View RSS Feed

Spring Framework

Configuring Web Security in Spring

Rate this Entry
by , 11-27-2011 at 10:49 PM (1060 Views)
In a previous tip, I showed how to add in the necessary servlet filters in your Spring application file. We added both the Delegating FilterProxy along with the another filter, FilterChainProxy. In general, Spring security will automatically create these beans for you when you configure the <http> element.

Java Code:
<http> 
    <form-login />
    <http-basic />
    <logout /> 
    <intercept-url pattern="/**" access="ROLE_USER" />
</http>
In this configuration Spring security will intercept requests for all URLs and restrict access to only authenticated users who have the ROLE_USER role. Note the intercept pattern uses an Ant-style path in the pattern attribute of <intercept- url>. The <http> element automatically sets up a FilterChainProxy, delegated to by the DelegatingFilterProxy and all of the filter beans in the chain.

In addition to those filter beans, by setting the auto-config attribute to true, we have a free login page, support for HTTP Basic authentication, and support for logging out. In the next tip, I will show you what the login page will look like with Spring security. Until next time!

Submit "Configuring Web Security in Spring" to Facebook Submit "Configuring Web Security in Spring" to Digg Submit "Configuring Web Security in Spring" to del.icio.us Submit "Configuring Web Security in Spring" to StumbleUpon Submit "Configuring Web Security in Spring" to Google

Comments