Archive

Archive for the ‘Spring’ Category

Drools 6 Decision Table with Spring MVC

June 8, 2015 Leave a comment

Drools is the Java Rules engine from Jboss. This article covers on how to use the Drools Decision Table using excel sheets with a Spring MVC project.

To start with, create a basic Spring MVC project using Spring STS. Add the following dependencies for drools on the pom file generated by the template in STS.


<dependency>
 <groupId>org.drools</groupId>
 <artifactId>drools-core</artifactId>
 <version>6.2.0.Final</version> 
 </dependency>
 <dependency>
 <groupId>org.drools</groupId>
 <artifactId>drools-compiler</artifactId>
 <version>6.2.0.Final</version> 
 </dependency>
 <dependency>
 <groupId>org.kie</groupId>
 <artifactId>kie-spring</artifactId>
 <version>6.2.0.Final</version> 
 </dependency>
 <dependency>
 <groupId>org.kie</groupId>
 <artifactId>kie-api</artifactId>
 <version>6.2.0.Final</version> 
 </dependency>
 <dependency>
 <groupId>org.kie</groupId>
 <artifactId>kie-internal</artifactId>
 <version>6.2.0.Final</version> 
 </dependency>

Create a spring-context.xml file in the following location /WEB-INF/spring with the following content


<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
 xmlns:context="http://www.springframework.org/schema/context"
 xmlns:kie="http://drools.org/schema/kie-spring"
 xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://drools.org/schema/kie-spring http://drools.org/schema/kie-spring.xsd">

<kie:kmodule id="kmodule1">
 <kie:kbase name="kbase1" packages="com.codesilo.wordpress.rules">
 <kie:ksession name="ksession1" type="stateless" />
 </kie:kbase>
 </kie:kmodule>

<beans:bean id="kiePostProcessor"
 class="org.kie.spring.KModuleBeanFactoryPostProcessor" />

</beans:beans>

The package here “com.codesilo.wordpress.rules” denotes the location where the decision tables are located. We will create that one we have created the POJO.

Add the /WEB-INF/spring/spring-context.xml on the contextConfigLocation in web.xml. The contextConfigLocation should now look like


<context-param>
 <param-name>contextConfigLocation</param-name>
 <param-value>/WEB-INF/spring/root-context.xml
 /WEB-INF/spring/root-context.xml</param-value>
 </context-param>

We create the POJO named as RouteAttribute in the following package com.wordpress.codesilo.model. This object will be used as the fact for the rules defined,


package com.wordpress.codesilo.model;

public class RouteAttribute {

private String country;
 private String state;
 private boolean newEntry;
 
 //Result
 private String ansOnRule;

public String getCountry() {
 return country;
 }

public void setCountry(String country) {
 this.country = country;
 }

public String getState() {
 return state;
 }

public void setState(String state) {
 this.state = state;
 }

public boolean isNewEntry() {
 return newEntry;
 }

public void setNewEntry(boolean newEntry) {
 this.newEntry = newEntry;
 }

public String getAnsOnRule() {
 return ansOnRule;
 }

public void setAnsOnRule(String ansOnRule) {
 this.ansOnRule = ansOnRule;
 }
 
}


Now we create the decision table (Rules.xls) on the following location com.codesilo.wordpress.rules

Rules

The file can also be downloaded from here.

As a last step, we change HomeController.java to fire the rules. This can be later moved to any controller/MVC flow. We inject the KieBase object by the following..

@Autowired
private KieBase kieBase;

Add the following in the default method on the HomeController class.


RouteAttribute routingComponent = new RouteAttribute();

routingComponent.setCountry("US");

StatelessKieSession statelessKieSession =  kbase.newStatelessKieSession();

statelessKieSession.execute(routingComponent);

Now, if we bring up the server, the default method is going to run and call the rules from above.

Advertisements

Spring MVC with Sitemesh 3

July 11, 2013 3 comments

In one of my earlier posts I showed some steps to create a project with Struts Tiles. This post mentions the steps to get a basic Spring MVC project running with Sitemesh 3. Sitemesh is a decorator framework. More information on Sitemesh 3 can be found here.

CREATING A BASIC SPRING MVC PROJECT

We will use the Spring Developer Toolsuite and Maven 3 for our project. Go to the toolsuite workspace and select File>New>Spring Template Project and choose Spring MVC Project from the list. Click yes on the download prompt. We will name the project as Sitemesh-SpringMVC and the package as com.wordpress.codesilo.

SETTING UP SITEMESH 3

Open the pom.xml of the Project and add the following dependency.

<dependency>
 <groupId>org.sitemesh</groupId>
 <artifactId>sitemesh</artifactId>
 <version>${sitemesh.version}</version>
</dependency>

Also add the following under properties

<sitemesh.version>3.0-alpha-2</sitemesh.version>

To the web.xml add the following

<filter>
 <filter-name>sitemesh</filter-name>
 <filter-class>org.sitemesh.config.ConfigurableSiteMeshFilter</filter-class>
</filter>
<filter-mapping>
 <filter-name>sitemesh</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>

Now create a sitemesh3.xml file in the web-inf folder of the project and add the decorator files mapping in the file like follows. We will create the decorator files next.

<sitemesh>
 <mapping path="/*" decorator="/WEB-INF/decorators/defaultDecorator.jsp"/>
 <mapping path="/user" decorator="/WEB-INF/decorators/userDecorator.jsp"/>
</sitemesh>

Create the decorators folder in your project and add the following  jsp files.

defaultDecorator.jsp

<html>
 <head>
 <title><sitemesh:write property='title'/></title>
 <sitemesh:write property='head'/>
 </head>

 <body>
 This is the default body in decorator:
 <sitemesh:write property='body'/>
 </body>
</html>

userDecorator.jsp

<html>
 <head>
 <title><sitemesh:write property='title'/></title>
 <sitemesh:write property='head'/>
 </head>

 <body>
 This is the decorator body in user:
 <sitemesh:write property='body'/>
 </body>
</html>

For the default decorator example we will use the home.jsp that was created as a part of the project template. For the user decorator, we will create a new view in the views folder. We will keep it very simple as follows.

user.jsp

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ page session="false" %>
<html>
<head>
 <title>User</title>
</head>
<body>
<h1>
 Hello User!
</h1>

<P> Welcome user ! </P>
</body>
</html>

We will also change the HomeController (created again as a part of the template) to add another method for the user request mapping. We will copy the method for the default request mapping and change it as follows. (Add the following code to the HomeConrtoller)

@RequestMapping(value = "/user", method = RequestMethod.GET)
public String user(Locale locale, Model model) {
 logger.info("Welcome home! The client locale is {}.", locale);
 return "user";
}

Now, if we run the application and try the following urls we will see the different results. Notice the content added by the decorators.

http://localhost:8080/codesilo/

SitemeshImage1

http://localhost:8080/codesilo/user

SitemeshImage2

ADDING POST TO SITEMESH3

I read somewhere that Sitemesh 3 had a bug that did not allow it to use POST on the requests. I tried to give it a shot. We will add a field on the default view to accept a name. We will send that as a POST to the user method and display that on the user view.

Here is User.java class.

package com.wordpress.codesilo;

public class User {

private String name;

public String getName() {
 return name;
 }

public void setName(String name) {
 this.name = name;
 }

}

The HomeController now looks like this:

 @RequestMapping(value = "/", method = RequestMethod.GET)
 public ModelAndView home(Locale locale, Model model) {
 logger.info("Welcome home! The client locale is {}.", locale);

 Date date = new Date();
 DateFormat dateFormat = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.LONG, locale);

 String formattedDate = dateFormat.format(date);

 model.addAttribute("serverTime", formattedDate );

 return new ModelAndView("home", "command", new User());
 }

 @RequestMapping(value = "/user", method = RequestMethod.POST)
 public String user(Locale locale, @ModelAttribute("SpringWeb")User user, Model model) {
 logger.info("Welcome " + user.getName());
 model.addAttribute(user);
 return "user";
 }

We will change the home.jsp to

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@taglib uri="http://www.springframework.org/tags/form" prefix="form"%>
<%@ page session="false" %>
<html>
<head>
 <title>Home</title>
</head>
<body>
<h1>
 Hello world!
</h1>

<P> The time on the server is ${serverTime}. </P>

<form:form method="POST" action="/codesilo/user">
 <form:input path="name" />
 <input type="submit" value="submit"/>
</form:form>

</body>
</html>

And, change user.jsp to

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ page session="false" %>
<html>
<head>
 <title>User</title>
</head>
<body>
<h1>
 Hello User!
</h1>

<P> Welcome ${user.name} ! </P>
</body>
</html>

Now if we call the urls we will see this..

http://localhost:8080/codesilo/

SitemeshImage3

Once we hit submit we will get the following

SitemeshImage4

It seems that the POST works too. Maybe it’s some specific case that I have not run into yet.

 

Hashing passwords in Spring Security

July 8, 2012 1 comment

Passwords should not be stored in clear text. It is a best practice to have a one way hash created before storing it. Spring Security provides a very easy way to accomplish this. Just add a passwordEncoder to the authentication-provider in the spring security configuration.
An easy way to this in Spring 3 and later is to have the following config. This uses a SHA-256 algorithm and the username is used to salt the hash.

<authentication-manager>
 <authentication-provider user-service-ref="customUserDetailsService">
 <password-encoder hash="sha-256">
 <salt-source user-property="username"/>
 </password-encoder>
 </authentication-provider>
 </authentication-manager>

In order to use hashed passwords, it becomes necessary that we store them hashed too. In order to this in the application, we can have the SignUp class hash the passwords before storing it in the datasource. (in our case MongoDB).
Here is an excerpt from my class …

@RequestMapping(value = "/signUp", method = RequestMethod.POST)
 public String home(Locale locale, Model model, @RequestParam("username") String username, @RequestParam("password") String password, @RequestParam("firstName") String firstName, @RequestParam("lastName") String lastName) {
 MongoOperations mongoOperation = (MongoOperations)mongoTemplate;
 User user = new User(username, passwordEncoder.encodePassword(password, username), firstName, lastName);
 user.setRole(2);

 logger.debug(user.toString());
 mongoOperation.save(user, "user");
 logger.debug("Adding the user to the database");
 model.addAttribute("user", user );
 return "signUpSuccessful";
 }

The following bean is used in the mongo-config.xml class to support the signUp process.

<bean id="passwordEncoder"
 class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
 <constructor-arg value="256"/>
</bean>

Spring security provides one iteration of the hash by default. In order to provide Key Stretching we can provide more iterations by using the following config instead.

<bean id="passwordEncoder"
 class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
 <constructor-arg value="256"/>
 <property name="iterations" value="1000"/>
 </bean>

The authentication-manager in the security config file can be used to reference the same bean so that the same number of iterations are performed at authentication.

<authentication-manager>
 <authentication-provider user-service-ref="customUserDetailsService">
 <password-encoder ref="passwordEncoder">
 <salt-source user-property="username"/>
 </password-encoder>
 </authentication-provider>
 </authentication-manager>

References:
Spring Source Doc

MongoDB Spring Data and Spring Security with custom UserDetailsService

July 8, 2012 12 comments

In a earlier write up we saw how we can setup basic spring security. In this one we will see how to make a custom UserDetailsService instead of using the credentials in the configuration file. We will use MongoDB as a datasource.

We will use the project from the Spring Security project we created earlier and add the MongoDB config details and user service to provide the capability. See my previous blog for setting up MongoDB Spring Data.

Add the following to the mongo-config.xml file in the location WEB-INF/mongo/

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns:context="http://www.springframework.org/schema/context"
 xmlns:mongo="http://www.springframework.org/schema/data/mongo"
 xsi:schemaLocation="http://www.springframework.org/schema/context
 http://www.springframework.org/schema/context/spring-context-3.1.xsd
 http://www.springframework.org/schema/data/mongo
 http://www.springframework.org/schema/data/mongo/spring-mongo-1.0.xsd
 http://www.springframework.org/schema/beans
 http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">

 <!-- Default bean name is 'mongo' -->
 <mongo:mongo host="localhost" port="27017" />

 <bean id="mongoTemplate"
 class="org.springframework.data.mongodb.core.MongoTemplate">
 <constructor-arg ref="mongo" />
 <constructor-arg name="databaseName" value="codesilo" />

 </bean>

 <!-- To translate any MongoExceptions thrown in @Repository annotated classes -->
 <context:annotation-config />

</beans>

Add the Spring Data dependencies in the pom.xml file

<dependency>
 <groupId>org.mongodb</groupId>
 <artifactId>mongo-java-driver</artifactId>
 <version>2.7.2</version>
 </dependency>
 <dependency>
 <groupId>org.springframework.data</groupId>
 <artifactId>spring-data-mongodb</artifactId>
 <version>1.1.0.M1</version>
 </dependency>
 <dependency>
 <groupId>cglib</groupId>
 <artifactId>cglib</artifactId>
 <version>2.2</version>
 </dependency>

Add the mongo-config.xml file to the contextConfigLocation on web.xml. The context param will look like this

<context-param>
 <param-name>contextConfigLocation</param-name>
 <param-value>/WEB-INF/spring/root-context.xml
 /WEB-INF/spring/security-app-context.xml
 /WEB-INF/mongo/mongo-config.xml
 </param-value>
 </context-param>

We will now create a CustomUserDetailsService class that implements UserDetailsService. We will add the implementation of loadUserByUsername method. The CustomUserDetailsService is as follows. The getUserDetail method queries to get the user object from MongoDB (it is assumed that the data is already there).

package com.wordpress.codesilo.model;

import java.util.ArrayList;
import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.mongodb.core.MongoOperations;
import org.springframework.data.mongodb.core.MongoTemplate;
import org.springframework.data.mongodb.core.query.Criteria;
import org.springframework.data.mongodb.core.query.Query;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

public class CustomUserDetailsService implements UserDetailsService {

private MongoTemplate mongoTemplate;

 public UserDetails loadUserByUsername(String username)
 throws UsernameNotFoundException {
 User user = getUserDetail(username);
 System.out.println(username);
 org.springframework.security.core.userdetails.User userDetail = new org.springframework.security.core.userdetails.User(user.getUsername(),user.getPassword(),true,true,true,true,getAuthorities(user.getRole()));
 return userDetail;
 }

@Autowired
 public void setMongoTemplate(MongoTemplate mongoTemplate) {
 this.mongoTemplate = mongoTemplate;
 }

 public List<GrantedAuthority> getAuthorities(Integer role) {
 List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>();
 if (role.intValue() == 1) {
 authList.add(new SimpleGrantedAuthority("ROLE_USER"));
 authList.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
 } else if (role.intValue() == 2) {
 authList.add(new SimpleGrantedAuthority("ROLE_USER"));
 }
 return authList;
 }

 public User getUserDetail(String username){
 MongoOperations mongoOperation = (MongoOperations)mongoTemplate;
 User user = mongoOperation.findOne(
 new Query(Criteria.where("username").is(username)),
 User.class);
 System.out.println(user.toString());
 return user;
 }

}

We will also create a user POJO which is as follows.

package com.wordpress.codesilo.model;

public class User {

public String username;
 public String password;
 public String firstName;
 public String lastName;
 public String email;
 public int role;

public User() {
 }

public int getRole() {
 return role;
 }

public void setRole(int role) {
 this.role = role;
 }

public User(String username, String password, String firstName,
 String lastName) {
 this.username = username;
 this.password = password;
 this.firstName = firstName;
 this.lastName = lastName;
 }

public String getUsername() {
 return username;
 }

public void setUsername(String username) {
 this.username = username;
 }

public String getPassword() {
 return password;
 }

public void setPassword(String password) {
 this.password = password;
 }

public String getFirstName() {
 return firstName;
 }

public void setFirstName(String firstName) {
 this.firstName = firstName;
 }

public String getLastName() {
 return lastName;
 }

public void setLastName(String lastName) {
 this.lastName = lastName;
 }

public String getEmail() {
 return email;
 }

public void setEmail(String email) {
 this.email = email;
 }

@Override
 public String toString(){
 return "First Name:" + this.firstName + " Last Name:" + this.lastName + " Username:" + this.username ;
 }

}

As a last step we will change the security-app-context.xml to have the customUserDetailsService bean and user-service-ref in the authentication provider.

<beans:bean id="customUserDetailsService" class="com.wordpress.codesilo.model.CustomUserDetailsService"/>

 <authentication-manager>
 <authentication-provider user-service-ref="customUserDetailsService"/>
 </authentication-manager>

Now when we try to login to the application it will use the MongoDB to get the credentials.

We can also use the Security Context to get the principal and display the username and roles on home.jsp.
Add this to the pom dependencies.

<dependency>
 <groupId>org.springframework.security</groupId>
 <artifactId>spring-security-taglibs</artifactId>
 <version>${org.springframework-version}</version>
 </dependency>

Add the following taglib to the home.jsp page

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>

and the following content on the jsp page to display the data.

<sec:authorize access="isAuthenticated()">
 Username: <sec:authentication property="principal.username" />
 Role: <sec:authentication property="principal.authorities"/>
 </sec:authorize>

Setting up a project with Spring Data and MongoDB

July 2, 2012 4 comments

From springsource : “The goal of the Spring Data Document (or DATADOC) framework is to provide an extension to the Spring programming model that supports writing applications that use Document databases”.
This blog will cover on how to use Spring Data with MongoDB. We will start with creating a simple Spring MVC application. See my previous blog to see how to setup a basic Spring MVC app using STS.

We will first add the dependencies on the pom file of the project.

<!-- Spring Data Mongo Driver -->

 <dependency>
 <groupId>org.mongodb</groupId>
 <artifactId>mongo-java-driver</artifactId>
 <version>2.7.2</version>
 </dependency>

 <dependency>
 <groupId>org.springframework.data</groupId>
 <artifactId>spring-data-mongodb</artifactId>
 <version>1.1.0.M1</version>
 </dependency>
 <dependency>
 <groupId>cglib</groupId>
 <artifactId>cglib</artifactId>
 <version>2.2</version>
 </dependency>

We will also need to add the Spring Milestone repo to the pom

<repositories>
 <repository>
 <id>spring-milestone</id>
 <name>Spring Maven MILESTONE Repository</name>
 <url>http://maven.springframework.org/milestone</url>
 </repository>
</repositories>

CONFIGURING MONGO TEMPLATE USING SPRING XML
We will now create a mongo-config.xml in the WEB-INF directory of the project. Add this as the content of the xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns:context="http://www.springframework.org/schema/context"
 xmlns:mongo="http://www.springframework.org/schema/data/mongo"
 xsi:schemaLocation="http://www.springframework.org/schema/context
 http://www.springframework.org/schema/context/spring-context-3.1.xsd
 http://www.springframework.org/schema/data/mongo
 http://www.springframework.org/schema/data/mongo/spring-mongo-1.0.xsd
 http://www.springframework.org/schema/beans
 http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">

 <!-- Default bean name is 'mongo' -->
 <mongo:mongo host="localhost" port="27017" />

 <bean id="mongoTemplate"
 class="org.springframework.data.mongodb.core.MongoTemplate">
 <constructor-arg ref="mongo" />
 <constructor-arg name="databaseName" value="codesilo" />

 </bean>

 <!-- To translate any MongoExceptions thrown in @Repository annotated classes -->
 <context:annotation-config />

</beans>

Add this to the web.xml configLocation

<context-param>
 <param-name>contextConfigLocation</param-name>
 <param-value>/WEB-INF/spring/root-context.xml
 /WEB-INF/mongo-config.xml
 </param-value>
 </context-param>

We will keep things simple. Create a user model and refactor the homeController class to use that model. The HomeController class will create a User object, insert it in the database, query and return the first result to the view.
The following is the model User class.

public class User {

 public String username;
 public String password;
 public String firstName;
 public String lastName;

 public User(){

 }

 public User(String username, String password, String firstName, String lastName){
 this.username = username;
 this.password = password;
 this.firstName = firstName;
 this.lastName = lastName;
 }

 public String getUsername() {
 return username;
 }
 public void setUsername(String username) {
 this.username = username;
 }
 public String getPassword() {
 return password;
 }
 public void setPassword(String password) {
 this.password = password;
 }
 public String getFirstName() {
 return firstName;
 }
 public void setFirstName(String firstName) {
 this.firstName = firstName;
 }
 public String getLastName() {
 return lastName;
 }
 public void setLastName(String lastName) {
 this.lastName = lastName;
 }

 @Override
 public String toString(){
 return "User [username=" + username + ", passowrd= ****" + ", firstName=" + firstName + "lastName" + lastName + "]";
 }
}

Change the HomeController class to look like the following

@Controller
public class HomeController {

 @Autowired
 private MongoTemplate mongoTemplate;

 private static final Logger logger = LoggerFactory.getLogger(HomeController.class);

 /**
 * Simply selects the home view to render by returning its name.
 */
 @RequestMapping(value = "/", method = RequestMethod.GET)
 public String home(Locale locale, Model model) {

 logger.info("Welcome home! the client locale is "+ locale.toString());

 MongoOperations mongoOperation = (MongoOperations)mongoTemplate;
 User user = new User("codesilo", "Password", "Code", "Silo");
 mongoOperation.save(user);
 List<User> users = mongoOperation.find(
 new Query(Criteria.where("username").is("codesilo")),
 User.class);

 model.addAttribute("user", users.get(0).toString());

 return "home";
 }

}

Change the body of home.jsp to the following

<body>
<h1>
 Hello world!
</h1>

<P> Getting user from MongoDB: ${user} </P>
</body>

Now when we go to the application, we will see the following

and when we use the mongo shell to query the database, we get..

> db.user.find();
{ "_id" : ObjectId("4fef96227e27ff2b7a81331f"), "_class" : "com.wordpress.codesilo.model.User", "username" : "codesilo", "password" : "Password", "firstName" :
"Code", "lastName" : "Silo" }

References:
MongoTemplate- SpringSource Documentation

Basic MVC project using Spring Security

July 2, 2012 2 comments

Spring Security is a framework that provides authentication and access control on a project. We will set up a project with some basic authentication using Spring Security. In one of my later blogs we will see how to use a user service and get the credential information from a database.

CREATING A BASIC SPRING MVC PROJECT
Get SpringSource tool suite from here. (For reference: I have used STS Version 2.9.2.RELEASE and Maven 3.0.3 for this project).
We will now create a basic Spring MVC project.
Select File>New>Spring Template Project and choose Spring MVC Project from the list. Click yes on the download prompt.
We will name the project as SpringSecurity and the package as com.wordpress.codesilo.

RUNNING THE TEMPLATE ON THE SERVER
Right Click on the created project, Select Run As>Run On Server. Click on “Manually Define a new Server” radio button and search for Tomcat (I have Tomcat already installed on my machine). Select the version of Tomcat server (7.0 in my case)you want to use and click next.
Select the Tomcat Installation Directory and the installed JRE/JDK. Once you click “Finish” the server should start and you should get a Hello World page with the current time on the workspace.

BASIC SPRING SECURITY
We will create a blank security-app-context.xml file under WEB-INF/spring/ and add the following configuration on the file

<beans:beans xmlns="http://www.springframework.org/schema/security"
 xmlns:beans="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans
 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
 http://www.springframework.org/schema/security
 http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http use-expressions="true">
 <intercept-url pattern="/**" access="isAuthenticated()" />
 <http-basic/>
 </http>

<authentication-manager>
 <authentication-provider>
 <user-service>
 <user name="rod" password="koala" authorities="supervisor, teller, user" />
 <user name="dianne" password="emu" authorities="teller, user" />
 <user name="scott" password="wombat" authorities="user" />
 <user name="peter" password="opal" authorities="user" />
 </user-service>
 </authentication-provider>
 </authentication-manager>
</beans:beans>

Add the following to web.xml

<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

Add the security-app-context.xml to the configLocation in web.xml

<context-param>
 <param-name>contextConfigLocation</param-name>
 <param-value>/WEB-INF/spring/root-context.xml
 /WEB-INF/spring/security-app-context.xml
 </param-value>
 </context-param>

Add the following on the dependencies on pom.xml

<dependency>
 <groupId>org.springframework.security</groupId>
 <artifactId>spring-security-config</artifactId>
 <version>${org.springframework-version}</version>
 </dependency>
 <dependency>
 <groupId>org.springframework.security</groupId>
 <artifactId>spring-security-core</artifactId>
 <version>${org.springframework-version}</version>
 </dependency>
 <dependency>
 <groupId>org.springframework.security</groupId>
 <artifactId>spring-security-web</artifactId>
 <version>${org.springframework-version}</version>
 </dependency>

Now when we bring up the server, the following prompt will be presented. If we use one of the username, password combinations in the security context file, we should be able to get to the Hello World page

FORM-BASED LOGIN
We will now change the authentication to use a default form provided by Spring. Change the following section in security-app-context.xml

<http use-expressions="true">
 <intercept-url pattern="/**" access="isAuthenticated()" />
 <http-basic/>
</http>

to

<http use-expressions="true">
 <intercept-url pattern="/**" access="isAuthenticated()" />
 <form-login/>
 <logout/>
</http>

If we go to the application url now (http://localhost:8080/SpringSecurity/) we will be redirected to a login page as follows..

We can get to the Hello World page by providing the credentials.
To logout we use the following url http://localhost:8080/SpringSecurity/j_spring_security_logout

CUSTOMIZING LOGIN FORM
Change the <form-login/> in security-app-context.xml to

<form-login
 login-page="/login.jsp"
 always-use-default-target="true"/>

We will now add login.jsp to the webapp folder in the project. The following is the content of login.jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
<html>
<head>
<title>Login</title>
</head>
<body>
 <form action="j_spring_security_check" method="POST">
 <label for="username">User Name:</label>
 <input id="username" name="j_username" type="text" />
 <label for="password">Password:</label>
 <input id="password" name="j_password" type="password" />
 <input type="submit" value="Log In" />
 </form>
</body>
</html>

We will also change the security-app-context.xml to allow access to the login.jsp page

<intercept-url pattern="/login.jsp" access="permitAll" />

If this is not done, we will get too many redirects error

Also, add the logout url on the home.jsp page at the end of the page

<a href="<c:url value="/j_spring_security_logout"/>">Logout</a>

Now, once we go to our application, we will see the custom login page that we created. Also, we will be able to logout by using the logout url provided on the home page.

ADDING SECURITY EXCEPTION HANDLING
Add the following just above the form on login.jsp

<c:if test="${not empty param.login_error}">
 <font color="#ff0000">
 Login unsuccessful.<br/>
 <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.
 </font>
</c:if>

and change the form-login element to the following..

<form-login
 login-page="/login.jsp"
 authentication-failure-url="/login.jsp?login_error=1"
 always-use-default-target="true"
 />

If we bring up the server and provide incorrect credentials, we will see the following error

References:
SpringSource Documentation

Technorati Tags: , , , , ,

Categories: Java, Spring

Other Notes from migration to Spring 3

April 4, 2011 Leave a comment

Read my previous blog to see why I got here…

Here are some other things I tripped over when moving the project to Spring 3.0

If your project gets the following exception ..

java.lang.ClassNotFoundException: org.springframework.web.struts.ContextLoaderPlugIn

.. you are probably using Struts 1.1 and not including the struts dependency from Spring.
Include this in your maven dependencies and you should be good to go.

<dependency>
  <groupid>org.springframework</groupid>
  <artifactid>spring-struts</artifactid>
  <version>3.0.0.RELEASE</version>
</dependency>

Struts 1.1 dependency was removed in Spring 3.0 but was reintroduced later in deprecated form. Read more about it here.

If your project get the following exception…

java.lang.ClassNotFoundException: org.springframework.web.context.ContextLoaderServlet

… you were using Spring 2.3 or lower according to this entry.

 

Use ContextLoaderListener instead of ContextLoaderServlet.

Remove the servlet entry from your web.xml for ContextLoaderServlet and add the following listener…

<listener>
  <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>