundle.
4) How to encrypt password instead of plain full text.
5) How to use multiple Controllers for each jsp. (ex: HelloWorldController.java will listen to hello.jsp )
6) How to use same controller for different form actions (ex LoginController.java will listen to login.jsp)
In this example, show you how to create a Spring @MVC annotation-based hello world example
1)AbstractController or SimpleFormController no longer needed to extend, just simply annotate the class with a @Controller annotation
2) No more declaration for the handler mapping like BeanNameUrlHandlerMapping, ControllerClassNameHandlerMapping or SimpleUrlHandlerMapping, all are replaced with a standard @RequestMapping annotation.
Maven Respository pom.xml
File: LoginController.java
This controller is defined as multi actions controller. Based on URI methods will be invoked.
In this case, if an URI pattern “/login” is requested, it will map to login() method.
We can also define entire controller for a single URI or single action. For this @RequestMapping is applied at class level and at method level @RequestMapping(method = RequestMethod.GET) to indicate which method to handle the mapping request.
Integrate Spring in our Web application
for this we have to modify web.xml
File: web.xml
DispatcherServlet looks for [servlet-name]-servlet.xml in the WEB-INF directory of your web application.
So here springDispatcher-servlet.xml holds MVC related metadata into it.ContextLoaderListener:
1.ContextLoaderListener is defined if you want to have multiple configuraton xmls. Otherwise you can define in Dispatcher Servlet as init-param
2.So You can provide additional configuration files through this root web application context using ContextLoaderListener listener that comes with Spring MVC.
3.listener looks for /WEB-INF/applicationContext.xml by default, but you want to override it using the context parameter contextConfigLocation as shown above. SpringSecurityFilterChain
The 'springSecurityFilterChain' filter needs to be configured to intercept all URLs so Spring Security can control access to them.
In the above web.xml ContextConfigLocation is referring to 2 xmls.
1) springDispatcher-Servlet.xml 2) spring-Security.xml
Below are the xmls.
File: springDispatcher-Servlet.xml
After the controller has returned, DispatcherServlet looks for a view resolver to resolve the view name that it got from the ModelAndView object. You will use InternalResourceViewResolver for resolving view names to JSP.
What this resolver does is take the view name, prepend the prefix and append the suffix, and look for a resource with the produced name.
File: spring-Security.xml
- login-page=”/login” – The login form will be “/login”
- default-target-url=”/welcome” – If authentication success, forward to “/welcome”
- authentication-failure-url=”/loginfailed” – If authentication failed, forward to “/loginfailed”
- logout-success-url=”/logout” – If logout , forward to “/logout”
Error Messages
In Spring Security, when authentication is failed, following predefined error messages will be displayed :
Spring display : Bad credentials
Default Spring’s error message is not user friendly enough. We can override error message and display custome
messgaes.
Spring Security stores messages in "messages.properties" inside "spring-security-core.jar".To override it,find which key generate what error message in spring security message.properties file, and redefine it with your own properties file.Create a new properties file, put it on project classpath, and override the Spring’s "key" with your custom error message.
In this case, just override "AbstractUserDetailsAuthenticationProvider.badCredentials".
File : mymessages.properties
AbstractUserDetailsAuthenticationProvider.badCredentials=Invalid username or password
To load above properties file, define ResourceBundleMessageSource in Spring bean configuration file.
This is define in above springDispatcher-Servlet.xml
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>mymessages</value>
</list>
</property>
</bean>
<property name="basenames">
<list>
<value>mymessages</value>
</list>
</property>
</bean>
JSP ViewsIn custom login form, you have to follow Spring Security standard name :
1.j_spring_security_check - Login service
2.j_spring_security_logout - Logout service
3.j_username - Username
4.j_password - Password
2.j_spring_security_logout - Logout service
3.j_username - Username
4.j_password - Password
To display authentication error messages, use this :
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
File : login.jsp
File : hello.jspOutputThe flow is like this. 1) Login.jsp after successfully login spring-Security.xml will take to /welcome. 2) LogingController.java has /welcome method for URI. 3) /welcome method in Controller take to hello.jsp with username as message. (see LoginController.java) 4) see hello.jsp below screen
controller as shown below.
forward request to HelloWorldThirdPage.jsp.
Image: HellowWorldThirdPage.jsp
To Access source code. Please click below link
https://bitbucket.org/nkancharla/javaexamples/src/5f8c707a30cd741f5c282fd855b9b6dfb6ead820/SpringSecurity1?at=master
No comments:
Post a Comment