Announcement Announcement Module
Collapse
No announcement yet.
Providing authentication using spring security Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Providing authentication using spring security

    Hi, i am breaking my head from past week. I am trying to give login page for spring-batch-admin which checks the credentials from spring-security file and authorizes the user and redirects him to spring-batch-admin page but that was not happening with me, login page was successfully created but after login admin page is not displayed..i will give the config files.

    security.xml file:
    ----------------------
    <code>

    <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schem...ring-beans.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">

    <!-- <beans:import resource="/dispatcher-servlet.xml" /> -->

    <http auto-config="true">
    <intercept-url pattern="/welcome" access="ROLE_USER" />
    <form-login login-page="/login" default-target-url="" />
    <logout logout-success-url="/logout" />

    </http>

    <authentication-manager>
    <authentication-provider>
    <user-service>
    <user name="admin" password="TsssEbates" authorities="ROLE_USER" />
    </user-service>
    </authentication-provider>
    </authentication-manager>

    </beans:beans>
    ======
    </code>

    now i provide my dispatcher serlvet file:

    <code>
    ===========
    <beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans
    http://www.springframework.org/schem...ring-beans.xsd
    http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context.xsd">



    <context:component-scan base-package="com.batchadmin.controllers" />
    <bean
    class="org.springframework.web.servlet.view.Intern alResourceViewResolver">
    <property name="prefix">
    <value>/WEB-INF/pages/</value>
    </property>
    <property name="suffix">
    <value>.jsp</value>
    </property>
    </bean>


    </beans>
    ==========
    </code>

    now web.xml file

    <code>
    =======
    <?xml version="1.0" encoding="ISO-8859-1"?>
    <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
    http://java.sun.com/xml/ns/j2ee
    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
    version="2.4">

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath*:/org/springframework/batch/admin/web/resources/webapp-config.xml
    /WEB-INF/dispatcher-servlet.xml
    /WEB-INF/spring-security.xml
    <!-- classpath*:/org/springframework/batch/admin/web/resources/servlet-config.xml -->
    </param-value>
    </context-param>

    <listener>
    <listener-class>org.springframework.web.context.ContextLoade rListener</listener-class>
    </listener>

    <filter>
    <filter-name>shallowEtagHeaderFilter</filter-name>
    <filter-class>org.springframework.web.filter.ShallowEtagHe aderFilter</filter-class>
    </filter>

    <filter>
    <filter-name>hiddenHttpMethodFilter</filter-name>
    <filter-class>org.springframework.web.filter.HiddenHttpMet hodFilter</filter-class>
    </filter>

    <filter-mapping>
    <filter-name>shallowEtagHeaderFilter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
    <filter-name>hiddenHttpMethodFilter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFil terProxy</filter-class>
    </filter>

    <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>


    <servlet>
    <servlet-name>dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherSe rvlet</servlet-class>
    <init-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath*:/org/springframework/batch/admin/web/resources/servlet-config.xml

    <!-- classpath*:META-INF/spring/batch/jobs/application-context.xml --></param-value>

    </init-param>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>/*</url-pattern>
    </servlet-mapping>
    </web-app>
    ===========
    </code>


    In web.xml the servlet-context file is taken from classpath directly at runtime and from that file admin page is displayed, when i keep this i dont get login form page, when i remove this i get login page and i dont get admin page after login..please do provide me some solution please..any one..i would be thankful to them.

  • #2
    What happens when you specify the default-target-url? Please note the highlighted part,

    Code:
    <http auto-config="true">
    <intercept-url pattern="/welcome" access="ROLE_USER" />
    <form-login login-page="/login" default-target-url="/welcome" />
    <logout logout-success-url="/logout" />

    Comment


    • #3
      yes that is fine but when i hit the url as localhost:8080/spring-batch-admi/login i am not getting any page it is displaying as 404 error

      Comment


      • #4
        How does your controllers look like? Do you a mapping for for /login?

        Code:
        @RequestMapping(value="/login", method = RequestMethod.GET)
        public String login(ModelMap model) {
              return "login.jsp"; // best to use a view resolver without hard coding path and extensions
        }

        Comment


        • #5
          hi amiladomingo, yes it is the same as like,

          code:
          @RequestMapping(value = "/welcome", method = RequestMethod.GET)
          public final String printWelcome(final ModelMap model) {

          return "redirect:";

          }

          @RequestMapping(value = "/login", method = RequestMethod.GET)
          public final String login(final ModelMap model) {

          return "login";

          }

          @RequestMapping(value = "/logout", method = RequestMethod.GET)
          public final String logout(final ModelMap model) {

          return "login";

          }

          Comment


          • #6
            Do you have a login.jsp inside /WEB-INF/pages/ ?

            Comment


            • #7
              yes i do have amiladomingo, when i hit url like, localhost:8080/spring-batch-admin i am able to see the admin page but i cant able to access localhost:8080/spring-batch-admin/login

              Comment


              • #8
                hi amiladomingo, i have got everything right with following changes the only problem is i configured forwarding url as /batch/home and when i hit localhost:8080/spring-batch-admin/batch/login i am able to get my login page but after submitting i am getting some url like local:8080/spring-batch-admin/batch//j_spring_security_check which is showing 404 error. i am posting my config files again, please do suggest me a solution.

                web.xml:

                <code>
                ========

                <servlet>
                <servlet-name>dispatcher</servlet-name>
                <servlet-class>org.springframework.web.servlet.DispatcherSe rvlet</servlet-class>
                <init-param>
                <param-name>contextConfigLocation</param-name>
                <param-value>
                /WEB-INF/servlet-config.xml
                <!-- classpath*:/org/springframework/batch/admin/web/resources/servlet-config.xml -->

                </param-value>
                </init-param>
                <load-on-startup>1</load-on-startup>
                </servlet>
                <servlet-mapping>
                <servlet-name>dispatcher</servlet-name>
                <url-pattern>/batch/*</url-pattern>
                </servlet-mapping>
                ===========
                </code>


                servlet-config.xml

                <code>
                =========

                <?xml version="1.0" encoding="UTF-8"?>
                <beans xmlns="http://www.springframework.org/schema/beans"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
                xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-2.0.xsd
                http://www.springframework.org/schema/context
                http://www.springframework.org/schem...ng-context.xsd
                ">

                <import resource="classpath*:/META-INF/spring/batch/servlet/resources/*.xml" />
                <import resource="classpath*:/META-INF/spring/batch/servlet/manager/*.xml" />
                <import resource="classpath*:/META-INF/spring/batch/servlet/override/*.xml" />




                <context:component-scan base-package="com.batchadmin.controllers" />

                <!-- <bean id="login" class="com.batchadmin.controllers.UserController"> </bean> -->

                <bean
                class="org.springframework.web.servlet.view.Intern alResourceViewResolver">
                <property name="prefix">
                <value>/WEB-INF/pages/</value>
                </property>
                <property name="suffix">
                <value>.jsp</value>
                </property>
                </bean>

                <bean id="resourceService"
                class="org.springframework.batch.admin.web.resourc es.DefaultResourceService">
                <property name="servletPath" value="/batch" />
                </bean>

                <bean id="messageSource"
                class="org.springframework.context.support.Resourc eBundleMessageSource">
                <property name="basenames">
                <list>
                <value>mymessages</value>
                </list>
                </property>
                </bean>

                </beans>
                ==========
                </code>


                security.xml

                <code>
                ========
                <beans:beans xmlns="http://www.springframework.org/schema/security"
                xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:schemaLocation="http://www.springframework.org/schema/beans
                http://www.springframework.org/schem...ring-beans.xsd
                http://www.springframework.org/schema/security
                http://www.springframework.org/schema/security/spring-security.xsd">

                <http auto-config="true">
                <intercept-url pattern="/enroute" access="ROLE_USER" />
                <form-login login-page="/login" default-target-url="" />
                <logout logout-success-url="/logout" />

                </http>

                <authentication-manager>
                <authentication-provider>
                <user-service>
                <user name="xxxx" password="**********" authorities="ROLE_USER" />
                </user-service>
                </authentication-provider>
                </authentication-manager>

                </beans:beans>
                ==============
                </code>


                please suggest me a solution.Thank you.

                Comment


                • #9
                  How does your login form looks like? something like this?

                  Code:
                  	<form name='form' action="<c:url value='j_spring_security_check' />" method='POST'>
                  
                  .....
                  </form>

                  Comment


                  • #10
                    yes amiladomingo, its like this

                    <form name='f' action="<c:url value='j_spring_security_check' />"
                    method='POST'>
                    </form>

                    Comment


                    • #11
                      Can you attach your code for me to have a look?

                      Comment


                      • #12
                        you mean controller amiladomingo, do i need to write any filter class or need to include any default filter bean to my security file.??

                        Comment


                        • #13
                          i have attached all the configuration files amiladomingo, do i need to attach controller..??

                          Comment


                          • #14
                            I did a sample similar to your structure and it is working. Can you compare your code with following,

                            Login.jsp
                            Code:
                            <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
                            <html>
                            <body>
                            	<form name='form' action="<c:url value='/j_spring_security_check' />"
                            		method='POST'>
                            		<table>
                            			<tr>
                            				<td>Username:</td>
                            				<td><input type='text' name='j_username' value=''></td>
                            			</tr>
                            			<tr>
                            				<td>Password:</td>
                            				<td><input type='password' name='j_password' /></td>
                            			</tr>
                            			<tr>
                            				<td colspan='2'><input name="submit" type="submit"
                            					value="login" /></td>
                            			</tr>
                            		</table>
                            
                            	</form>
                            </body>
                            </html>
                            home.jsp
                            Code:
                            <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
                            <html>
                            <body>
                            	Welcome : ${username}
                            </body>
                            </html>
                            web.xml
                            Code:
                            <web-app id="WebApp_ID" version="2.4"
                            	xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                            	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
                            	http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
                            
                            	<display-name>Spring mvc security form login</display-name>
                            
                            	<servlet>
                            		<servlet-name>dispatcher</servlet-name>
                            		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
                            		<load-on-startup>1</load-on-startup>
                            	</servlet>
                            	<servlet-mapping>
                            		<servlet-name>dispatcher</servlet-name>
                            		<url-pattern>/</url-pattern>
                            	</servlet-mapping>
                            
                            	<listener>
                            		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
                            	</listener>
                            
                            	<context-param>
                            		<param-name>contextConfigLocation</param-name>
                            		<param-value>
                            			/WEB-INF/dispatcher-servlet.xml,
                            			/WEB-INF/spring-security.xml
                            		</param-value>
                            	</context-param>
                            
                            	<!-- Spring Security -->
                            	<filter>
                            		<filter-name>springSecurityFilterChain</filter-name>
                            		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
                            	</filter>
                            
                            	<filter-mapping>
                            		<filter-name>springSecurityFilterChain</filter-name>
                            		<url-pattern>/*</url-pattern>
                            	</filter-mapping>
                            
                            </web-app>
                            dispacher-servlet.xml
                            Code:
                            <beans xmlns="http://www.springframework.org/schema/beans"
                            	xmlns:context="http://www.springframework.org/schema/context"
                            	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                            	xsi:schemaLocation="
                                    http://www.springframework.org/schema/beans     
                                    http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
                                    http://www.springframework.org/schema/context 
                                    http://www.springframework.org/schema/context/spring-context-3.2.xsd">
                            
                            	<context:component-scan base-package="com.amiladomingo.web" />
                            
                            	<bean
                            		class="org.springframework.web.servlet.view.InternalResourceViewResolver">
                            		<property name="prefix">
                            			<value>/WEB-INF/pages/</value>
                            		</property>
                            		<property name="suffix">
                            			<value>.jsp</value>
                            		</property>
                            	</bean>
                            </beans>
                            spring-security.xml
                            Code:
                            <beans:beans xmlns="http://www.springframework.org/schema/security"
                            	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                            	xsi:schemaLocation="http://www.springframework.org/schema/beans
                            	http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
                            	http://www.springframework.org/schema/security
                            	http://www.springframework.org/schema/security/spring-security-3.1.xsd">
                            
                            	<http auto-config="true">
                            		<intercept-url pattern="/batch/home" access="ROLE_USER" />
                            		<form-login login-page="/batch/login" default-target-url="/batch/home"
                            			authentication-failure-url="/batch/loginfailed" />
                            	</http>
                            
                            	<authentication-manager>
                            		<authentication-provider>
                            			<user-service>
                            				<user name="user" password="123" authorities="ROLE_USER" />
                            			</user-service>
                            		</authentication-provider>
                            	</authentication-manager>
                            
                            </beans:beans>
                            AuthenticationController.java
                            Code:
                            package com.amiladomingo.web.controller;
                            
                            import java.security.Principal;
                            
                            import org.springframework.stereotype.Controller;
                            import org.springframework.ui.ModelMap;
                            import org.springframework.web.bind.annotation.RequestMapping;
                            import org.springframework.web.bind.annotation.RequestMethod;
                            
                            @Controller
                            @RequestMapping(value = "/batch")
                            public class AuthenticationController {
                            
                            	@RequestMapping(value = "/home", method = RequestMethod.GET)
                            	public String showHomePage(ModelMap model, Principal principal) {
                            
                            		String name = principal.getName();
                            		model.addAttribute("username", name);
                            		return "home";
                            
                            	}
                            
                            	@RequestMapping(value = "/login", method = RequestMethod.GET)
                            	public String login(ModelMap model) {
                            
                            		return "login";
                            
                            	}
                            
                            	@RequestMapping(value = "/loginfailed", method = RequestMethod.GET)
                            	public String loginerror(ModelMap model) {
                            
                            		model.addAttribute("error", "true");
                            		return "login";
                            
                            	}
                            }

                            Comment


                            • #15
                              You should be able to laod the login page with following url - http://localhost:8080/batch/login on jetty. Or http://localhost:8080/<war-finalName>/batch/login on other containers

                              Comment

                              Working...
                              X