Skip to content

Spring Securities

Jump to bottom
Vishnu Garg edited this page Aug 17, 2018 · 2 revisions

Spring Securieties

Introduction

Spring Security is a framework that focuses on providing both authentication and authorization to Java EE-based enterprise software applications.

Maven Dependency

<dependencies>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>4.1.1.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>4.1.1.RELEASE</version>
    </dependency>
</dependencies>

Spring Security Modules

spring-security-core

It contains core authentication and access-control classes and interfaces.

spring-security-web

It contains filters and related web-security infrastructure code. It also enable URL based security which we are going to use in this demo.

spring-security-config

It contains the security namespace parsing code. You need it if you are using the Spring Security XML file for configuration.

spring-security-taglibs

It provides basic support for accessing security information and applying security constraints in JSPs.

Configure DelegatingFilterProxy in web.xml 👍

Spring Security’s web infrastructure is based entirely on standard servlet filters. These filters are defined in web.xml file or they will be ignored by the servlet container.

In Spring Security, the filter classes are also Spring beans defined in the application context and thus able to take advantage of Spring’s rich dependency-injection facilities and lifecycle interfaces. Spring’s **DelegatingFilterProxy **provides the link between web.xml and the application context.

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
 
 
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

If you are not using any explicit filter definitions and wants spring to configure basic infrastructure for you, then use filter name as ‘springSecurityFilterChain‘ as in above example. Note that you should not use this bean name yourself. Once you’ve added this to your web.xml, you’re ready to start editing your spring security configuration file. Web security services are configured using the element.

Refrences

  1. HowToDOInJAva https://howtodoinjava.com/spring-security-tutorial/
  2. Journel dev https://www.journaldev.com/2715/spring-security-example-tutorial
  3. MyKong http://www.mkyong.com/tutorials/spring-security-tutorials/
  4. Blog

https://javabeginnerstutorial.com/spring-security-tutorial/spring-security-introduction-tutorial/ 5. BaleDung https://www.baeldung.com/security-spring

Clone this wiki locally