https://github.com/coder-acjhp/spring-mvc-security-test
With Spring security working on authentication, authorization.
https://github.com/coder-acjhp/spring-mvc-security-test
Last synced: about 1 year ago
JSON representation
With Spring security working on authentication, authorization.
- Host: GitHub
- URL: https://github.com/coder-acjhp/spring-mvc-security-test
- Owner: Coder-ACJHP
- Created: 2017-10-01T01:05:01.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2017-10-03T03:37:18.000Z (over 8 years ago)
- Last Synced: 2025-05-22T09:39:48.813Z (about 1 year ago)
- Language: Java
- Size: 191 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Spring-MVC & Security-Test-Application
With Spring security & Spring MVC working on authentication, authorization [csrf].
Login :
Application starting with custom login page (not Spring login page) with name 'login.jsp' and 'spring-security.xml' will
handle the authentication op. with checking 'username & password' from database[go to below] if the user found will send the url to
'default-target-url="/hello"' else 'authentication-failure-url="/login?error=true" ' thats mean 'spring-security.xml' will
redirect the user to 'login' page with message in 'sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message' while login op.
end successfully.
Log out :
When user pressing 'Logout' button application will send the user to '/j_spring_security_logout' with hidden
'${_csrf.parameterName}' and '${_csrf.token}' in POST method because _csrf
need to invalidate session with spessific UID and '@Controller'[SecurityController] page will handle it and will log it out.
Than will redirect the user to 'login' page again.
Access denied :
All users have some role like 'ROLE_USER' or 'ROLE_ADMIN' we need to prevent all users to access 'admin' page or panel to do this
we have to add some intercept-urls in 'spring-security.xml' than Spring will work as we want and when the user that doesn't have
permission to view private pages will redirect to 'Spring default access denied page'
Example : just ROLE_ADMIN can access this page.
So to create custom access denied page and redirect to user to it we have to add 'error-page' to 'web.xml' and add this line
to 'spring-security.xml' than handle this url in '@Controller'
[SecurityController] page.
Database connection and injecting to security.xml :
If we use xml configuration with Spring we have to set all connection configurations in 'spring-config.xml'.
We alredy created our connection properties with 'id="dataSource"' and as like we said above 'spring-security.xml' need to check
the username and password from database thats why we will give this connection to 'spring-security.xml' with this line :
'' than we need to add connection id in tag jdbc-user-service
like this : and Spring will use this connection.
Note :
We also can use default Spring login page, default access denied page or without connection to database like :
Spring Security Annotation Example | Spring Security without db connection Example
I hope this help you.
For any question :
If you have question or feedback about this application please email me at : hexa.octabin@gmail.com