View RSS Feed

Spring Framework

Login Forms with Spring Security

Rating: 2 votes, 1.00 average.
by , 11-27-2011 at 11:51 PM (3491 Views)
In my previous tips I showed how to add in the necessary servlet filters in your Spring application file and then to configure minimal security in your Spring application. In this tip, we will look at setting up a form for logging into an application.

As I mention in the last tip, by setting auto-config to true, the autoconfiguration give our a free login page, support for HTTP Basic authentication and logging out, and Spring Security will automatically generate a login page page. This is what it looks like:

Java Code:
<html> 
   <head><title>Login Page</title></head> 
   <body onload='document.f.j_username.focus();'>
   <h3>Login with Username and Password</h3> 
   <form name='f' method='POST'
   	action='/Springexample/j_spring_security_check'> 
       <table>
       <tr><td>User:</td><td> 
	<input type='text' name='j_username' value=''>
       </td></tr> 
       <tr><td>Password:</td><td>
	<input type='password' name='j_password'/> </td></tr>
       <tr><td colspan='2'><input name="submit" type="submit"/></td></tr>
       <tr><td colspan='2'><input name="reset" type="reset"/></td></tr> 
    </table>
   </form> 
</body>
</html>
This login form will be automatically generated via the path /spring_security_login relative to the application’s context URL. So for the springexample application the URL would be: http://localhost:8080/springexample/...security_login.

The last thing is to configure the <form-login> element:

Java Code:
<http auto-config="true" use-expressions="false"> 
      <form-login login-processing-url="/static/j_spring_security_check"
	login-page="/login" 
	authentication-failure-url="/login?login_error=t"/>
</http>
A couple of things to note. First the login attribute specifies a new context-relative URL for the login page. The login page will reside at /login. This will be handled by the Spring MVC controller. If authentication fails, the authentication- failure-url attribute is configured to return the user back to the login page. Finally, the login-processing-url is set to /static/j_spring_security_ check. This is the URL that the login form will submit back to to authenticate the user.

Submit "Login Forms with Spring Security" to Facebook Submit "Login Forms with Spring Security" to Digg Submit "Login Forms with Spring Security" to del.icio.us Submit "Login Forms with Spring Security" to StumbleUpon Submit "Login Forms with Spring Security" to Google

Categories
Security , Web , Spring 3

Comments