In this example, we will see how to use Spring security in a Java Servlet and JSP application. We will use Spring web security to do in-memory authentication. As this web application will run in a servlet container, JSP and Servlet can be used as usual. We will not use Spring MVC in this example.
Maven dependencies
pom.xml<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
Java Config class
@EnableWebSecurity
public class AppConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(AuthenticationManagerBuilder builder)
throws Exception {
builder.inMemoryAuthentication()
.withUser("alexa")
.password("123")
.roles("USER");
}
}
Initializing Java Config
public class AppSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
public AppSecurityInitializer() {
super(AppConfig.class);
}
}
A JSP page
src/main/webapp/index.jsp<html>
<body>
<h2>Welcome to App</h2>
<p>
<%=request.getUserPrincipal().getName().toString()%>
</p>
<a href="/example">Go to Example Servlet</a>
</body>
</html>
A Servlet
@WebServlet(name = "exampleServlet", urlPatterns = {"/example"})
public class ExampleServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req,
HttpServletResponse resp) throws ServletException, IOException {
resp.setContentType("text/html");
PrintWriter writer = resp.getWriter();
String servletName = getServletConfig().getServletName();
writer.println("handling request, servlet name: " + servletName);
writer.println("<br/>");
writer.println("user: "+req.getUserPrincipal().getName());
writer.println( "<br/><a href=\"/index.jsp\">Main Page</a>");
}
}
To try examples, run embedded tomcat (configured in pom.xml of example project below):
mvn tomcat7:run-war
Output
Accessing any resource for the first time will show Spring authentication form:
After submitting user name and password as we set up in our AppConfig class:
Clicking on the 'Go to Example Servlet' link:
Example ProjectDependencies and Technologies Used: - spring-security-web 4.2.3.RELEASE: spring-security-web.
- spring-security-config 4.2.3.RELEASE: spring-security-config.
- javax.servlet-api 3.1.0 Java Servlet API
- JDK 1.8
- Maven 3.3.9
|