Spring Book – Chapter 15 – Web Application Security with Spring

Spring Security Quick Start

In this section we will see how to introduce Spring Security in a typical Spring MVC application. It is to be noted that Spring Security not only works with Spring MVC, it works seamlessly with other web frameworks as well as other type of application according to the security requirements. This section considers introducing Spring Security in a web environment.

We will look at how to quickly add security to a web application using an out-of-the-box configuration using mainly default settings. In practice most things are highly configurable and the framework provides many powerful services. The underlying classes can also be easily extended to adapt their behavior. However, the aim here is to get up and running as quickly as possible without going into too much detail. Many Spring Beans will be created behind the scenes by the configuration we show, but you don’t need to know about these, at least not to begin with. Figure 15-11 below shows a typical working of Spring Security in action.

Figure 15-11. Working of Spring Security

Figure 15-11. Working of Spring Security

The various steps required to add the Spring Security in a web environment is as summarized below:

1. Hooking Spring Security to the web application using the web deployment descriptor web.xml file. Configure the Spring Security filter and map it accordingly as shown in Listing 15-15 below. The name of the filter “springSecurityFilterChain” should be kept as is because the security framework uses this internally in many places as a Spring bean.

Listing 15-15. Configuring Spring Security filter in the web deployment descriptor file web.xml

2. Include bare minimum Spring modules required into the project. The mandatory ones are as given below:

  1. spring-core-3.x.x.jar
  2. spring-web-3.x.x.jar
  3. spring-security-core-3.x.x.jar
  4. spring-security-web-3.x.x.jar
  5. spring-security-config-3.x.x.jar

If you are using Maven as the build tool, include these jars in the pom.xml file of your web project. Otherwise download these jars separately and include these in the web application’s WEB-INF/lib directory.

3. Configure the Spring Security configuration file, which can be split into various steps as summarized below:

a. Configure security namespace in the Spring Security configuration file as shown in Listing 15-16 below. In Listing 15-1 below the security namespace is set as the default, so you need not use the security namespace while using security related tags in this configuration file.

Listing 15-16. Security namespace in Spring Security configuration file

b. Web URL authorization configuration as shown in Listing 15-17 below.

Listing 15-17. Web URL authorization configuration

The “auto-config” attribute is actually a shorthand syntax for the following syntax as shown in Listing 15-18 below. we will be covering these cofiguration in the latter part of this Chapter.

Listing 15-18. Attribute auto-config is shorthand for the foloing syntax in Spring Security configuration

Page Visitors: 11052

The following two tabs change content below.
Tomcy John

Tomcy John

Blogger & Author at javacodebook
He is an Enterprise Java Specialist holding a degree in Engineering (B-Tech) with over 10 years of experience in several industries. He's currently working as Principal Architect at Emirates Group IT since 2005. Prior to this he has worked with Oracle Corporation and Ernst & Young. His main specialization is on various web technologies and acts as chief mentor and Architect to facilitate incorporating Spring as Corporate Standard in the organization.
Tomcy John

Latest posts by Tomcy John (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *