Spring security hello world xml

by

Directory Structure

pom.xml file


  4.0.0
  w3spoint
  SpringSecurity
  war
  0.0.1-SNAPSHOT
  SpringSecurityld Maven Webapp
  http://maven.apache.org
  
  
  	5.0.2.RELEASE
  	5.0.0.RELEASE
  	1.2
  
  
  
    
      junit
      junit
      3.8.1
      test
    
    
	
		org.springframework
		spring-core
		${spring.version}
	

	
		org.springframework
		spring-web
		${spring.version}
	

	
		org.springframework
		spring-webmvc
		${spring.version}
	

	
	
		org.springframework.security
		spring-security-web
		${spring.security.version}
	

	
		org.springframework.security
		spring-security-config
		${spring.security.version}
	

	
	
		jstl
		jstl
		${jstl.version}
	
	
	
	  
	    javax.servlet  
	    javax.servlet-api  
	    3.1.0  
	    provided  
	  
  
  
    
      
    	
        org.apache.maven.plugins
        maven-compiler-plugin
        3.7.0
        
          1.8
          1.8
        
      
      
          
            org.apache.maven.plugins  
            maven-war-plugin  
            2.6  
              
                false

dispatcher-servlet.xml file

spring-security.xml file

web.xml file

  



	
	
		dispatcher
		org.springframework.web.servlet.DispatcherServlet
		1
	
	
		dispatcher
		/
	

	
		org.springframework.web.context.ContextLoaderListener
	

	
		springSecurityFilterChain
		org.springframework.web.filter.DelegatingFilterProxy
	
	
		springSecurityFilterChain
		/*
	

	
		contextConfigLocation
		
			/WEB-INF/dispatcher-servlet.xml
			/WEB-INF/spring-security.xml

HelloWorldController.java

package com.w3schools360;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

@Controller
public class HelloWorldController {
	@RequestMapping(value =  "/" , method = RequestMethod.GET)
	public ModelAndView helloPage() {
		ModelAndView model = new ModelAndView();
		model.addObject("message", "Welcome page.");
		model.setViewName("hello");
		return model;
	}

	@RequestMapping(value = "/user**", method = RequestMethod.GET)
	public ModelAndView helloUserPage() {
		ModelAndView model = new ModelAndView();
		model.addObject("message", "Welcome page for user.");
		model.setViewName("helloUser");
		return model;
	}
}

hello.jsp file

<%@page session="false"%>


	
Spring MVC + Spring Security
	
	
${message}

helloUser.jsp file

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>


	
Spring MVC + Spring Security
	
	
${message}

Run the application on server. The URL http://localhost:8080/SpringSecurity/ will display the following output on browser.
Spring security
As we add spring security on user page, so when we hit http://localhost:8080/SpringSecurity/user. Browser will open a login page to validate the user. We didnot create this page. It is provides by spring security framework by default.

Spring security

Enter wrong credentials
Spring security

The credentials will be matched against the values mentioned in spring-security.xml file. With wrong credentials, it will show following error
Spring security

Note: If you try to login with right credentials you will get the following error.
java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id “null”.

It is because, in spring-security-core:5.0.0.RC1, the default PasswordEncoder is built as a DelegatingPasswordEncoder. When we store the users in memory, we are providing the passwords in plain text and when trying to retrieve the encoder from the DelegatingPasswordEncoder to validate the password it can’t find one that matches the way in which these passwords were stored.

We can create user with this way: 

User.withDefaultPasswordEncoder().username("user").password("user").roles("USER").build();

We will see it in next example with annotations.