</authentication-provider>
</authentication-manager>
</beans:beans>
Since our requirement is simple, the configuration is simple too. First, the <http> tag defines the
security configuration for HTTP requests. The attribute use-expressions means that we want to use
Spring Expression Language (SpEL) for the expressions. The <intercept-url> tag specifies that all users
are allowed to enter the application. We will see how we can protect the function by hiding the editing
options in the view using Spring Security's tag library and controller method security. Then the <form-
login> defines the support for form login. As we discussed in the layout, the login form will display on
the left. We provide a logout link as well.
The <authentication-manager> tag defines the authentication mechanism. In the configuration, we
hard-code a single user with the role ROLE_USER assigned. In a production environment, the user should
be authenticated against the database, LDAP, or an SSO mechanism.
Listing 17-59 shows the revised root-context.xml file to import the security configuration file.
Listing 17-59. Spring Security Context Configuration
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
<!-- Other code omitted -->
<import resource="classpath:datasource-tx-jpa.xml" />
<import resource="security-context.xml"/>
<context:component-scan base-package="com.apress.prospring3.ch17.service.jpa"/>
</beans>
The import statement is highlighted in bold.
Adding Login Functions to the Application
We need to modify two page components: the header (header.jspx) and the menu (menu.jspx).
Listing 17-60 shows the revised header.jspx file to display the user information if the user is logged
in.
Listing 17-60. Display Login User Information
<div id="header" xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:spring="http://www.springframework.org/tags"
xmlns:sec="http://www.springframework.org/security/tags"
version="2.0">
<jsp:directive.page contentType="text/html;charset=UTF-8" />
<jsp:output omit-xml-declaration="yes" />
<spring:message code="header_text" var="headerText"/>
<spring:message code="label_logout" var="labelLogout"/>
<spring:message code="label_welcome" var="labelWelcome"/>
<spring:url var="logoutUrl" value="/j_spring_security_logout" />
Search WWH :
Custom Search
Previous Page
Spring Framework 3 Topic Index
Next Page
Spring Framework 3 Bookmarks
Home