Setting up Secure Web Requests in Spring
by, 11-27-2011 at 10:48 PM (1153 Views)
Continuing our investigation of Spring Security, in this tip I will look at making secure web requests. All activities that starts in a java web application is initiated via an HttpServletRequests. As such, this is where the security of your application will start. This security takes the form of request-level security. This involves declaring one or more URL patterns as requiring some level of granted authority and restricting access to those without authority from accessing the content of those URLs.
Now to do this, you need to authenticate the user. That means getting them to log in and identify themselves. Of course, being a full featured framework, Spring Security supports this type of request-level security. To do this, it is necessary to setup servlet filters that provide the various security features. In fact we need to add the DelegatingFilterProxy, which is a special servlet filter that delegates to an implementation of javax.servlet.Filter thatís registered as a <bean> in the Spring application context filter:
The name, springSecurityFilterChain, is used to look up the filter bean from the Spring application context. Itís another special filter known as FilterChainProxy. Itís a single filter that chains together one or more additional filters. Spring Security relies on several servlet filters to provide different security features. In our next tip, I will show you how to configure Spring Security.Java Code:<filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> </filter>