Configuring Web Security in Spring
by, 11-27-2011 at 11:49 PM (881 Views)
In a previous tip, I showed how to add in the necessary servlet filters in your Spring application file. We added both the Delegating FilterProxy along with the another filter, FilterChainProxy. In general, Spring security will automatically create these beans for you when you configure the <http> element.
In this configuration Spring security will intercept requests for all URLs and restrict access to only authenticated users who have the ROLE_USER role. Note the intercept pattern uses an Ant-style path in the pattern attribute of <intercept- url>. The <http> element automatically sets up a FilterChainProxy, delegated to by the DelegatingFilterProxy and all of the filter beans in the chain.Java Code:<http> <form-login /> <http-basic /> <logout /> <intercept-url pattern="/**" access="ROLE_USER" /> </http>
In addition to those filter beans, by setting the auto-config attribute to true, we have a free login page, support for HTTP Basic authentication, and support for logging out. In the next tip, I will show you what the login page will look like with Spring security. Until next time!