CODEWITHSUNDEEP
javahtmlgoogle-app-enginespring-security
Sreekanth
Sreekanth

Reputation: 534

restrict user to authenticate before viewing pages using spring security java

I am new to Spring framework and Spring security. I am developing an application using google app engine. I am trying to authenticate the user but cant able to achieve it. My problems here are

  1. I need to restrict the all the user to type the URL in the browser and to see the pages. If they want to access such pages I need to navigate them to the warning page.
  2. An user can access the application only if he is authenticated with the application. If not authenticated the login page should be navigated.
  3. I need to write a custom login authenticated page where in the page i should authenticate them if given credentials are perfect then we can navigate them to the main page.
  4. In the custom login authentication page we should write the database logic to get the credentials from the db and authenticate. And if the user is not registered with the application then we should navigate them to the registration page with a default message.

Please any one can give me the default application with this requirements.

Thanks and Regards, Sree

Upvotes: 2

Views: 1002

Answers (1)

Ratna Srikanth
Ratna Srikanth

Reputation: 125

I am using spring 3.x to complete the configuration

in web.xml, add these lines

<filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

comes to security xml page add these. And i am using DAOAuthenticationProvider. And password encoding i am using BCryptPasswordEncoder.

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
                    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                    http://www.springframework.org/schema/security 
                    http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    <http use-expressions="true">
        <form-login login-page="/login" always-use-default-target="true" default-target-url="/sessionInit" authentication-failure-url="/login"/>
        <logout logout-url="/logout" logout-success-url="/logout"/> 
    </http>

    <beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <beans:property name="userDetailsService" ref="userDetailsService" ></beans:property>
    </beans:bean>

    <beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
        <beans:property name="providers">
            <beans:list>
                <beans:ref local="daoAuthenticationProvider"/>
            </beans:list>
        </beans:property>
    </beans:bean>

    <authentication-manager>
       <authentication-provider ref="authProvider"></authentication-provider> 
    </authentication-manager>

    <beans:bean id="authProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <beans:property name="userDetailsService" ref="userDetailsService" />
        <beans:property name="passwordEncoder" ref="encoder" />
    </beans:bean>

      <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

</beans:beans>

before all these configuration you need add this security.xml file in the web.xml.

Upvotes: 1

Related Questions