Spring Security

Spring Security is a framework that provides authentication, authorization  and other security features for enterprise applications.

<bean class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping">
<property name="interceptors" ref="authorizationInterceptor"/>
</bean>
<bean id="authorizationInterceptor"
class="org.springframework.web.servlet.handler.UserRoleAuthorizationInterceptor">
<property name="authorizedRoles" value="administrator,operator"/>
</bean>

This is an example where we explicitly mention the BeanNameUrlHandlerMapping and set an interceptor allowing only administrators and operators to call the beans.

Web Configuration

The ‘springSecurityFilterChain’ filter needs to be configured to intercept all URLs so Spring Security can control access to them. The filter must be named this to match the default bean it retrieves from the Spring context.

/WEB-INF/web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
 version="3.0" metadata-complete="true">

<display-name>simple-security</display-name>

 <listener>
 <listener-class>
 org.springframework.web.context.ContextLoaderListener
 </listener-class>
 </listener>

<context-param>
 <param-name>contextConfigLocation</param-name>
 <param-value>
 /WEB-INF/spring/*-context.xml
 </param-value>
 </context-param>

<!-- Enables Spring Security -->
 <filter>
 <filter-name>springSecurityFilterChain</filter-name>
 <filter-class>
 org.springframework.web.filter.DelegatingFilterProxy
 </filter-class>
 </filter>

<filter>
 <filter-name>encoding-filter</filter-name>
 <filter-class>
 org.springframework.web.filter.CharacterEncodingFilter
 </filter-class>
 <init-param>
 <param-name>encoding</param-name>
 <param-value>UTF-8</param-value>
 </init-param>
 </filter>

<filter-mapping>
 <filter-name>encoding-filter</filter-name>
 <url-pattern>/*</url-pattern>
 </filter-mapping>

<filter-mapping>
 <filter-name>springSecurityFilterChain</filter-name>
 <url-pattern>/*</url-pattern>
 </filter-mapping>

<servlet>
 <servlet-name>simple-form</servlet-name>
 <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
 <init-param>
 <param-name>contextConfigLocation</param-name>
 <param-value></param-value>
 </init-param>
 </servlet>

 <servlet-mapping>
 <servlet-name>simple-form</servlet-name>
 <url-pattern>*.html</url-pattern>
 </servlet-mapping>

 <welcome-file-list>
 <welcome-file>index.jsp</welcome-file>
 </welcome-file-list>

</web-app>

 


Mathematics, Technology and Programming are my passion. I am a part of Java Ecosystem and through this blog, I contribute to it. I am here to blog about my interests, views and experiences. I am on Google+ and Facebook. I feel proud to be listed as a "National Memory Record Holder" in the Limca Book of Records, 2009 and have attempted for an International Memory record in the Guiness Book of Records. I can remember the value of PI upto 10,000 digits after the decimal (3.1415.....). You can contact me on javagenious.com(At)gmal.com ; I would like to hear from you :)

Share This Post

Recent Articles

Powered by WordPress · Designed by Theme Junkie
You might also likeclose