Spring Security for JSP development, springsecurity

Spring Security for JSP development, springsecurity

Spring Security for JSP development

Preface:

Spring Security is a Security framework that provides descriptive Security access control solutions for Spring-based enterprise application systems. It provides a set of beans that can be configured in the Spring application context, making full use of Spring IoC (dependency injection, also known as control inversion) and AOP (Aspect-Oriented Programming) features, it provides declarative security access control for application systems, reducing the need to write a large amount of repetitive code for enterprise system security control.

The predecessor of Spring Security is Acegi Security, which is the framework used by the Spring Project Team to provide Security authentication services. Spring Security provides comprehensive Security services for J2EE-based enterprise applications. Especially enterprise software projects developed using the leading J2EE solution-Spring framework.

Function

Spring Security's support for Web Security relies heavily on Servlet filters. These filters intercept incoming requests and perform some security processing before the application processes the requests. Spring Security provides several filters that can intercept Servlet requests and forward these requests to the authentication and access decision manager for processing to enhance Security. You can use the filters listed in Table 7.4 to protect your applications as needed.

If you have used Servlet filters, you must configure them using the <filter> and <filter-mapping> elements in the Web. xml file of the web application to make them take effect. This method works, but it does not apply to the configuration using dependency injection.

FilterToBeanProxy is a special Servlet filter. It does not work much but delegates its work to a Bean in the context of the Spring application. The Bean to be delegated is similar to other Servlet filters to implement the javax. servlet. Filter interface, but it is configured in the Spring configuration file instead of the web. xml file.

In fact, the Bean represented by FilterToBeanProxy can be any implementation of javax. servlet. Filter. This can be any filter of Spring Security, or it can be a filter created by itself. However, as mentioned in this book, Spring Security requires at least four filters that may contain a dozen or more filters.

Through practical application and community contributions in many projects, Spring Security has become the most mature Security system in Spring Framework. It provides us with powerful and flexible enterprise-level Security services, for example:

• Authentication and authorization mechanism
• Web Resource Access Control
• Business method call Access Control
• Access Control List (ACL)
• Central Authentication Service)
• X509 Authentication
• Channel Security management and other functions

Simple Example

1. Create a web project springSecurity3

2. Extract the spring-security-3.1.0.RELEASE downloaded from the spring website, decompress the spring-security-samples-contacts-3.1.0.RELEASE.war, and put the jar package under the lib directory.

3. Modify the web. xml configuration as follows:

<? Xml version = "1.0" encoding = "UTF-8"?> <Web-app version = "2.5" xmlns =" http://java.sun.com/xml/ns/javaee "Xmlns: xsi =" http://www.w3.org/2001/XMLSchema-instance "Xsi: schemaLocation =" http://java.sun.com/xml/ns/javaee  http://java.sun.com/xml/ns/javaee /Web-app_2_5.xsd "> <! -- Load the Spring XML configuration file --> <context-param> <param-name> contextConfigLocation </param-name> <param-value> classpath: securityConfig. xml </param-value> </context-param> <! -- Configure the filter chain of Spring Secutiry3.1 --> <filter-name> springSecurityFilterChain </filter-name> <filter-class> org. springframework. web. filter. delegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name> springSecurityFilterChain </filter-name> <url-pattern>/* </url-pattern> </filter-mapping> <! -- Spring container start listener --> <listener-class> org. springframework. web. context. contextLoaderListener </listener-class> </listener> <welcome-file-list> <welcome-file> index. jsp </welcome-file> </welcome-file-list> </web-app>

4. Create the securityConfig. xml file under src as follows:

<? Xml version = "1.0" encoding = "UTF-8"?> <B: beans xmlns =" http://www.springframework.org/schema/security "Xmlns: B =" http://www.springframework.org/schema/beans "Xmlns: xsi =" http://www.w3.org/2001/XMLSchema-instance "Xsi: schemaLocation =" http://www.springframework.org/schema/beans  http://www.springframework.org/schema/beans Spring-beans-3.0.xsd http://www.springframework.org/schema/security  http://www.springframework.org/schema/security /Spring-security-3.1.xsd "> <! -- The logon page is not filtered --> 
5. Create login. jsp in WebRoot as follows:

<Body> <form action = "j_spring_security_check" method = "POST"> <table> <tr> <td> User: </td> <input type = 'text' name = 'J _ username'> </td> </tr> <td> password: </td> <input type = 'Password' name = 'J _ password'> </td> </tr> <td> <input name = "reset" type = "reset"> </td> <input name = "submit" type = "submit"> </td> </tr> </table> </form> </body>
6. Create accessDenied. jsp in WebRoot,

<Body> your access is denied and you are not authorized to access this resource! <Br> </body>
Create admin. jsp as follows:

<Body> welcome to the Administrator page. <br> </body>
Modify index. jsp as follows:

<Body> This is the homepage. Welcome to <sec: authentication property = "name"/>! <Br> <a href = "admin. jsp "rel =" external nofollow "> enter the admin page </a> <a href =" other. jsp "rel =" external nofollow "> go to other pages </a> </body>
Now, deploy the project and access index. jsp.

The user name is the user name just deployed. What? Forgot. Well, I'll give it to you again.

<user name="john" password="john" authorities="ROLE_USER" /> <user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" /> 
The page with different permissions is different. You can try it.
The above is a detailed description of Spring Security instances in JSP development. If you have any questions, please leave a message or go to the community on this site for discussion. Thank you for reading this article and hope to help you. Thank you for your support for this site!