Spring Security 4 Authentication Annotation XML Example

This tutorial shows you how to create Spring Security 4 Authentication Annotation XML Example. This example will demonstrate to secure a Spring MVC web application with authentication URL access.

Table of contents:
1. Project structure
2. Maven dependencies
3. Spring Security Configuration
4. Register security filter
5. Create Controller
6. Configure Spring MVC with Java Annotation Configuration
7. Configure the Dispatcher Servlet
8. Create views
9. Deploy Spring Security 4 Authentication Annotation XML Example

Other interesting posts you may like

Now, we are ready to create Spring Security 4 Authentication Annotation XML Example following step by step.

Project structure
Make sure your project looks similar to the following structure

Spring-Security-Annotation-Example-project

Maven dependencies
We are using the latest version of Spring MVC and Spring Security in this example. One more thing, we are configuring our application using Java Annotation Configuration, we don’t use the web.xml anymore. We need to instruct Maven to ignore the web.xml file by setting the failOnMissingWebXml element to false. Below is the pom.xml file for our project.

Spring Security Configuration
We enable spring security in the application by creating Spring Security Java Configuration class. This class is responsible for protecting the URLs, validating username and password, redirecting to the log in form in the application.

Let’s dig deeper
The method configureGlobalSecurity(AuthenticationManagerBuilder auth) creates AuthenticationManagerBuilder with user credentials and appropriate roles. There are other authentication ways like JDBC, LDAP or other authentications. But we are using in-memory authentication in this example.

The method Configure makes HttpSecurity configuration for specific http requests. We are using antMathchers to restrict the specific requests here. Otherwise all requests will be applied by default.

We catch all the 403 cases (http access denied) and redirect to our error page by using exceptionHandling().accessDeniedPage()

The above security java configuration is equivalent with the below XML configuration:

Register security filter
We create the class which extends AbstractSecurityWebApplicationInitializer to register spring security filter with the application. AbstractSecurityWebApplicationInitializer includes DelegatingFilterProxy and ContextLoaderListener.

The above security java configuration is equivalent with the below XML configuration:

Create Controller
We create simple controller demonstrates authentication steps with every user roles. Notices that we use the method getPrincipal to get user name from Spring SecurityContext. Our controller should be implemented like below:

Configure Spring MVC with Java Annotation Configuration

If you are similar to configure Spring MVC with annotation you can skip over this step. Where as you can study about it by refering to the post Spring MVC Annotation Example or look into attached source code. We will not mention it here.

Configure the Dispatcher Servlet

If you are similar to configure the Dispatcher Servlet you can skip over this step. Where as you can study about it by refering to the post Spring MVC Annotation Example or look into attached source code. We will not mention it here.

Create Views
We need to create views to display messages of authentication results.

index.jsp

admin.jsp

root.jsp

error.jsp

Deploy Spring Security 4 Authentication Annotation XML Example

After building the project by maven we deploy the file war on application server (Tomcat 8 for example). Run the URL http://localhost:8080/spring-security-annotation/ and the screen looks like this

Spring Security 4 Authentication Annotation XML Example welcome

Next, click the link “Login as Admin” on the above screen. The login form appears such as below

Spring Security 4 Authentication Annotation XML Example login

Login as user role

Spring Security 4 Authentication Annotation XML Example input

Then the error page appears such as below

Spring Security 4 Authentication Annotation XML Example error

Login as admin role with wrong password

Spring Security 4 Authentication Annotation XML Example wrong

Login again admin role and credentials (admin/admin123) the admin page appears like below

Spring Security 4 Authentication Annotation XML Example admin

Repeat the above steps with root role and root credentials you will get the the same result.

That’s all on the tutorial Spring Security 4 Authentication Annotation XML Example. If you find my mistake please leave comment or feedback.

Download complete source code, click link below

Spring-Security-Annotation-Example.zip (60 downloads)

Leave a Comment

*

Please share it if you found this useful
Hide Buttons