Create the directory structure Following will be the final project structure: Configure Security The first and foremost step to add spring security in our application is to create Spring Security Java Configuration. This configuration creates a Servlet Filter known as the springSecurityFilterChain which is responsible for all the security protecting the application URLs, validating submitted username and passwords, redirecting to the log in form, etc within our application package com.
Additionally, in order to encrypt the password in database, we have chosen BCryptPasswordEncoder. Moreover, since we will also provide RememberMe functionality, keeping track of token-data in database, we configured a PersistentTokenRepository implementation.
Spring Security comes with two implementation of PersistentTokenRepository: Shown below is an attempt for the same. Configure Hibernate package com. Configure Spring MVC package com. It's only required when handling '. Please fill in different value. Finally, the Spring Intializer class is shown below: Create Spring Controller package com.
Comments on Each method provide the explanations. Create Models package com. Create DAOs package com. Let them lazy load. Create Services package com. Pay special attentions to Spring Security tags usage below. Shown below is the registration page for the same. This is a real-world scenario. It can well be removed from application. Build, deploy and Run Application Now build the war either by eclipse as was mentioned in previous tutorials or via maven command line mvn clean install.
Deploy the war to a Servlet 3. Since here i am using Tomcat, i will simply put this war file into tomcat webapps folder and click on start. If you prefer to deploy from within Eclipse using tomcat: For those of us, who prefer to deploy and run from within eclipse, and might be facing difficulties setting Eclipse with tomcat, the detailed step-by-step solution can be found at: How to setup tomcat with Eclipse.
Open browser and browse at http: Click on Register, user should be added. You should see the newly added user. Now check the list again. Now try to manually type the delete URL in browser-bar and enter. You should see AccessDenied page. Feel free to Comment, and suggest improvements.