Announcement Announcement Module
Collapse
No announcement yet.
new in spring mvc security Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • new in spring mvc security

    hi,
    i'm new in spring mvc ,i want to know more about spring security that we we can setup in a mvc application,
    the steps we had done is
    in web.xml file
    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
    /WEB-INF/applicationContext.xml
    /WEB-INF/applicationContext-security.xml
    </param-value>
    </context-param>
    <context-param>
    <param-name>defaultHtmlEscape</param-name>
    <param-value>true</param-value>
    </context-param>
    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFil terProxy</filter-class>
    </filter>

    <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>
    <listener>
    <listener-class>org.springframework.web.context.ContextLoade rListener</listener-class>
    </listener>
    <servlet>
    <servlet-name>dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherSe rvlet</servlet-class>
    <load-on-startup>2</load-on-startup>
    </servlet>
    <servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>*.htm</url-pattern>
    </servlet-mapping>
    <session-config>
    <session-timeout>
    30
    </session-timeout>
    </session-config>
    <listener>
    <listener-class>
    org.springframework.security.web.session.HttpSessi onEventPublisher
    </listener-class>
    </listener>
    <welcome-file-list>
    <welcome-file>redirect.jsp</welcome-file>
    </welcome-file-list>
    in jsp page
    redirect.jsp we will call a login.htm
    this will dispaly login.jsp
    in the login.jsp
    <form action="<c:url value='j_spring_security_check'/>" onsubmit="return validateForm();" method="post">
    <input type="text" id="j_username" name="j_username" maxlength="50" tabindex="1" />
    <input type="password" id="j_password" name="j_password" maxlength="30" tabindex="2" />
    <input type="submit" urtitle="Submit" class="submit" value="<spring:message code="img.login"/>" id="button" name="submit" tabindex="3"/>
    and call a class
    public class AuthenticationProcessingFilter extends UsernamePasswordAuthenticationFilter
    and if the values are correct then username and password is set to session
    return super.attemptAuthentication(request, response);
    and we had done a customauthentication handler,
    <beans:bean class="org.mycompany.filter.AuthenticationProcessi ngFilter" id="authenticationFilter">
    <beansroperty name="sessionAuthenticationStrategy" ref="sas"/>
    <beansroperty name="authenticationManager" ref="authenticationManager"/>
    <beansroperty name="authenticationSuccessHandler" ref="customAuthenticationSuccessHandler"/>
    <beansroperty name="authenticationFailureHandler" ref="customAuthenticationFailureHandler"/>
    </beans:bean>

    and all the roles we are externally mapped at this xml file,by that the role and user are selecting from


    and its working but i has lot doubts is this is the correct way to do spring security and what about spring authorisation and authentication,
    what about SSO intergration
    how can i do it with spring
    do any one has any good sample or good tutorial to begin spring security ,please help asap

  • #2
    1), use [code] tag, so that your code looks readable.
    2)You can access roles from any source(XML/DB/Properties/Static). Its depends on your requirements.
    3) Spring Supports CAS, You can use it.
    4)Samples you can get it from here, follow it.

    Comment

    Working...
    X