So I decided to put a blog together to show how this can be achieved having had to figure this out and piece it together myself.
Firstly the spring-security.xml itself, notice the reference to application context config file at line 9. This is important to allow the spring container to inject the dependencies for the customerDao class.
1: <?xml version="1.0" encoding="UTF-8"?>
2: <beans:beans xmlns:sec="http://www.springframework.org/schema/security"
3: xmlns:beans="http://www.springframework.org/schema/beans"
4: xmlns:p="http://www.springframework.org/schema/p"
5: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
6: xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
7: http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
8:
9: <beans:import resource="servlet-context.xml"/>
10:
11: <sec:http auto-config="true" use-expressions="true">
12: <sec:intercept-url pattern="/**" access="permitAll" />
13: <sec:form-login login-page="/login" default-target-url="/success" authentication-failure-url="/oops" />
14: <sec:logout logout-success-url="/logout" />
15: </sec:http>
16:
17: <beans:bean id="customerDao" class="com.dmcliver.springvalidation.dataaccess.CustomerDaoImpl"></beans:bean>
18:
19: <beans:bean id="userDetailsService" class="com.dmcliver.springvalidation.services.UserDetailsServiceImpl">
20: <beans:property name="customerDao" ref="customerDao"/>
21: </beans:bean>
22:
23: <beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
24: <beans:constructor-arg value="256"/>
25: </beans:bean>
26:
27: <beans:bean id="saltSource"
28: class="org.springframework.security.authentication.dao.ReflectionSaltSource"
29: p:userPropertyToUse="username" />
30:
31: <sec:authentication-manager alias="authenticationManager">
32: <sec:authentication-provider user-service-ref="userDetailsService">
33: <sec:password-encoder hash="sha" ref="passwordEncoder">
34: <sec:salt-source ref="saltSource"></sec:salt-source>
35: </sec:password-encoder>
36: </sec:authentication-provider>
37: </sec:authentication-manager>
38:
39: </beans:beans>
1: <context-param>
2: <param-name>contextConfigLocation</param-name>
3: <param-value>
4: /WEB-INF/spring/root-context.xml,
5: /WEB-INF/spring/appServlet/spring-security.xml
6: </param-value>
7: </context-param>
8:
9: <filter>
10: <filter-name>springSecurityFilterChain</filter-name>
11: <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
12: </filter>
13:
14: <filter-mapping>
15: <filter-name>springSecurityFilterChain</filter-name>
16: <url-pattern>/*</url-pattern>
17: </filter-mapping>
18:
19: <listener>
20: <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
21: </listener>
1: @RequestMapping(value = "/register", method = RequestMethod.POST)
2: public String register(@Valid @ModelAttribute Customer customer, BindingResult result, Model model) {
3:
4: if(result.hasErrors()){
5: return "register";
6: }
7: try{
8: customerDao.save(customer);
9: }
10: catch(Exception ex){
11: result.reject("gblErrMess",ex.getMessage());
12: return "register";
13: }
14: model.addAttribute("userName",customer.getUserName());
15: return "success";
16: }
1: @Transactional
2: public void save(Customer customer) {
3: String password = passwordEncoder.encodePassword(customer.getPassword(), customer.getUserName());
4: Session session = sessionFactory.getCurrentSession();
5: customer.setPassword(password);
6: session.save(customer);
7: }
References:
http://www.mkyong.com/tutorials/spring-security-tutorials/
http://springinpractice.com/2008/10/11/hashing-and-salting-passwords-with-spring-security-2/
No comments:
Post a Comment