SlideShare ist ein Scribd-Unternehmen logo

Spring Security

Sumit Gole
Sumit Gole

Spring security

Technologie
1 von 14
Downloaden Sie, um offline zu lesen
Spring Security Basic Steps & Configuration Sumit Sinhmar Gole
Spring Security Spring uses servlet filter as base framework to secure the web requests. Spring security in Spring 3.2 is divided into 11 modules. The basic web security is consist of four basic steps: 1. Setting dependencies. 2. Getting Spring Security configuration. 3. Ensuring the Security configuration is loaded. 4. Configure the springSecurityFilterChain.
Spring Security ● Step 1: Setting up the dependencies using Maven. ● Step 2: Getting Spring Security configuration – Background Process: The Security configuration creates a servler filter known as 'springSecurityFilterChain' which enables the URL security, validation of user and password. – '@EnableWebSecurity' annotatiion combined with 'WebSecurityConfigurerAdapter' to provide the web security.
Spring Security In Memory Authentication: @Configuration @EnableWebSecurity public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) {auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER"); } }
Spring Security ● JDBC Authentication: @Autowired private DataSource dataSource; @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .jdbcAuthentication() .dataSource(dataSource) .withDefaultSchema() .withUser("user").password("password").roles("USER").and() .withUser("admin").password("password").roles("USER", "ADMIN"); }
Spring Security ● LDAP Authentication: @Autowired private DataSource dataSource; @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .ldapAuthentication() .userDnPatterns("uid={0},ou=people") .groupSearchBase("ou=groups"); }
Spring Security Multiple HttpSecurity: @EnableWebSecurity public class MultiHttpSecurityConfig { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) { 1 auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER").and() .withUser("admin").password("password").roles("USER", "ADMIN"); }
Spring Security @Configuration @Order(1) ● public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/api/**") .authorizeRequests() .anyRequest().hasRole("ADMIN") .and() .httpBasic(); } } ● Here @Order specify which WebSecurityConfigurerAdapter should be considered first. ● The http.antMatcher states that this HttpSecurity will only be applicable to URLs that start with /api/.
Spring Security @Configuration 4 public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin(); } } } ● If URL does not start with /api then this configuration would be used.
Spring Security ● The above changes perform the following steps: – Before accessing any URL, the authentication is performed for User and Password. In addition we can specify the role. – This enables the BASIC and Form Based Authentication. – Spring security will automatically render the login and success page automatically.
Spring Security ● Step 3: Ensuring the Security configuration is loaded. This can be done by including 'WebSecurityConfiguration' in applicationContext. In other words register the springSecurityFilterChain with the war. ● In Java: (without Existing Spring) public class SpringWebMvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { @Override protected Class<?>[] getRootConfigClasses() { return new Class[] { WebSecurityConfiguration.class }; } ... }
Spring Security ● (with Spring MVC) public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }
Spring Security ● Step 4: Configure the springSecurityFilterChain. – This can be done by extending ' AbstractSecurityWebApplicationInitializer' and optionally overriding methods to customize the mapping. – (The 'AbstractSecurityWebApplicationInitializer' class is used to registers the DelegatingFilterProxy to use the springSecurityFilterChain before any other registered Filter.)
Spring Security public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }

Empfohlen

Spring Security
Spring SecuritySpring Security
Spring Security
Knoldus Inc.
 
Spring security
Spring securitySpring security
Spring security
Saurabh Sharma
 
Spring Security
Spring SecuritySpring Security
Spring Security
Boy Tech
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
Orest Ivasiv
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
Jesus Perez Franco
 
Getting started with Spring Security
Getting started with Spring SecurityGetting started with Spring Security
Getting started with Spring Security
Knoldus Inc.
 
Introduction to spring boot
Introduction to spring bootIntroduction to spring boot
Introduction to spring boot
Santosh Kumar Kar
 
Spring boot
Spring bootSpring boot
Spring boot
Gyanendra Yadav
 

Empfohlen

Spring Security
Spring SecuritySpring Security
Spring Security
Knoldus Inc.
 
Spring security
Spring securitySpring security
Spring security
Saurabh Sharma
 
Spring Security
Spring SecuritySpring Security
Spring Security
Boy Tech
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
Orest Ivasiv
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
Jesus Perez Franco
 
Getting started with Spring Security
Getting started with Spring SecurityGetting started with Spring Security
Getting started with Spring Security
Knoldus Inc.
 
Introduction to spring boot
Introduction to spring bootIntroduction to spring boot
Introduction to spring boot
Santosh Kumar Kar
 
Spring boot
Spring bootSpring boot
Spring boot
Gyanendra Yadav
 
PUC SE Day 2019 - SpringBoot
PUC SE Day 2019 - SpringBootPUC SE Day 2019 - SpringBoot
PUC SE Day 2019 - SpringBoot
Josué Neis
 
Spring boot
Spring bootSpring boot
Spring boot
Pradeep Shanmugam
 
Introduction to Spring Cloud
Introduction to Spring Cloud Introduction to Spring Cloud
Introduction to Spring Cloud
VMware Tanzu
 
Java Spring Framework
Java Spring FrameworkJava Spring Framework
Java Spring Framework
Mehul Jariwala
 
Spring Data JPA
Spring Data JPASpring Data JPA
Spring Data JPA
Knoldus Inc.
 
Spring MVC
Spring MVCSpring MVC
Spring MVC
Aaron Schram
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot Introduction
Jeevesh Pandey
 
NestJS
NestJSNestJS
NestJS
Wilson Su
 
Spring User Guide
Spring User GuideSpring User Guide
Spring User Guide
Muthuselvam RS
 
Microservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring CloudMicroservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring Cloud
Eberhard Wolff
 
Declarative Clients in Spring
Declarative Clients in SpringDeclarative Clients in Spring
Declarative Clients in Spring
VMware Tanzu
 
Concurrency with java
Concurrency with javaConcurrency with java
Concurrency with java
Hoang Nguyen
 
Spring framework Introduction
Spring framework IntroductionSpring framework Introduction
Spring framework Introduction
Anuj Singh Rajput
 
Spring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to TakeoffSpring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to Takeoff
VMware Tanzu
 
Hibernate Presentation
Hibernate PresentationHibernate Presentation
Hibernate Presentation
guest11106b
 
Spring Boot
Spring BootSpring Boot
Spring Boot
Jaran Flaath
 
Spring Boot Tutorial
Spring Boot TutorialSpring Boot Tutorial
Spring Boot Tutorial
Naphachara Rattanawilai
 
Springboot Microservices
Springboot MicroservicesSpringboot Microservices
Springboot Microservices
NexThoughts Technologies
 
Spring data jpa
Spring data jpaSpring data jpa
Spring data jpa
Jeevesh Pandey
 
Spring boot jpa
Spring boot jpaSpring boot jpa
Spring boot jpa
Hamid Ghorbani
 
Spring security4.x
Spring security4.xSpring security4.x
Spring security4.x
Zeeshan Khan
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptal
jbsysatm
 

Weitere ähnliche Inhalte

Was ist angesagt?

Hibernate Presentation
Hibernate PresentationHibernate Presentation
Hibernate Presentation
guest11106b
 

Was ist angesagt? (20)

PUC SE Day 2019 - SpringBoot
PUC SE Day 2019 - SpringBootPUC SE Day 2019 - SpringBoot
PUC SE Day 2019 - SpringBoot
 
Spring boot
Spring bootSpring boot
Spring boot
 
Introduction to Spring Cloud
Introduction to Spring Cloud Introduction to Spring Cloud
Introduction to Spring Cloud
 
Java Spring Framework
Java Spring FrameworkJava Spring Framework
Java Spring Framework
 
Spring Data JPA
Spring Data JPASpring Data JPA
Spring Data JPA
 
Spring MVC
Spring MVCSpring MVC
Spring MVC
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot Introduction
 
NestJS
NestJSNestJS
NestJS
 
Spring User Guide
Spring User GuideSpring User Guide
Spring User Guide
 
Microservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring CloudMicroservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring Cloud
 
Declarative Clients in Spring
Declarative Clients in SpringDeclarative Clients in Spring
Declarative Clients in Spring
 
Concurrency with java
Concurrency with javaConcurrency with java
Concurrency with java
 
Spring framework Introduction
Spring framework IntroductionSpring framework Introduction
Spring framework Introduction
 
Spring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to TakeoffSpring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to Takeoff
 
Hibernate Presentation
Hibernate PresentationHibernate Presentation
Hibernate Presentation
 
Spring Boot
Spring BootSpring Boot
Spring Boot
 
Spring Boot Tutorial
Spring Boot TutorialSpring Boot Tutorial
Spring Boot Tutorial
 
Springboot Microservices
Springboot MicroservicesSpringboot Microservices
Springboot Microservices
 
Spring data jpa
Spring data jpaSpring data jpa
Spring data jpa
 
Spring boot jpa
Spring boot jpaSpring boot jpa
Spring boot jpa
 

Ähnlich wie Spring Security

securing-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdfsecuring-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdf
jcarrey
 
securing-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdfsecuring-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdf
jcarrey
 

Ähnlich wie Spring Security (20)

Spring security4.x
Spring security4.xSpring security4.x
Spring security4.x
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptal
 
Spring Security Framework
Spring Security FrameworkSpring Security Framework
Spring Security Framework
 
Implementing application security using the .net framework
Implementing application security using the .net frameworkImplementing application security using the .net framework
Implementing application security using the .net framework
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
Security authorization using spring security
Security authorization using spring securitySecurity authorization using spring security
Security authorization using spring security
 
Security authorization using spring security
Security authorization using spring securitySecurity authorization using spring security
Security authorization using spring security
 
Mule security - authorization using spring security
Mule security - authorization using spring securityMule security - authorization using spring security
Mule security - authorization using spring security
 
Security authorizationusingspringsecurity-sathyaraj
Security authorizationusingspringsecurity-sathyarajSecurity authorizationusingspringsecurity-sathyaraj
Security authorizationusingspringsecurity-sathyaraj
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
 
Spring Security.ppt
Spring Security.pptSpring Security.ppt
Spring Security.ppt
 
Fun With Spring Security
Fun With Spring SecurityFun With Spring Security
Fun With Spring Security
 
Full Angular 7 Firebase Authentication System
Full Angular 7 Firebase Authentication SystemFull Angular 7 Firebase Authentication System
Full Angular 7 Firebase Authentication System
 
securing-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdfsecuring-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdf
 
securing-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdfsecuring-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdf
 
Spring5 hibernate5 security5 lab step by step
Spring5 hibernate5 security5 lab step by stepSpring5 hibernate5 security5 lab step by step
Spring5 hibernate5 security5 lab step by step
 
Building Layers of Defense with Spring Security
Building Layers of Defense with Spring SecurityBuilding Layers of Defense with Spring Security
Building Layers of Defense with Spring Security
 
Securing Portlets With Spring Security
Securing Portlets With Spring SecuritySecuring Portlets With Spring Security
Securing Portlets With Spring Security
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
 
Web security
Web securityWeb security
Web security
 

Kürzlich hochgeladen

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Kürzlich hochgeladen (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

Spring Security

  • 1. Spring Security Basic Steps & Configuration Sumit Sinhmar Gole
  • 2. Spring Security Spring uses servlet filter as base framework to secure the web requests. Spring security in Spring 3.2 is divided into 11 modules. The basic web security is consist of four basic steps: 1. Setting dependencies. 2. Getting Spring Security configuration. 3. Ensuring the Security configuration is loaded. 4. Configure the springSecurityFilterChain.
  • 3. Spring Security ● Step 1: Setting up the dependencies using Maven. ● Step 2: Getting Spring Security configuration – Background Process: The Security configuration creates a servler filter known as 'springSecurityFilterChain' which enables the URL security, validation of user and password. – '@EnableWebSecurity' annotatiion combined with 'WebSecurityConfigurerAdapter' to provide the web security.
  • 4. Spring Security In Memory Authentication: @Configuration @EnableWebSecurity public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) {auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER"); } }
  • 5. Spring Security ● JDBC Authentication: @Autowired private DataSource dataSource; @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .jdbcAuthentication() .dataSource(dataSource) .withDefaultSchema() .withUser("user").password("password").roles("USER").and() .withUser("admin").password("password").roles("USER", "ADMIN"); }
  • 6. Spring Security ● LDAP Authentication: @Autowired private DataSource dataSource; @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .ldapAuthentication() .userDnPatterns("uid={0},ou=people") .groupSearchBase("ou=groups"); }
  • 7. Spring Security Multiple HttpSecurity: @EnableWebSecurity public class MultiHttpSecurityConfig { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) { 1 auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER").and() .withUser("admin").password("password").roles("USER", "ADMIN"); }
  • 8. Spring Security @Configuration @Order(1) ● public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/api/**") .authorizeRequests() .anyRequest().hasRole("ADMIN") .and() .httpBasic(); } } ● Here @Order specify which WebSecurityConfigurerAdapter should be considered first. ● The http.antMatcher states that this HttpSecurity will only be applicable to URLs that start with /api/.
  • 9. Spring Security @Configuration 4 public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin(); } } } ● If URL does not start with /api then this configuration would be used.
  • 10. Spring Security ● The above changes perform the following steps: – Before accessing any URL, the authentication is performed for User and Password. In addition we can specify the role. – This enables the BASIC and Form Based Authentication. – Spring security will automatically render the login and success page automatically.
  • 11. Spring Security ● Step 3: Ensuring the Security configuration is loaded. This can be done by including 'WebSecurityConfiguration' in applicationContext. In other words register the springSecurityFilterChain with the war. ● In Java: (without Existing Spring) public class SpringWebMvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { @Override protected Class<?>[] getRootConfigClasses() { return new Class[] { WebSecurityConfiguration.class }; } ... }
  • 12. Spring Security ● (with Spring MVC) public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }
  • 13. Spring Security ● Step 4: Configure the springSecurityFilterChain. – This can be done by extending ' AbstractSecurityWebApplicationInitializer' and optionally overriding methods to customize the mapping. – (The 'AbstractSecurityWebApplicationInitializer' class is used to registers the DelegatingFilterProxy to use the springSecurityFilterChain before any other registered Filter.)
  • 14. Spring Security public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }