Monday, October 8, 2012

Spring MVC, Security + Hibernate + DWR - Page 4



Spring MVC, Security + Hibernate + DWR, Let's PLay

OK, let's secure it ;)

The Spring security filter and Spring configuration:

in you web.xml edit the line to add a new file called spring-security.xml
<param-value>/WEB-INF/applicationContext.xml,/WEB-INF/dwr-context.xml,/WEB-INF/hibernate-context.xml,/WEB-INF/spring-security.xml</param-value>
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>
<filter-mapping>
	<filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

Filter Order

as we are now having two filters (springSecurityFilterChain and OpenSessionInViewFilter) we need to set the filter order as, 1-security 2-Hibernate.
make sure you filter order look like this
<filter-mapping>
	<filter-name>springSecurityFilterChain</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
	<filter-name>hibernateFilter</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>

spring-security.xml

this file will configure spring security, we will use form authentication, the users will be configured using this file too.
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
 
	<http auto-config="true">
		<intercept-url pattern="/*" access="ROLE_USER" />
	</http>
 
	<authentication-manager>
	  <authentication-provider>
	    <user-service>
		<user name="mtz" password="123" authorities="ROLE_USER" />
	    </user-service>
	  </authentication-provider>
	</authentication-manager>
 
</beans:beans>
the idea here is that we are securing every URL, with:
username:mtz
password:123

Test it

deploy the project and you should see the following page
and you are done, thanks :)
download the full example

7 comments:

MooseyMersa said...

Thank you for a great tutorial. Took quite a while for me to get it to work, but this was more to do with running MySql on a non-default port (to do this you need to use a later version of the mysql-connector than provided in the download/repository and place it in a web-inf/lib folder).
In addition to make the logging work properly (to help solve the above problem) I needed to put the logging.properties and log4j.properties files in a web-inf/classes folder.

prathap kumar said...

Great Article

Hibernate Training
Hibernate Online Training
Hibernate Training Courses
Java J2EE Training Institutes in Chennai
Java Training in Chennai

Java Training




Hibernate Dialect
Hibernate Interview Questions

Nikshitha S said...

Hibernate is the most popular framework for java environments which is based on the object relational mapping.
hibernate training in chennai | hibernate training

John Alert said...

Hibernate Online Training Hibernate Online Training Hibernate Training in Chennai Hibernate Training in Chennai Java Online Training Java Online Training Hibernate Training Institutes in ChennaiHibernate Training Institutes in Chennai

John Alert said...

Great step by step solution, thanks for the help!

Spring Hibernate Online Training | Hibernate Training in Chennai Java Training Institutes


Hibernate Online Training | Java Online Training | Java EE Online Training

sunitha vishnu said...

It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful to me...
Android Training in Chennai
Ios Training in Chennai

unknown said...

we will go through the Spring Security setup & common features, when and where to apply, different authentication methods, securing password with encoding schemes, & integrating Spring Security in Spring MVC 4 and Hibernate based applications, exploring them with help of fully-working examples.spring security training in chennai