Wednesday, September 14, 2011

Spring Security Namespace Configuration


Getting Started with Security Namespace Configuration
Create default login page, using spring without https.

Add web.xml Configuration


<listener>
      <description>Spring Listener</description>
      <listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
     
<filter>
      <filter-name>springSecurityFilterChain</filter-name>
      <filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
</filter-mapping>

A Minimal <http> Configuration in ***-***.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.0.xsd">
      <s:http auto-config="true">
            <s:intercept-url pattern="/**" access="ROLE_USER" />
      </s:http>
      <s:authentication-manager>
            <s:authentication-provider>
                  <s:user-service>
                        <s:user name="abc" password="abc"
                              authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
                        <s:user name="def" password="def" authorities="ROLE_USER,ROLE_TELLER" />
                  </s:user-service>
            </s:authentication-provider>
      </s:authentication-manager>
</beans>


Create default login page, using spring with https.
1.  Create jks file
2.  Use connector in server.xml file in TOMCAT to access https request.
3.  Add requires-channel="https" in intercept-url in your spring configuration file.

Creation of JKS file:

Tomcat currently operates only on JKS, PKCS11 or PKCS12 format keystores. The JKS format is Java's standard "Java KeyStore" format, and is the format created by the keytool command-line utility. This tool is included in the JDK. The PKCS12 format is an internet standard, and can be manipulated via (among other things) OpenSSL and Microsoft's Key-Manager.

Each entry in a keystore is identified by an alias string.

Default password: changeit

Abc.jks file, will be created in your C:\Documents and Settings\USER\abc.jks

Create certificate file using the keytool export and the certificate (*.crt) file, be placed default in the place of abc.jks file.

Since, this is self signed certificate, and if we need get Certificate, which is typically purchased from a well-known Certificate Authority (CA) such as VeriSign or Thawte

Import the certificate, which is signed from CA into your jks file.
(Present used your own *.crt file, which is created from keytool export).
  
Add Connector in the server.xml file in TOMCAT

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"
keystoreFile="${user.home}/abc.jks" keystorePass="changeit" keystoreType="JKS" truststoreFile="${user.home}/abc.jks"   truststorePass="changeit" truststoreType="JKS"/>

Add requires-channel="https" to your http command
<s:http auto-config="true">
 <s:intercept-url pattern="/**" access="ROLE_USER" requires-channel="https"/>
</s:http>

Start your application then we can check with the https.

While creation of jks file, we will get an option saying “What is your first and last name?” Give there your PC Name or Localhost.

When we are accessing the application, the URL will be displayed as, give name by we at creation of JKS file.
For Eg: https://localhost: 8443/PROJECT_NAME/faces/pages/DEFAULT_PAGE.jspx

No comments :

Post a Comment