About Rajith Delantha

Rajith is an software engineer, open source contributor and love to develop application based on open source projects.

Spring Security Part 2 – Password Encryption, Customize 404 and 403 error page

Here is the part 2 of spring security post. In this post I will show you how to encrypt password using MD5 and customize 403 and 404 status code error pages. If you haven’t read part 1 just click here. Because we continue the part 1 project here.

Download the Completed Project : http://www.mediafire.com/?tkm2vd9ro7oqhmu

First we will look at how to add password encryption to our project.

Edit the spring security file like below.

 <authentication-manager>  
     <authentication-provider>  
       <password-encoder hash='md5'/>  
       <jdbc-user-service data-source-ref='dataSource'  
                 users-by-username-query='select username,password, 'true' as enabled from USER_DETAILS where username=?'  
                 authorities-by-username-query='select USER_DETAILS.username , USER_AUTH.AUTHORITY as authorities from USER_DETAILS,USER_AUTH  
            where USER_DETAILS.username = ? AND USER_DETAILS.username=USER_AUTH.USERNAME '  
           />  
     </authentication-provider>  
   </authentication-manager>  

that’s it. We just added the md5 password encryption to our project.

To test this we need to edit out test-data.sql file like below.

 insert into USER_DETAILS values ('user','202cb962ac59075b964b07152d234b70'); -- password - 123  
 insert into USER_DETAILS values ('admin','21232f297a57a5a743894a0e4a801fc3'); -- password - admin  
 insert into USER_AUTH values ('user', 'ROLE_USER');  
 insert into USER_AUTH values ('admin', 'ROLE_ADMIN');  

Now we will look at how to customize the error pages based HTML status code. Otherwise the default error pages are very ugly. :D If you don’t have proper understanding about HTML status codes take a look at this.

In here we are handling 403(Permission denied) and 404(resource not found) status code. Because if you are dealing with spring security we definitely need to handle these two status code.(Not a must but a good practice)

There can be more that one way to do this. Changing spring security xml and add additional tag will do this but here we are not going to do that. Always keep it simple. So we are going to edit the web.xml and add error page tag to this task.

before that we need to create 404 and 403 customize error pages. Create two jsp pages and place it under webapp directory (Not inside WEB-INF directory).

after that change the web.xml and add below tags.

 <error-page>  
     <error-code>404</error-code>  
     <location>/404.jsp</location>  
   </error-page>  
   <error-page>  
     <error-code>403</error-code>  
     <location>/403.jsp</location>  
   </error-page>  

thats it. We just customize our error pages

These are some basic things that we can do with spring security. In near future I’ll come up with more interesting article about spring security with CAS integration , LDAP integration and many more. Stay Tuned :)

Reference: Spring Security Part 2 – Password Encryption, Customize 404 and 403 error page from our JCG partner Rajith Delantha at the Looping around with Rajith… blog.

Related Whitepaper:

Functional Programming in Java: Harnessing the Power of Java 8 Lambda Expressions

Get ready to program in a whole new way!

Functional Programming in Java will help you quickly get on top of the new, essential Java 8 language features and the functional style that will change and improve your code. This short, targeted book will help you make the paradigm shift from the old imperative way to a less error-prone, more elegant, and concise coding style that’s also a breeze to parallelize. You’ll explore the syntax and semantics of lambda expressions, method and constructor references, and functional interfaces. You’ll design and write applications better using the new standards in Java 8 and the JDK.

Get it Now!  

One Response to "Spring Security Part 2 – Password Encryption, Customize 404 and 403 error page"

  1. md5 is not a very secure way to store passwords. bcrypt and scrypt are better options.

Leave a Reply


+ three = 9



Java Code Geeks and all content copyright © 2010-2014, Exelixis Media Ltd | Terms of Use | Privacy Policy
All trademarks and registered trademarks appearing on Java Code Geeks are the property of their respective owners.
Java is a trademark or registered trademark of Oracle Corporation in the United States and other countries.
Java Code Geeks is not connected to Oracle Corporation and is not sponsored by Oracle Corporation.

Sign up for our Newsletter

20,709 insiders are already enjoying weekly updates and complimentary whitepapers! Join them now to gain exclusive access to the latest news in the Java world, as well as insights about Android, Scala, Groovy and other related technologies.

As an extra bonus, by joining you will get our brand new e-books, published by Java Code Geeks and their JCG partners for your reading pleasure! Enter your info and stay on top of things,

  • Fresh trends
  • Cases and examples
  • Research and insights
  • Two complimentary e-books