Download the Completed Project : http://www.mediafire.com/?tkm2vd9ro7oqhmu
First we will look at how to add password encryption to our project.
Edit the spring security file like below.
<authentication-manager> <authentication-provider> <password-encoder hash='md5'/> <jdbc-user-service data-source-ref='dataSource' users-by-username-query='select username,password, 'true' as enabled from USER_DETAILS where username=?' authorities-by-username-query='select USER_DETAILS.username , USER_AUTH.AUTHORITY as authorities from USER_DETAILS,USER_AUTH where USER_DETAILS.username = ? AND USER_DETAILS.username=USER_AUTH.USERNAME ' /> </authentication-provider> </authentication-manager>
that’s it. We just added the md5 password encryption to our project.
To test this we need to edit out test-data.sql file like below.
insert into USER_DETAILS values ('user','202cb962ac59075b964b07152d234b70'); -- password - 123 insert into USER_DETAILS values ('admin','21232f297a57a5a743894a0e4a801fc3'); -- password - admin insert into USER_AUTH values ('user', 'ROLE_USER'); insert into USER_AUTH values ('admin', 'ROLE_ADMIN');
Now we will look at how to customize the error pages based HTML status code. Otherwise the default error pages are very ugly. :D If you don’t have proper understanding about HTML status codes take a look at this.
In here we are handling 403(Permission denied) and 404(resource not found) status code. Because if you are dealing with spring security we definitely need to handle these two status code.(Not a must but a good practice)
There can be more that one way to do this. Changing spring security xml and add additional tag will do this but here we are not going to do that. Always keep it simple. So we are going to edit the web.xml and add error page tag to this task.
before that we need to create 404 and 403 customize error pages. Create two jsp pages and place it under webapp directory (Not inside WEB-INF directory).
after that change the web.xml and add below tags.
<error-page> <error-code>404</error-code> <location>/404.jsp</location> </error-page> <error-page> <error-code>403</error-code> <location>/403.jsp</location> </error-page>
thats it. We just customize our error pages
These are some basic things that we can do with spring security. In near future I’ll come up with more interesting article about spring security with CAS integration , LDAP integration and many more. Stay Tuned :)
Reference: Spring Security Part 2 – Password Encryption, Customize 404 and 403 error page from our JCG partner Rajith Delantha at the Looping around with Rajith… blog.
Java Platform, Enterprise Edition is a widely used platform for enterprise server programming in the Java programming language.
This book covers exciting recipes on securing, tuning and extending enterprise applications using a Java EE 6 implementation.The book starts with the essential changes in Java EE 6. Then they will dive into the implementation of some of the new features of the JPA 2.0 specification, and look at implementing auditing for relational data stores.They will then look into how they can enable security for their software system using Java EE built-in features as well as using the well-known Spring Security framework. They will then look at recipes on testing various Java EE technologies including JPA, EJB, JSF, and Web services.Next they will explore various ways to extend a Java EE environment with the use of additional dynamic languages as well as frameworks.At the end of the book, they will cover managing enterprise application deployment and configuration, and recipes that will help you debug problems and enhance the performance of your applications.