Announcement Announcement Module
Collapse
No announcement yet.
Username and Password Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • tango
    started a topic Username and Password

    Username and Password

    hello to all.
    im new to spring security.
    i want to create a simple project that only have 2 pages:
    login.jsp
    Code:
    <%@ page import="org.springframework.security.web.authentication.AuthenticationProcessingFilter" %>
    <%@ page import="org.springframework.security.web.authentication.AbstractProcessingFilter" %>
    <%@ page import="org.springframework.security.core.AuthenticationException" %>
    
    <html>
    <head>
        <title>Spring Security Test</title>
    </head>
    <body>
    <form action="/j_spring_security_check" method="post">
        <label for="j_username">Username</label>
        <input type="text" name="j_username" id="j_username">
        <br/>
        <label for="j_password">Password</label>
        <input type="password" name="j_password" id="j_password"/>
        <br/>
        <input type="submit" value="Login"/>
    </form>
    </body>
    </html>

    home.jsp
    Code:
    <%@ page contentType="text/html;charset=UTF-8" language="java" %>
    <html>
      <head><title>Simple jsp page</title></head>
      <body>Place your content here</body>
    </html>
    in login page user must fill username and password field;
    after user submitting login page if username was reverse of password, (for example username="abc123" password="321cba")
    go to the home page, otherwise show login page.
    i know that how to get username with an implimentation of UserDetailsService interface

    Code:
    package controller;
    
    import org.springframework.dao.DataAccessException;
    import org.springframework.security.core.userdetails.UserDetails;
    import org.springframework.security.core.userdetails.UserDetailsService;
    import org.springframework.security.core.userdetails.UsernameNotFoundException;
    
    public class UserController implements UserDetailsService {
    
        public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException, DataAccessException {
            // my code to here
            return null;
        }
    }
    and how to config my applicationContext-security.xml for use than my UserController class

    Code:
    <beans:beans xmlns="http://www.springframework.org/schema/security"
                 xmlns:beans="http://www.springframework.org/schema/beans"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                 xmlns:context="http://www.springframework.org/schema/context"
                 xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
    
        <global-method-security secured-annotations="enabled">
        </global-method-security>
    
        <http auto-config="true">
            <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
            <intercept-url pattern="/**" access="ROLE_USER"/>
            <form-login login-page="/login.jsp" default-target-url="/index.jsp"/>
        </http>
        <authentication-manager>
            <authentication-provider user-service-ref="myController">
            </authentication-provider>
        </authentication-manager>
        <beans:bean id="myController" class="controller.UserController"/>
    </beans:beans>

    but problem is i dont know how to get password value in what way.(likely be implementing another interface or doing somethigs else)
    please somebody help me.

    so thanks

  • skram
    replied
    I got the tutorial done and the sample application. Feel free to visit it at

    http://krams915.blogspot.com/2010/12...-using_26.html

    Leave a comment:


  • skram
    replied
    I did some research about your question.

    You will need to declare a custom filter

    Code:
    <security:custom-filter ref="usernamePasswordAuthenticationFilter" position="FORM_LOGIN_FILTER"/>
    And the following beans

    Code:
    <bean id="customAuthenticationManager" class="org.krams.tutorial.filter.CustomAuthenticationManager" />
     	
     	<bean id="customFailureUrlHandler" class="org.krams.tutorial.handler.CustomFailureUrlHandler">
     		<property name="defaultFailureUrl" value="/krams/auth/login?error=true" />
     	</bean>
     	
     	<bean id="authenticationEntryPoint"  class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    	  <property name="loginFormUrl" value="/krams/auth/login"/>
    	</bean>
    Give me time and I'm gonna post a tutorial about this either later or tomorrow

    Leave a comment:


  • tango
    replied
    you suppose in an application not need to a valid username and password that existed in a database or LDAP or ...
    the only condition is username must be reverse of password.
    so how you check this?

    Leave a comment:


  • skram
    replied
    Why do you need the password value?

    It's up to Spring Security to use the password that was entered in the JSP page for comparison purposes.

    if username was reverse of password, (for example username="abc123" password="321cba")
    go to the home page, otherwise show login page.
    Why does it need to be reversed? When the password is wrong, regardless if it's reversed, shouldn't it still go to the login page?

    Try checking the tutorial I wrote for Spring Security and MVC at http://krams915.blogspot.com/p/tutorials.html

    It might give you some pointers

    Leave a comment:

Working...
X