Spring - security 예제

Framework & Platform/Spring 2012. 5. 23. 23:39


Unable to locate Spring NamespaceHandler

원문: 감사합니다.
http://techieth8s.blogspot.com/2011/04/unable-to-locate-spring.html

오늘, 난 spring-security 관련 에러 때문에 고생하였습니다.
단지 WEB-INF/lib에 관련 library를 추가하고 
http://www.springframework.org/schema/security/spring-security-3.1.xsd
를 사용하면 그만입니다.

Error:
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/tx] Offending resource: class path resource [applicationContext.xml]
Solution: Add spring-tx.jar to WEB-INF/lib

Error:
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security] Offending resource: class path resource [applicationContext.xml]
Solution: Add spring-core, spring-acl, spring-config, spring-web, spring-taglibs jars to WEB-INF/lib


출처 - http://credemol.blogspot.com/2012_03_01_archive.html


===================================================================================


기본적으로 아래 페이지를 한번 정독 하시면 어떻게 하는지 아실 수 있습니다.

http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html


그럼에도 불구하고 샘플코드가 잘 정리된게 있으면 좋겠죠.
굳이 제가 정리 하지 않아도 잘 정리된게 있어서 첨부 합니다.

[원본글 링크]

[form login]
http://www.mkyong.com/spring-security/spring-security-form-login-example/ 

[form logout]
http://www.mkyong.com/spring-security/spring-security-logout-example/

[form database login]
http://www.mkyong.com/spring-security/spring-security-form-login-using-database/  


[Login 예제]

Defined your custom login form in Spring XML file. See explanation below :

  1. login-page=”/login” – The login form will be “/login”
  2. default-target-url=”/welcome” – If authentication success, forward to “/welcome”
  3. authentication-failure-url=”/loginfailed” – If authentication failed, forward to “/loginfailed”
  4. logout-success-url=”/logout” – If logout , forward to “/logout”

File : spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
 
	<http auto-config="true">
		<intercept-url pattern="/welcome*" access="ROLE_USER" />
		<form-login login-page="/login" default-target-url="/welcome"
			authentication-failure-url="/loginfailed" />
		<logout logout-success-url="/logout" />
	</http>
 
	<authentication-manager>
	  <authentication-provider>
		<user-service>
			<user name="mkyong" password="123456" authorities="ROLE_USER" />
		</user-service>
	  </authentication-provider>
	</authentication-manager>
 
</beans:beans>

In custom login form, you have to follow Spring Security standard name :

  1. j_spring_security_check – Login service
  2. j_spring_security_logout – Logout service
  3. j_username – Username
  4. j_password – Password

To display authentication error messages, use this :

${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}

File : login.jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login Page</title>
<style>
.errorblock {
	color: #ff0000;
	background-color: #ffEEEE;
	border: 3px solid #ff0000;
	padding: 8px;
	margin: 16px;
}
</style>
</head>
<body onload='document.f.j_username.focus();'>
	<h3>Login with Username and Password (Custom Page)</h3>
 
	<c:if test="${not empty error}">
		<div class="errorblock">
			Your login attempt was not successful, try again.<br /> Caused :
			${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
		</div>
	</c:if>
 
	<form name='f' action="<c:url value='j_spring_security_check' />"
		method='POST'>
 
		<table>
			<tr>
				<td>User:</td>
				<td><input type='text' name='j_username' value=''>
				</td>
			</tr>
			<tr>
				<td>Password:</td>
				<td><input type='password' name='j_password' />
				</td>
			</tr>
			<tr>
				<td colspan='2'><input name="submit" type="submit"
					value="submit" />
				</td>
			</tr>
			<tr>
				<td colspan='2'><input name="reset" type="reset" />
				</td>
			</tr>
		</table>
 
	</form>
</body>
</html>

File : hello.jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
	<h3>Message : ${message}</h3>	
	<h3>Username : ${username}</h3>	
 
	<a href="<c:url value="/j_spring_security_logout" />" > Logout</a>
 
</body>
</html>



[Logout 예제]

In Spring Security, to log out, just add a link to url “j_spring_security_logout“, for example :

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
	<h3>messages, whatever</h3>	
	<a href="<c:url value="j_spring_security_logout" />" > Logout</a>
</body>
</html>

In Spring security, declares “logout” tag, and configure the “logout-success-url” attribute :

<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
 
	<http auto-config="true">
		<intercept-url pattern="/welcome*" access="ROLE_USER" />
		<logout logout-success-url="/welcome" />
	</http>
 
	<authentication-manager>
	  <authentication-provider>
	    <user-service>
		<user name="mkyong" password="password" authorities="ROLE_USER" />
	    </user-service>
	  </authentication-provider>
	</authentication-manager>
 
</beans:beans>



[Database Login]

1. Database Tables

In database, you need to create two tables to store user details and user role details, one to many relationship, one user can contains many roles.

A simple and standard table design for user role relationship. And, you are allow to add extra columns for extra functionality. In additional, the table name and column name are not fixed, you can rename to whatever name.

P.S All scripts in MySQL.

CREATE TABLE `users` (
  `USER_ID` INT(10) UNSIGNED NOT NULL,
  `USERNAME` VARCHAR(45) NOT NULL,
  `PASSWORD` VARCHAR(45) NOT NULL,
  `ENABLED` tinyint(1) NOT NULL,
  PRIMARY KEY (`USER_ID`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `user_roles` (
  `USER_ROLE_ID` INT(10) UNSIGNED NOT NULL,
  `USER_ID` INT(10) UNSIGNED NOT NULL,
  `AUTHORITY` VARCHAR(45) NOT NULL,
  PRIMARY KEY (`USER_ROLE_ID`),
  KEY `FK_user_roles` (`USER_ID`),
  CONSTRAINT `FK_user_roles` FOREIGN KEY (`USER_ID`) REFERENCES `users` (`USER_ID`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Insert data for testing, now an user “mkyong” is created and contains role named “ROLE_USER“.

INSERT INTO mkyongdb.users (USER_ID, USERNAME,PASSWORD, ENABLED)
VALUES (100, 'mkyong', '123456', TRUE);
 
INSERT INTO mkyongdb.user_roles (USER_ROLE_ID, USER_ID,AUTHORITY)
VALUES (1, 100, 'ROLE_USER');

2. Spring JDBC

Create a data source bean, and connect to database via Spring JDBC.

<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
 
   <bean id="dataSource"
	class="org.springframework.jdbc.datasource.DriverManagerDataSource">
 
	<property name="driverClassName" value="com.mysql.jdbc.Driver" />
	<property name="url" value="jdbc:mysql://localhost:3306/mkyongdb" />
	<property name="username" value="root" />
	<property name="password" value="password" />
   </bean>
 
</beans>

3. Spring Security

In Spring security configuration file, use “jdbc-user-service” tag, and define your query to get the data from database.

<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
 
	<http auto-config="true">
		<intercept-url pattern="/welcome*" access="ROLE_USER" />
		<form-login login-page="/login" default-target-url="/welcome"
			authentication-failure-url="/loginfailed" />
		<logout logout-success-url="/logout" />
	</http>
 
	<authentication-manager>
	   <authentication-provider>
		<jdbc-user-service data-source-ref="dataSource"
 
		   users-by-username-query="
		      select username,password, enabled 
		      from users where username=?" 
 
		   authorities-by-username-query="
		      select u.username, ur.authority from users u, user_roles ur 
		      where u.user_id = ur.user_id and u.username =?  " 
 
		/>
	   </authentication-provider>
	</authentication-manager>
 
</beans:beans>


출처 - http://jjeong.tistory.com/609





저작자표시

'Framework & Platform > Spring' 카테고리의 다른 글

spring - 메소드 파라미터  (0) 2012.05.24
spring - cookie 설정  (0) 2012.05.24
Spring Security 이해  (1) 2012.05.23
Spring - @mvc -@Pattern  (0) 2012.05.23
도메인 객체(오브젝트)  (0) 2012.05.21
Posted by linuxism
,

티스토리툴바