If you're interested in functional programming, you might also want to checkout my second blog which i'm actively working on!!

Monday, September 6, 2010

Basic security with Spring 3.0

I had to create a webapplication with some basic authentication for several pages which allowed the user to administer the application. The view-only pages should not require authentication.

Since I use the SpringFramework for most of my applications lately I decided to take a quick look at Spring Security and blog this quick how-to guide for basic authentication. Remark: I use eclipse as IDE.

So let's start with adding some required maven dependencies:

I also had to add the Spring repo's to my pom.xml:

So next you might run 'mvn eclipse:eclipse' again and refresh the project in eclipse.

We also need to make some adjustments in our web.xml:

Next I decided to create a separate application-security.xml with the default namespace set to "http://www.springframework.org/schema/security" so it would avoid me having to type the security prefix for all elements. One problem I faced was that the authentication-provider used to be a root element where as it is now a child from authentication-manager.

As you can see all pages with the pattern /pages/secure/** are made secure now and only accessible to users with ROLE 'ROLE_SUPERVISOR'. Secure pages are forwarded to the login-form (/pages/login.faces).

Once the form get's submitted the configured authentication-provider authenticates the user.

A little remark about my login page which is using facelets... Using jsf tags will give you some trouble because the form action and user and password form names have to match the ones as specified below:

Other usefull blogs:

No comments:

Post a Comment