Spring Security

   

         Security is the primary need of any web based application as it provided security from un-authorized access of your application. Spring Framework has API defined which can be configured and used in any Java web application.



   There are two of the terms widely used in Security world - PrincipleAuthentication and Authorization.
As these words itself are self explanatory;

Principle - it can be a user, device or system. Most of the time it is a User.
Authentication means checking the authentication, i.e. userid and password of a user.
Authorization means authorizing a user to decide whether she should be allowed to access a resource on web application.

Things we are going to learn here are:-
1. Designing a Login and Logout page which will ask for  userId/pwd
2. Storing encrypted pwd into database which will authenticate users.
3. Verifying authorization of any user before displaying a page.

Case: Let us imagine that our application will accept userId and password. If the login is succesfull she will be redirected to main page of application but if login fails, take her to the login page again with some error message.

1. Designing a Login and Logout page which will ask for  userId/pwd
  Form based Login:
      The form-based login service will render a web page that contains a login form for users to input their login details and process the login form submission. It's configured via the  element in web.xml file:

 
< http>
    ....
     login-page="/login.jsp" default-target-url="/employeeList"
              authentication-failure-url="/login.jsp?error=true"  />
< /http>


Explanation for above attributes:-
 login-page   is the login page which will be displayed to the user for login.
default-target-url  means, The user will be redirected to the target URL once the login succeeds. 
authentication-failure-url  if the login fails the user will be taken back to the login.jsp page with error parameter as true.

 

































































Comments








Post a Comment
























Popular posts from this blog









Java




















Image







Some Methods syntax needs to be remembered: protected Object readResolve() {           return getInstance(); } protected void finalize() throws Throwable {     try {         close();        // close open files     } finally {         super.finalize (); // This is mandatory to write     } } //normally it should be overridden to clean-up non-Java resources ie closing a file //in singleton classs  public Object clone() throws CloneNotSupportedException {                 throw new CloneNotSupportedException();       } } –pleae note that this method is present in Object class not in Cloneable Interface as it is marker interface MultiThreading means: thread-safe = true. Overloading is providing multiple methods with the same name but different arguments (and potentially return type). Overriding is changing the behavior of a method in a subclass. Only objects are instantiated in the Java Runtime Environment (JRE) and held in a division of the program's memory allocation called the heap. S...








Read more










RTC - Repository : How to Revert Back the Changes




















Image







  HOW TO REVERT BACK THE CHANGES WHICH HAVE COMMITED INTO RTC REPOSITORY:   = IN ECLIPSE    Right click on the owning component in the Pending Changes view and select Show->History. The change set will appear in the History view.    Right click on the change set and choose Discard... This will discard the change set from your workspace. So your workspace should now have all change from the stream *except* the one you want to remove. You can verify this by checking that your bad change set is the only thing you see Incoming.    Right click on the component and choose "Replace in [your stream name]..."      RTC (Jazz) : How to point your stream to different stream and take codes into your local:   Example: you have local worskapce set up from dev stream, but now you have PATCH stream and want to take latest code.     Go to ‘Pending Changes’ and select “Change Flow Target” to the required stream.       How to remove namespace from xml  file ?       Step 1:   ...








Read more




























Image







  Hibernate - How to implement a 'Composite Key' :  Suppose we have a Table in database which has many coulumns, among which two columns are PRIMARY KEY : UNIQUE_ID, NOTIFICATION_CHANNEL.   We will write a separate Class which will contain these two columsn which are a part of COMPOSIT PRIMARY KEY.     We will write a separate class for rest of the fields in that Table; and this class will also hold the reference of COMPOSIT PRIMARY KEY classs :->      








Read more