In this article, I describe Spring security at very basic level: how to implement a simple client-server authentication using Spring security. So lets take a look at the steps to do this.
- Including Spring security libraries in your classpath. If you are using eclipse put these .jar files into WEB-INF/libs folder and add them to the build path.
- Creating the Spring security configurations file, say spring-security-context.xml. and configuring the namespaces.
my spring-security-context.xml file
- Adding the spring-security-config.xml to the web.xml file so that it can be loaded as a part of the spring application context.
- Adding spring security filters
SecurityContextHolder, to provide access to the
SecurityContext, to hold the
Authenticationand possibly request-specific security information.
Authentication, to represent the principal in a Spring Security-specific manner.
GrantedAuthority, to reflect the application-wide permissions granted to a principal.
UserDetails, to provide the necessary information to build an Authentication object from your application's DAOs or other source source of security data.
UserDetailsService, to create a
UserDetailswhen passed in a
String-based username (or certificate ID or the like).