GithubHelp home page GithubHelp logo

spring-mvc-security-test's Introduction

Spring-MVC & Security-Test-Application

With Spring security & Spring MVC working on authentication, authorization [csrf].

Login :

 Application starting with custom login page (not Spring login page) with name 'login.jsp' and 'spring-security.xml' will
 handle the authentication op. with checking 'username & password' from database[go to below] if the user found will send the url to 
 'default-target-url="/hello"' else 'authentication-failure-url="/login?error=true" ' thats mean 'spring-security.xml' will
 redirect the user to 'login' page with message in 'sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message' while login op.
 end successfully.

Log out :

When user pressing 'Logout' button application will send the user to '/j_spring_security_logout' with hidden 
'${_csrf.parameterName}' and '${_csrf.token}' in POST method because _csrf 
need to invalidate session with spessific UID and '@Controller'[SecurityController] page will handle it and will log it out. 
Than will redirect the user to 'login' page again.

Access denied :

All users have some role like 'ROLE_USER' or 'ROLE_ADMIN' we need to prevent all users to access 'admin' page or panel to do this
we have to add some intercept-urls in 'spring-security.xml' than Spring will work as we want and when the user that doesn't have
permission to view private pages will redirect to 'Spring default access denied page'
Example :  just ROLE_ADMIN can access this page.
So to create custom access denied page and redirect to user to it we have to add 'error-page' to 'web.xml' and add this line 
 to 'spring-security.xml' than handle this url in '@Controller'
[SecurityController] page.

Database connection and injecting to security.xml :

If we use xml configuration with Spring we have to set all connection configurations in 'spring-config.xml'.
We alredy created our connection properties with 'id="dataSource"' and as like we said above 'spring-security.xml' need to check
the username and password from database thats why we will give this connection to 'spring-security.xml' with this line : 
'' than we need to add connection id in tag jdbc-user-service 
like this :  and Spring will use this connection.

Note :

We also can use default Spring login page, default access denied page or without connection to database like : 
Spring Security Annotation Example | Spring Security without db connection Example

I hope this help you.

For any question :

If you have question or feedback about this application please email me at : [email protected]

spring-mvc-security-test's People

Contributors

coder-acjhp avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.