INTRODUCTION TO SPRING SECURITY
Security, particularly so in web applications is critical, and it is not just about access or preventing data modification, but also give the user the ability to be able to access certain resources but not others. For example, entering a new item in the registry should not be allowed to a standard user but only to administrators.
We can give many examples of authentication, for example when we withdraw money with our card we have to authenticate ourselves, the bank needs to know who we are and whether we are authorized to make a withdrawal. Only by entering the physical element, the card, and a PIN code can we access the service. Authentication concerns our identification as users of a service. Authorization follows authentication, which deals with the service access part, that is, what services we can access.
Sensitive data before being stored in the database must be encrypted, even opening a login table we cannot see the data in plain text. When there is an exchange of information between client and server the data must be encrypted, this is possible by activating the SSL protocol at the web application level.
SPRING SECURITY IMPLEMENTATION
As a first step, we need to make a change to the POM.xml file.
SPRING SECURITY CONFIGURATION
We create two new classes in the configuration file, WebAppSecurityInitializer.java and SecurityConfig.java. The code is explained step by step.
CREATION OF THE LOGIN FORM AND CONTROLLER
As usual we edit the Apache tiles.xml file, and create a new JSP view login.jsp. I’ll give you the code for the LoginController.java controller.
As you can see, the mapping set at the configuration level has been respected. I want to clarify that two users were created in the configuration file with the password in plain text. This is obviously just a test case; we will see later how to store encrypted passwords in the database. To consult the login.jsp file, I invite you to download the sources.
DOWNLOAD ARTICLE CODE
The AlphaShopV8.zip project is for the SQL Server DBMS while AlphaShopV9.zip is for MySQL.
Leave A Comment