Announcement Announcement Module
Collapse
No announcement yet.
Username and Password Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Username and Password

    hello to all.
    im new to spring security.
    i want to create a simple project that only have 2 pages:
    login.jsp
    Code:
    <%@ page import="org.springframework.security.web.authentication.AuthenticationProcessingFilter" %>
    <%@ page import="org.springframework.security.web.authentication.AbstractProcessingFilter" %>
    <%@ page import="org.springframework.security.core.AuthenticationException" %>
    
    <html>
    <head>
        <title>Spring Security Test</title>
    </head>
    <body>
    <form action="/j_spring_security_check" method="post">
        <label for="j_username">Username</label>
        <input type="text" name="j_username" id="j_username">
        <br/>
        <label for="j_password">Password</label>
        <input type="password" name="j_password" id="j_password"/>
        <br/>
        <input type="submit" value="Login"/>
    </form>
    </body>
    </html>

    home.jsp
    Code:
    <%@ page contentType="text/html;charset=UTF-8" language="java" %>
    <html>
      <head><title>Simple jsp page</title></head>
      <body>Place your content here</body>
    </html>
    in login page user must fill username and password field;
    after user submitting login page if username was reverse of password, (for example username="abc123" password="321cba")
    go to the home page, otherwise show login page.
    i know that how to get username with an implimentation of UserDetailsService interface

    Code:
    package controller;
    
    import org.springframework.dao.DataAccessException;
    import org.springframework.security.core.userdetails.UserDetails;
    import org.springframework.security.core.userdetails.UserDetailsService;
    import org.springframework.security.core.userdetails.UsernameNotFoundException;
    
    public class UserController implements UserDetailsService {
    
        public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException, DataAccessException {
            // my code to here
            return null;
        }
    }
    and how to config my applicationContext-security.xml for use than my UserController class

    Code:
    <beans:beans xmlns="http://www.springframework.org/schema/security"
                 xmlns:beans="http://www.springframework.org/schema/beans"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                 xmlns:context="http://www.springframework.org/schema/context"
                 xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
    
        <global-method-security secured-annotations="enabled">
        </global-method-security>
    
        <http auto-config="true">
            <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
            <intercept-url pattern="/**" access="ROLE_USER"/>
            <form-login login-page="/login.jsp" default-target-url="/index.jsp"/>
        </http>
        <authentication-manager>
            <authentication-provider user-service-ref="myController">
            </authentication-provider>
        </authentication-manager>
        <beans:bean id="myController" class="controller.UserController"/>
    </beans:beans>

    but problem is i dont know how to get password value in what way.(likely be implementing another interface or doing somethigs else)
    please somebody help me.

    so thanks

  • #2
    Why do you need the password value?

    It's up to Spring Security to use the password that was entered in the JSP page for comparison purposes.

    if username was reverse of password, (for example username="abc123" password="321cba")
    go to the home page, otherwise show login page.
    Why does it need to be reversed? When the password is wrong, regardless if it's reversed, shouldn't it still go to the login page?

    Try checking the tutorial I wrote for Spring Security and MVC at http://krams915.blogspot.com/p/tutorials.html

    It might give you some pointers

    Comment


    • #3
      you suppose in an application not need to a valid username and password that existed in a database or LDAP or ...
      the only condition is username must be reverse of password.
      so how you check this?

      Comment


      • #4
        I did some research about your question.

        You will need to declare a custom filter

        Code:
        <security:custom-filter ref="usernamePasswordAuthenticationFilter" position="FORM_LOGIN_FILTER"/>
        And the following beans

        Code:
        <bean id="customAuthenticationManager" class="org.krams.tutorial.filter.CustomAuthenticationManager" />
         	
         	<bean id="customFailureUrlHandler" class="org.krams.tutorial.handler.CustomFailureUrlHandler">
         		<property name="defaultFailureUrl" value="/krams/auth/login?error=true" />
         	</bean>
         	
         	<bean id="authenticationEntryPoint"  class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        	  <property name="loginFormUrl" value="/krams/auth/login"/>
        	</bean>
        Give me time and I'm gonna post a tutorial about this either later or tomorrow

        Comment


        • #5
          I got the tutorial done and the sample application. Feel free to visit it at

          http://krams915.blogspot.com/2010/12...-using_26.html

          Comment

          Working...
          X