{"id":18820810,"url":"https://github.com/coder-acjhp/spring-mvc-security-test","last_synced_at":"2025-06-20T23:35:18.504Z","repository":{"id":131076646,"uuid":"105410991","full_name":"Coder-ACJHP/Spring-Mvc-Security-Test","owner":"Coder-ACJHP","description":"With Spring security working on authentication, authorization.","archived":false,"fork":false,"pushed_at":"2017-10-03T03:37:18.000Z","size":196,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-05-22T09:39:48.813Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Coder-ACJHP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-10-01T01:05:01.000Z","updated_at":"2017-10-01T02:25:50.000Z","dependencies_parsed_at":null,"dependency_job_id":"fc94d8b0-1b2f-434a-a0fd-4d09bff631b8","html_url":"https://github.com/Coder-ACJHP/Spring-Mvc-Security-Test","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Coder-ACJHP/Spring-Mvc-Security-Test","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Coder-ACJHP%2FSpring-Mvc-Security-Test","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Coder-ACJHP%2FSpring-Mvc-Security-Test/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Coder-ACJHP%2FSpring-Mvc-Security-Test/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Coder-ACJHP%2FSpring-Mvc-Security-Test/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Coder-ACJHP","download_url":"https://codeload.github.com/Coder-ACJHP/Spring-Mvc-Security-Test/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Coder-ACJHP%2FSpring-Mvc-Security-Test/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261036933,"owners_count":23100932,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T00:30:15.049Z","updated_at":"2025-06-20T23:35:13.493Z","avatar_url":"https://github.com/Coder-ACJHP.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Spring-MVC \u0026 Security-Test-Application\nWith Spring security \u0026 Spring MVC working on authentication, authorization [csrf].\n\n\u003ch3\u003eLogin :\u003c/h3\u003e \n\u003cpre\u003e\n Application starting with custom login page (not Spring login page) with name 'login.jsp' and 'spring-security.xml' will\n handle the authentication op. with checking 'username \u0026 password' from database[go to below] if the user found will send the url to \n 'default-target-url=\"/hello\"' else 'authentication-failure-url=\"/login?error=true\" ' thats mean 'spring-security.xml' will\n redirect the user to 'login' page with message in 'sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message' while login op.\n end successfully.\n\u003c/pre\u003e\n\n\u003ch3\u003eLog out :\u003c/h3\u003e  \n\u003cpre\u003e\nWhen user pressing 'Logout' button application will send the user to '/j_spring_security_logout' with hidden \n'${_csrf.parameterName}' and '${_csrf.token}' in POST method because \u003ca href=\"https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html\"\u003e_csrf \u003c/a\u003e\nneed to invalidate session with spessific UID and '@Controller'[SecurityController] page will handle it and will log it out. \nThan will redirect the user to 'login' page again.\n\u003c/pre\u003e\n\n\u003ch3\u003eAccess denied :\u003c/h3\u003e \n\u003cpre\u003e\nAll users have some role like 'ROLE_USER' or 'ROLE_ADMIN' we need to prevent all users to access 'admin' page or panel to do this\nwe have to add some intercept-urls in 'spring-security.xml' than Spring will work as we want and when the user that doesn't have\npermission to view private pages will redirect to 'Spring default access denied page'\nExample : \u003cintercept-url pattern=\"/admin**\" access=\"hasRole('ROLE_ADMIN')\" /\u003e just ROLE_ADMIN can access this page.\nSo to create custom access denied page and redirect to user to it we have to add 'error-page' to 'web.xml' and add this line \n\u003ci\u003e\u003caccess-denied-handler error-page=\"/accessDenied\"/\u003e\u003c/i\u003e to 'spring-security.xml' than handle this url in '@Controller'\n[SecurityController] page.\n\u003c/pre\u003e\n\n\u003ch3\u003eDatabase connection and injecting to security.xml :\u003c/h3\u003e \n\u003cpre\u003e\nIf we use xml configuration with Spring we have to set all connection configurations in 'spring-config.xml'.\nWe alredy created our connection properties with 'id=\"dataSource\"' and as like we said above 'spring-security.xml' need to check\nthe username and password from database thats why we will give this connection to 'spring-security.xml' with this line : \n'\u003cb:import resource=\"spring-config.xml\" /\u003e' than we need to add connection id in tag jdbc-user-service \nlike this : \u003cjdbc-user-service data-source-ref=\"dataSource\"\u003e and Spring will use this connection.\n\u003c/pre\u003e\n\n\u003ch3\u003eNote :\u003c/h3\u003e  \n\u003cpre\u003e\nWe also can use default Spring login page, default access denied page or without connection to database like : \n\u003ca href=\"https://www.mkyong.com/spring-security/spring-security-hello-world-annotation-example/\"\u003eSpring Security Annotation Example\u003c/a\u003e | \u003ca href=\"https://www.mkyong.com/spring-security/spring-security-hello-world-example/\"\u003eSpring Security without db connection Example\u003c/a\u003e\n\u003c/pre\u003e\n\nI hope this help you.\n\n\u003ch2\u003eFor any question :\u003c/h2\u003e \nIf you have question or feedback about this application please email me at : \u003ca href=\"mailto:hexa.octabin@gmail.com\"\u003ehexa.octabin@gmail.com\u003c/a\u003e\n\u003chr\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoder-acjhp%2Fspring-mvc-security-test","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcoder-acjhp%2Fspring-mvc-security-test","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoder-acjhp%2Fspring-mvc-security-test/lists"}