Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <properties>
- <spring.version>3.2.8.RELEASE</spring.version>
- <spring.security.version>3.2.3.RELEASE</spring.security.version>
- <jstl.version>1.2</jstl.version>
- <mysql.connector.version>5.1.30</mysql.connector.version>
- </properties>
- <security:http auto-config="true" use-expressions="true">
- <security:intercept-url pattern="/login" access="permitAll"/>
- <security:intercept-url pattern="/**" access="isAuthenticated()"/>
- <!-- access denied page -->
- <security:access-denied-handler error-page="/403"/>
- <security:form-login
- login-page="/login" default-target-url="/loginSuccess" authentication-failure-url="/loginError?error"/>
- <!-- enable csrf protection-->
- <security:csrf/>
- </security:http>
- <!-- Select users and user_roles from database -->
- <security:authentication-manager>
- <security:authentication-provider>
- <!--<security:jdbc-user-service data-source-ref="dataSource"
- users-by-username-query="select username,password, enabled from registration where username=?"
- authorities-by-username-query="select username, role from registration where username=?"/> -->
- <security:user-service>
- <security:user name="test" password="test" authorities="ROLE_USER" />
- <security:user name="test1" password="test1" authorities="ROLE_ADMIN" />
- </security:user-service>
- </security:authentication-provider>
- </security:authentication-manager>
- @Controller
- public class MainController {
- @RequestMapping(value={"/login"})
- public ModelAndView loginPage(){
- ModelAndView model = new ModelAndView("login");
- return model;
- }
- @RequestMapping(value={"/loginSuccess"},method=RequestMethod.POST)
- public ModelAndView loginSuccess(Principal principal,HttpServletRequest request,HttpSession session){
- ModelAndView model = new ModelAndView("success");
- //Testing.......
- String name = principal.getName();
- model.addObject("username", name);
- session = request.getSession();
- session.setAttribute("USER", "system");
- return model;
- }
- <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
- <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
- <%@page session="true"%>
- <%
- String path = request.getContextPath();
- String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
- %>
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
- <html>
- <head>
- <base href="<%=basePath%>">
- <title>login Page</title>
- <!-- <meta http-equiv="pragma" content="no-cache">
- <meta http-equiv="cache-control" content="no-cache">
- <meta http-equiv="expires" content="0">
- <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
- <meta http-equiv="description" content="This is my page">
- <link rel="stylesheet" type="text/css" href="styles.css">
- -->
- </head>
- <body onload='document.loginForm.username.focus();'>
- <h1>Spring Security Login Form (Database Authentication)</h1>
- <div>
- <h3>Login with Username and Password</h3>
- <c:if test="${not empty error}">
- <div>${error}</div>
- </c:if>
- <form name="loginForm" action="j_spring_security_check" method="post">
- <table>
- <tr>
- <td>Username</td>
- <td><input type="text" name=j_username></td>
- </tr>
- <tr>
- <td>Password</td>
- <td><input type="password" name=j_password></td>
- </tr>
- <tr>
- <td colspan='2'><input name="submit" type="submit"
- value="submit" /></td>
- </tr>
- </table>
- <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
- </form>
- </div>
- </body>
- </html>
- <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
- <html>
- <body>
- <h1>HTTP Status 403 - Access is denied</h1>
- <c:choose>
- <c:when test="${empty username}">
- <h2>You do not have permission to access this page!</h2>
- </c:when>
- <c:otherwise>
- <h2>Username : ${username} <br/>You do not have permission to access this page!</h2>
- </c:otherwise>
- </c:choose>
- </body>
- </html>
- HTTP Status 403 - Access is denied
- Username : ${username}
- You do not have permission to access this page!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement