Follow HttpBasic configuration for web.xml configuration to add Deligating Filter Proxy for spring security and Dispatcher Servlet for manage spring mvc structure.
https://techa2zsolution.blogspot.in/2017/08/http-basic-security-using-spring.html#more
Now creating custom and default spring form like.
login.jsp
/**
* @deprecated Now implementing custom spring form login page!
* */
@RequestMapping(value="/login")
public ModelAndView customLogin() {
return new ModelAndView("login");
}
@RequestMapping(value="/loginfailed")
public ModelAndView loginFailed() {
return new ModelAndView("login");
}
@RequestMapping(value="/successurl")
public ModelAndView successPage() {
System.out.println("success url page !");
return new ModelAndView("welcome");
}
@RequestMapping(value="/logout")
public ModelAndView logoutServletPage() {
return new ModelAndView("index");
}
https://techa2zsolution.blogspot.in/2017/08/http-basic-security-using-spring.html#more
Now creating custom and default spring form like.
<?xml version="1.0" encoding="UTF-8"?>For custom declaration of spring security you must define login page ,
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- default form security provided by spring -->
<!-- <security:http auto-config="true">
<security:intercept-url pattern="/formlogin**" access="ROLE_USER" />
<security:form-login />
<security:logout logout-success-url="/"/>
</security:http> -->
<!-- custom form security developed using spring -->
<security:http auto-config="true" pattern="/resources/**" use-expressions="true" ></security:http>
<security:http auto-config="true" >
<security:intercept-url pattern="/successurl" access="ROLE_USER" />
<security:form-login login-page="/login" default-target-url="/successurl" authentication-failure-url="/loginfailed" />
<security:logout logout-success-url="/"/>
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:password-encoder hash="plaintext" />
<security:user-service>
<security:user name="techa2z" password="techa2z" authorities="ROLE_USER" />
<security:user name="solution" password="solution" authorities="ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
login.jsp
<body onload='document.loginForm.username.focus();'>Define Controller which responsible to handle it's request passed by the custom declared form, and handle request as per required actions.
<h1>Spring Security Custom Login Form (XML)</h1>
<div id="login-box">
<h2>Login with Username and Password</h2>
<c:if test="${SPRING_SECURITY_LAST_EXCEPTION != null}">
<div class="error">${SPRING_SECURITY_LAST_EXCEPTION}.message</div>
</c:if>
<form name='loginForm' action="<c:url value='j_spring_security_check' />" method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username' value=''></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' /></td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit" value="submit" /></td>
</tr>
</table>
</form>
</div>
</body>
/**
* @deprecated Now implementing custom spring form login page!
* */
@RequestMapping(value="/login")
public ModelAndView customLogin() {
return new ModelAndView("login");
}
@RequestMapping(value="/loginfailed")
public ModelAndView loginFailed() {
return new ModelAndView("login");
}
@RequestMapping(value="/successurl")
public ModelAndView successPage() {
System.out.println("success url page !");
return new ModelAndView("welcome");
}
@RequestMapping(value="/logout")
public ModelAndView logoutServletPage() {
return new ModelAndView("index");
}