Springframework - Spring Security

From OasisSoftTech.com - Knowledge Base/Java/Springframework/Microservices/Cloud-AWS/AI
Revision as of 10:34, 28 June 2018 by Rasimsen (talk | contribs) (Created page with "==Spring Security== ==Interview Questions: Spring Security== ===Which filter class is needed for spring security?=== In case we are using XML file we need to configure org.sp...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Spring Security

Interview Questions: Spring Security

Which filter class is needed for spring security?

In case we are using XML file we need to configure org.springframework.web.filter.DelegatingFilterProxy in web.xml and if we are using Servlet 3, we can use AbstractSecurityWebApplicationInitializer. It configures DelegatingFilterProxy and ContextLoaderListener.

In web.xml we define as follows. 

<filter>
	<filter-name>springSecurityFilterChain</filter-name>
	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
	<filter-name>springSecurityFilterChain</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>


For servlet 3, we can define AbstractSecurityWebApplicationInitializer as follows. 

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}


How to create custom login page in spring security?

To create custom login page we need to follow two steps. 1. Create a form as follows. 

<form name='form' action='j_spring_security_check' method='POST'>
 <table>
	<tr>
	  <td>User Name:</td>
	  <td><input type='text' name='j_username' value=''></td>
	</tr>
	<tr>
	  <td>Password:</td>
	  <td><input type='password' name='j_password'/></td>
	</tr>
	<tr>
	  <td colspan='2'>
		<input name="submit" type="submit" value="Login"/></td>
	</tr>
  </table>
</form>

j_spring_security_check: This is the action of form. j_username : Username input type name. j_password : Password input type name.

2. In spring configuration file, use <form-login> tag. 

<http auto-config="true">
    <intercept-url pattern="/login" access="ROLE_USER" />
    <form-login login-page='/customLogin?login_error=1' default-target-url="/loginSuccess"/>
</http>

How to logout the session in spring security?

To logout the session, use j_spring_security_logout as follows. 

<a href="j_spring_security_logout">logout </a>

And in spring context XML , configure <logout > tag for the URL to redirect after logout as follows. 

<http auto-config="true">
	<intercept-url pattern="/login" access="ROLE_USER" />
	<logout logout-success-url="/login" />
</http>

How to configure user name and password in spring security using XML?

In spring context XML using <user> tag, we define username and password within <user-service> tag. 

<authentication-manager>
	<authentication-provider>
		<user-service>
			<user name="concretepage" password="con1234" authorities="ROLE_USER" />
		</user-service>
	</authentication-provider>
</authentication-manager>

What is Authentication and Authorization in Spring Security

Authentication: An application needs to know who is accessing the application. So authentication is related to word who. Application will check it by a login form. User will enter user name and password and these inputs will be validated by the application. Once the validation is successful, user is declared as authenticated.

Authorization : Authorization is to check whether user can access the application or not or what user can access and what user cannot access.

How to encode password in spring security using XML?

To encode password, spring security provides <password-encoder/> tag. Find sample use. 

<authentication-manager>
  <authentication-provider>
    <password-encoder hash="sha"/>
    <user-service>
      <user name="concretepage" password="0733824cc1549ce36139e8c790a9344d1e385cd2"
            authorities="ROLE_USER" />
    </user-service>
  </authentication-provider>
</authentication-manager>

How to login with database in spring security?

Spring security provides <jdbc-user-service> tag using which we access user information from database. 

<authentication-manager>
     <authentication-provider>
       <password-encoder hash="sha"/>
       <jdbc-user-service data-source-ref="dataSource" authorities-by-username-query="SELECT username, authority FROM authorities WHERE username = ?"
            users-by-username-query="SELECT username, password, enabled FROM users WHERE username = ?"/>
     </authentication-provider>
</authentication-manager>
Retrieved from ‘https://knowledgebase.oasissofttech.com/index.php?title=Springframework_-_Spring_Security&oldid=368