Trying to set up basic authentication in a web-app using spring. I am patterning what I do off this example: http://howtodoinjava.com/2013/04/16/custom-userdetailsservice-example-for-spring-3-security/. I am using Spring 4.
The behavior is that my HttpRequestHandler runs, never challenging for password. LoginDao never runs.
spring config:
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/*" access="hasRole('ROLE_USER')" />
<security:http-basic />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="loginDao" />
</security:authentication-manager>
<bean id="loginDao" class="weight.dao.LoginDao" />
<bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location" value="/WEB-INF/wt.properties" />
</bean>
What's missing in this tutorial are the entries you have to add to your web.xml. These will load you security context and add the security filter chain to your whole app (which is the main strut of Spring Security):
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/your-security-context-file.xml
classpath:/your-other-context-files.xml
...
</param-value>
</context-param>
<filter>
<display-name>Spring Security Filter</display-name>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments