Spring security authentication example


Spring security authentication

In this tutorial we'll learn how to secure a web application using spring security with users stored on a database

P.S In this example, we are using MySQL database and deploy to Tomcat 7 web container.

1. Database Script
script to create the user table on the database.
CREATE TABLE `user` 
  ( 
     `userid`   BIGINT(20) UNSIGNED NOT NULL auto_increment, 
     `login`    VARCHAR(50) NOT NULL, 
     `password` VARCHAR(50) NOT NULL, 
     `role`     VARCHAR(50) NOT NULL, 

     `enabled`     TINYINT(1) NOT NULL, 
     PRIMARY KEY (`userid`) 
  ) engine=innodb auto_increment=17 DEFAULT charset=utf8; 
INSERT INTO `user`(`userid`, `login`, `password`,`role`, 
`enabled`)
VALUES      (1, 'raouf', 'raouf', 'user', 1); 

2. Project structure











3. Datasource configuration : 
application-context.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd"> <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"> <property name="user" value="root" /> <property name="driverClass" value="org.gjt.mm.mysql.Driver"/> <property name="jdbcUrl" value="jdbc:mysql://localhost/tutorial" /> <property name="password" value="root" /> </bean> </beans>
4. Security configuration : 
we'll secure our web application so only logged users can access on our resources.
spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xmlns:sec="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <sec:http auto-config="true" use-expressions="true"> <sec:intercept-url pattern="/login.html" access="permitAll" /> <sec:intercept-url pattern="/*" access="hasRole('user')"/> <sec:session-management invalid-session-url="/login.html" /> <sec:form-login login-page="/login.html"/> <sec:logout invalidate-session="true" delete-cookies="JSESSIONID,SPRING_SECURITY_REMEMBER_ME_COOKIE" logout-success-url="/login.html"></sec:logout> </sec:http> <authentication-manager> <authentication-provider> <jdbc-user-service data-source-ref="dataSource" users-by-username-query=" select `login` as username, `password`, `enabled` from `user` where login=?" authorities-by-username-query=" select `login` as username, `role` as authority from `user` where login =?" /> </authentication-provider> </authentication-manager> </beans:beans>

5. Login page :
here the code of the login page
login.html
<!DOCTYPE html> <html> <head> <meta charset="ISO-8859-1"> <title>Login page</title> </head> <body> <h1>Authentication</h1> <br /> <form name="login-form" action="j_spring_security_check" method="post"> <input name="j_username" type="text" /> <input name="j_password" type="password" /> <input type="submit" name="submit" value="Connection" /> </form> </body> </html>
6. Welcome page :
here the code of the welcome page with the logout link
index.html
<html> <head> <title>Welcome</title> </head> <body> <h1>Welcome</h1> <a href="j_spring_security_logout">Logout</a> </body> </html>