Spring Security Simple Login and Logout Example
November 25, 2013
For any web application or enterprise software application, security is most important feature. For any application we need authentication and authorization for any user. Authentication is just to know who is accessing your application. Authorization is that if that user can perform any action in your application. Spring Security performs these two tasks in a very secure manner. So if we are developing our application, we can leave authentication and authorization responsibilities to spring security and do our business logic. There are lots of things to learn in spring security. We can start with a simple spring security login and logout example. So find all the file description to run the example.
security-config.xml
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <http auto-config="true"> <intercept-url pattern="/login" access="ROLE_USER" /> <logout logout-success-url="/login" /> </http> <authentication-manager> <authentication-provider> <user-service> <user name="concretepage" password="con1234" authorities="ROLE_USER" /> </user-service> </authentication-provider> </authentication-manager> </beans:beans>
dispatcher-servlet.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd">
<context:component-scan base-package="com.concretepage.security.controller" />
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/pages/"/>
<property name="suffix" value=".jsp"/>
</bean>
</beans>
web.xml
<?xml version="1.0" encoding="ISO-8859-1" ?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>Spring Security Application</display-name>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/dispatcher-servlet.xml,
/WEB-INF/security-config.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Spring Security Configuration -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
LoginController.java
package com.concretepage.security.controller;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
@RequestMapping("/login")
public class LoginController {
@RequestMapping(method = RequestMethod.GET)
public String success(ModelMap map) {
map.addAttribute("msg", "Successfully logged in");
return "success";
}
}
success.jsp
<html>
<body>
<table><tr><td>
${msg}
</td></tr>
<tr><td>
<a href="j_spring_security_logout">logout </a>
</td></tr>
</table>
</body>
</html>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.1.4.RELEASE</version>
</dependency>
How to Logout in Spring Security
Logout in spring security is easy. Spring security provides a URL as j_spring_security_logout. When we request this URL, it will automatically logout. After logout, we need to redirect at any desired URL. Find the two configurations below in success.jsp and security-config.xml.<logout logout-success-url="/login" />
<a href="j_spring_security_logout">logout </a>
Spring Security: Eclipse Configuration
Spring Security: How To Run
Use the URL pattern which you have configured in security-config.xml. In our example URL will behttp://localhost:8080/SpringSecurity/login
Use username concretepage and password con1234. After successful login, below page will be displayed. And after click on logout, login page will be displayed.
Download Source Code
spring-security-simple-login-example.zip
