Home  >  Spring Security

Spring Security Simple Login and Logout Example

By Arvind Rai, November 25, 2013
For any web application or enterprise software application, security is most important feature. For any application we need authentication and authorization for any user. Authentication is just to know who is accessing your application. Authorization is that if that user can perform any action in your application. Spring Security performs these two tasks in a very secure manner. So if we are developing our application, we can leave authentication and authorization responsibilities to spring security and do our business logic.
There are lots of things to learn in spring security. We can start with a simple spring security login and logout example. So find all the file description to run the example.

security-config.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.1.xsd">
	<http auto-config="true">
		<intercept-url pattern="/login" access="ROLE_USER" />
		<logout logout-success-url="/login" />
	</http>
	<authentication-manager>
		<authentication-provider>
			<user-service>
				<user name="concretepage" password="con1234" authorities="ROLE_USER" />
			</user-service>
		</authentication-provider>
	</authentication-manager>
</beans:beans>
 
In our example we have a user configured which has ROLE_USER authorities. intercept-url is providing URL pattern for login.

dispatcher-servlet.xml
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 	<context:component-scan base-package="com.concretepage.security.controller" />
	<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
	  <property name="prefix" value="/pages/"/>
	  <property name="suffix" value=".jsp"/> 
    </bean>
</beans>
 
dispatcher-servlet.xml is same as used in Spring MVC application.

web.xml
<?xml version="1.0" encoding="ISO-8859-1" ?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
    version="2.4">

	<display-name>Spring Security Application</display-name>

	<servlet>
		<servlet-name>dispatcher</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>

	<servlet-mapping>
		<servlet-name>dispatcher</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>

	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
		   /WEB-INF/dispatcher-servlet.xml,
		   /WEB-INF/security-config.xml
		</param-value>
	</context-param>

	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>

	<!-- Spring Security Configuration -->
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

</web-app>
 
In web.xml , we need to configure spring security filter chain.

LoginController.java
package com.concretepage.security.controller;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
@RequestMapping("/login")
public class LoginController {
	@RequestMapping(method = RequestMethod.GET)
	public String success(ModelMap map) {
 		map.addAttribute("msg", "Successfully logged in");
		return "success";
 	}
}
 
After successful login, control goes to LoginController. We simply here return to success page.

success.jsp
<html>
<body>
<table><tr><td>
 ${msg}
 </td></tr>
 <tr><td>
 <a href="j_spring_security_logout">logout </a>
 </td></tr>
 </table>
 </body>
 </html>
 
Spring security pom.xml dependency
   <dependency>
	<groupId>org.springframework.security</groupId>
	<artifactId>spring-security-core</artifactId>
	<version>3.1.4.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>3.1.4.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>3.1.4.RELEASE</version>
    </dependency>
 

How to Logout in Spring Security

Logout in spring security is easy. Spring security provides a URL as j_spring_security_logout. When we request this URL, it will automatically logout. After logout, we need to redirect at any desired URL. Find the two configurations below in success.jsp and security-config.xml.
<logout logout-success-url="/login" />
 
<a href="j_spring_security_logout">logout </a>
 
To configure logout redirect URL, use <logout> tag and configure logout-success-url attribute.

Spring Security: Eclipse Configuration

Spring Security Simple Login and Logout Example

Spring Security: How To Run

Use the URL pattern which you have configured in security-config.xml. In our example URL will be
http://localhost:8080/SpringSecurity/login

Spring Security Simple Login and Logout Example
Use username concretepage and password con1234. After successful login, below page will be displayed. And after click on logout, login page will be displayed.

Spring Security Simple Login Example

Download Source Code
spring-security-simple-login-example.zip
POSTED BY
ARVIND RAI
ARVIND RAI
FIND MORE TUTORILAS
comments powered by Disqus


Copyright ©2017 concretepage.com, all rights reserved |Privacy Policy | Contact Us