Spring Security custom login form example

In previous post,we have used default login page generated by Spring security framework. In this post, we will see how to use custom login page in Spring security.

Spring MVC tutorial:

In this post, we will see how to apply custom login form  spring security to spring mvc hello world example.

If you want to secure your spring web application , you just need to configure some files to make it happen using spring security. We will apply login security on hello world example, so when only authorised users will be able to access hello world message.

Here are steps to apply spring security custom login form on spring mvc hello world example.

Step 1: 
Create Spring mvc hello world example named SpringSecurityHelloWorldExample . It will create basic spring mvc application.

Step 2: 
Add spring security to pom.xml. You need to add following dependencies to the pom.

pom.xml 

Create Controller  and view

step 3:
Change controller class named “HelloWorldController.java” as below

As  request first goes to dispatcherServlet and it redirects to controller class. Here @Controller depicts that this is our controller class. @RequestMapper is used to map incoming http request to handler method(hello() in above controller).So hello() method of HelloWorldController.java will handle GET request from dispatcher.
Here We have used Principal object to get current logged in username. It is set by Spring security framework.

Step 4: 
Modify hello.jsp in /WEB-INF/pages folder

Step 5:
Create login.jsp in /WEB-INF/pages folder

We have used css file in above login.jsp. Create style.css file as below.


Step 6:  

Now we need to add spring configuration xml. Create a file named spring-security.xml.

We have used form-login in above file, so if user tries to access any secured url, he will be authenticated based on above form-login configuration.
Lets understand meaning of each attribute of form-login tag

login-page : we need to provide url for login page.
default-target-url : here if authentication is successful, then target page url should be provided.
authentication-failure-url : if authentication is unsuccessful, then redirection page url should be provided here.

intercept-url configure for which pattern what kind of security is configured. For example: If http request url has pattern /hello*(hello.jsp,helloworld.html), it will be accessed to ROLE_ADMIN only.

We have hardcoded username(java2blog and arpit) and password(java123 and arpit123)   in authentication manager, so if user provides correct credential for admin then only he will be able to access helloworld.html.

Step 7: 
springmvc-dispatcher-servlet.xml

Step 8: We need to change in web.xml to configure spring security.

Here we have used DelegatingFilterProxy which intercepts http request and pass it to springSecurityFilterChain. springSecurityFilterChain is a bean created by spring with http element used in spring-security.xml. It maintains list of all filters and is responsible for chain of filters.
We are done with changes required for spring security.
Step 9:
It’s time for maven build.
 
Provide goals as clean install (given below) and click on run

Run the application

Step 10:
Right click on project -> run as -> run on server
Select apache tomcat and click on finish

   You will see below screen:

When you click on above link, you will get following login page.

If you put wrong password and try to login, you will get below screen

 

If you put correct user id and password

Bingo !! you have logged in successfully.

When you click on logout, you will be back to first screen.

Download source code:

click to begin
20KB .zip

Please comment if you have any issues with above post.


import_contacts

You may also like:


import_contacts

You may also like:

Related Posts

  • Get current year in java
    13 July

    Get current year in Java

    Table of ContentsUsing Date and SimpleDateFormatUsing CalendarUsing LocalDateUsing LocalDateTimeusing ZonedDateTimeUsing OffsetDateTimeUsing Instant and ZoneIdUsing Instant and ZoneOffsetConclusion In this post, we will see how to get current year in Java. Using Date and SimpleDateFormat The Date class was introduced in Java 1.0 and provided different approaches to work with time. The SimpleDateFormat inherits from DateFormat […]

  • 13 July

    Remove substring from String in Java

    Table of ContentsUsing String’s replace method to remove substring from String in JavaUsing String’s replaceFirst method to remove substring from String in JavaUsing String’s replaceAll method to remove substring from String in JavaUsing StringBuilder’s delete() method to remove substring from String in JavaUsing StringBuilder’s replace() method to remove substring from String in JavaConclusion In this […]

  • 9Cartoon
    13 July

    13 Best Working 9Cartoon Alternatives in 2021 (Tried and Tested)

    Table of ContentsBest 9cartoon AlternativesCartoonsOnAnimeDaoAnimeToonKissAnimeToonGetWatch Cartoons OnlineCartoonCrazyToonovaKimCartoonWatch SeriesNyaaToonJetKissCartoonFrequently Asked QuestionsWhat is 9cartoon?Is 9cartoon free?What happened to 9cartoon?Which are the best 9cartoon alternatives?Wrapping Up Are you having trouble accessing 9cartoon? Well then, you’re just at the right place. 9cartoon is a well-known web-based platform that bagged a large quality of cartoons, relative TV shows and movies. […]

  • 13 July

    Einthusan Alternatives : 16 Best websites like Enthusan in 2021

    Table of ContentsEinthusan alternativesYouTubeYuppTVSonyLIVJio CinemaHotstarVootZee5HungamaAmazon Prime VideoAirtel XtremeMX PlayerEros NowNetflixHonorable Mentions123 MoviesF MoviesSoap2dayFrequently Asked Questions**Is Einthusan Blocked in India?Is Einthusan Safe?Is Einthusan Free?Einthusan Downloader: Is it legit?Final Words Einthusan is a well-known platform for watching movies online. From streaming in different languages to downloading them for online viewing, the platform offered everything that movie lovers […]

  • CQATest
    13 July

    Everything You Need to Know About CQATest in 2021

    Table of ContentsCQATest: A Brief OverviewHow Can CQATest Help?Problems Associated with CQA TestFixing Problems Associated with CQATestDisabling CQATest AppMethod 1: Force Stopping CQATest AppMethod 2: Resetting Your DevicePrecautions: Things to Keep in Mind Before Disabling CQATest.FAQsWhat is CQATest on Android?What does CQA stand for?Is CQATest app a virus?Is CQA Test Safe?What are the most common […]

  • Copy DataFrame in Python
    10 July

    Copy DataFrame in Pandas

    This articles provide different ways to copy DataFrame in Pandas.

Comments

  1. Appreciating the dedication you put into your blog and in depth information you offer. It’s nice to come across a blog every once in a while that isn’t the same old rehashed information. Great read! I’ve saved your site and I’m adding your RSS feeds to my Google account.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our newletter

Get quality tutorials to your inbox. Subscribe now.