ReviewIn the previous section, we have implemented the Java classes and organized them accordingly: domain, repository, service, and controller. In this section, we will create the necessary configuration files, which are mainly XML files, and discuss them thoroughly.
Table of ContentsPart 1: Introduction and Functional Specs
Part 2: Java classes
Part 3: XML configuration
Part 4: HTML Files
Part 5: Running the Application
ConfigurationThere are two important configuration files required to secure our application with Spring Security:
- spring-security.xml (arbitrary name)
spring-security.xmlThis contains the core Spring Security configuration.
Let's examine further the contents of this file:
the http tag
the second http tag
This contains the core security rules of our application. In previous versions of Spring Security, you're only allowed to have one http element.
- auto-config is a shorthand for the following (see more):
- use-expressions allows us to use SPEL (Spring EL expressions) support (see more)
Here we declare URL patterns to be protected. Notice the use of SPEL hasRole and permitAll (see more)
This declares our login settings:
- login-page: the URL path of our login page
- authentication-failure-url: the URL where a user will be redirected after a failed login
- default-target-url: the URL where a user will be redirected after a successful login
This declares the URL where a user will be redirected after a denied access.
This is similar with the login element.
- logout-success-url: the URL where a user will be redirected after a successful logout
- logout-url: the URL path of our logout page
- authentication-manager: registers an AuthenticationManager that provides authentication services (see more)
- authentication-provider: this is a shorthand for configuring a DaoAuthenticationProvider which loads user information from a UserDetailsService (see more)
- user-service-ref: this allows us to declare a custom UserDetailsService
- password-encoder: this allows us to declare various password encoders such as md5 and sha (see more)
web.xmlBesides the usual servlet declaration, the web.xml is where you declare the Spring Security filter and name of configuration file to read from.
To enable Spring Security, follow these guidelines:
- Add a DelegatingFilterProxy
- Add a springSecurityFilterChain mapping
- Add a contextConfigLocation You must declare your applicationContext.xml and spring-security.xml here
Here's our complete web.xml file:
DatasourceSince we're using JPA and Spring Data JPA to simplify data access, we must also declare the corresponding configuration files. Please read the inline comments for more info.
This contains all datasource-related configuration.
NextIn the next section, we will turn our attention towards the view layer which mainly consists of JSP files. Click here to proceed.
Share the joy:
Subscribe by reader Subscribe by email Share