Spring MVC Security Custom Logout Project

Click here to download eclipse supported ZIP file

This is accessDenied.jsp JSP file and it is used display the output for the application.

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>AccessDenied page</title> </head> <body> Dear <strong>${user}</strong>, You are not authorized to access this page <a href="<c:url value="/logout" />">Logout</a> </body> </html>

This is admin.jsp JSP file and it is used display the output for the application.

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Admin page</title> </head> <body> Dear <strong>${user}</strong>, Welcome to Admin Page. <a href="<c:url value="/logout" />">Logout</a> </body> </html>

This is dba.jsp JSP file and it is used display the output for the application.

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>DBA page</title> </head> <body> Dear <strong>${user}</strong>, Welcome to DBA Page. <a href="<c:url value="/logout" />">Logout</a> </body> </html>

This is login.jsp JSP file and it is used display the output for the application.

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Login page</title> <link href="<c:url value='/static/css/bootstrap.css' />"  rel="stylesheet"></link> <link href="<c:url value='/static/css/app.css' />" rel="stylesheet"></link> <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/font-awesome/4.2.0/css/font-awesome.css" /> </head> <body> <div id="mainWrapper"> <div class="login-container"> <div class="login-card"> <div class="login-form"> <c:url var="loginUrl" value="/login" /> <form action="${loginUrl}" method="post" class="form-horizontal"> <c:if test="${param.error != null}"> <div class="alert alert-danger"> <p>Invalid username and password.</p> </div> </c:if> <c:if test="${param.logout != null}"> <div class="alert alert-success"> <p>You have been logged out successfully.</p> </div> </c:if> <div class="input-group input-sm"> <label class="input-group-addon" for="username"><i class="fa fa-user"></i></label> <input type="text" class="form-control" id="username" name="ssoId" placeholder="Enter Username" required> </div> <div class="input-group input-sm"> <label class="input-group-addon" for="password"><i class="fa fa-lock"></i></label>  <input type="password" class="form-control" id="password" name="password" placeholder="Enter Password" required> </div> <input type="hidden" name="${_csrf.parameterName}"  value="${_csrf.token}" /> <div class="form-actions"> <input type="submit" class="btn btn-block btn-primary btn-default" value="Log in"> </div> </form> </div> </div> </div> </div> </body> </html>

This is welcome.jsp JSP file and it is used display the output for the application.

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Welcome page</title> </head> <body> Greeting : ${greeting} This is a welcome page. </body> </html>

This is HelloWorldConfiguration.java file having the source code to execute business logic.

package com.cv.spring.security; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.ViewResolver; import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import org.springframework.web.servlet.view.InternalResourceViewResolver; import org.springframework.web.servlet.view.JstlView; /**  * @author Chandra Vardhan  */ @Configuration @EnableWebMvc @ComponentScan(basePackages = "com.cv.spring.security") public class HelloWorldConfiguration extends WebMvcConfigurerAdapter {      @Bean(name="HelloWorld")   public ViewResolver viewResolver() {     InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();     viewResolver.setViewClass(JstlView.class);     viewResolver.setPrefix("/WEB-INF/views/");     viewResolver.setSuffix(".jsp");     return viewResolver;   }   /*      * Configure ResourceHandlers to serve static resources like CSS/ Javascript etc...      */     @Override     public void addResourceHandlers(ResourceHandlerRegistry registry) {         registry.addResourceHandler("/static/**").addResourceLocations("/static/");     } }

This is HelloWorldController.java file having the controller logic and it will have the services defined in it.

package com.cv.spring.security; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; /**  * @author Chandra Vardhan  */ @Controller public class HelloWorldController {      @RequestMapping(value = { "/", "/home" }, method = RequestMethod.GET)   public String homePage(ModelMap model) {     model.addAttribute("greeting", "Hi, Welcome to mysite");     return "welcome";   }   @RequestMapping(value = "/admin", method = RequestMethod.GET)   public String adminPage(ModelMap model) {     model.addAttribute("user", getPrincipal());     return "admin";   }      @RequestMapping(value = "/db", method = RequestMethod.GET)   public String dbaPage(ModelMap model) {     model.addAttribute("user", getPrincipal());     return "dba";   }   @RequestMapping(value = "/Access_Denied", method = RequestMethod.GET)   public String accessDeniedPage(ModelMap model) {     model.addAttribute("user", getPrincipal());     return "accessDenied";   }   @RequestMapping(value = "/login", method = RequestMethod.GET)   public String loginPage() {     return "login";   }   @RequestMapping(value="/logout", method = RequestMethod.GET)   public String logoutPage (HttpServletRequest request, HttpServletResponse response) {     Authentication auth = SecurityContextHolder.getContext().getAuthentication();     if (auth != null){           new SecurityContextLogoutHandler().logout(request, response, auth);     }     return "redirect:/login?logout";//You can redirect wherever you want, but generally it's a good idea to show login screen again.   }   private String getPrincipal(){     String userName = null;     Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();     if (principal instanceof UserDetails) {       userName = ((UserDetails)principal).getUsername();     } else {       userName = principal.toString();     }     return userName;   } }

This is SecurityConfiguration.java file having the source code to execute business logic.

package com.cv.spring.security; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; /**  * @author Chandra Vardhan  */ @Configuration @EnableWebSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter {      @Autowired   public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {     auth.inMemoryAuthentication().withUser("bill").password("abc123").roles("USER");     auth.inMemoryAuthentication().withUser("admin").password("root123").roles("ADMIN");     auth.inMemoryAuthentication().withUser("dba").password("root123").roles("ADMIN","DBA");   }      @Override   protected void configure(HttpSecurity http) throws Exception {          http.authorizeRequests()       .antMatchers("/", "/home").permitAll()       .antMatchers("/admin/**").access("hasRole('ADMIN')")       .antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")       .and().formLogin().loginPage("/login")       .usernameParameter("ssoId").passwordParameter("password")       .and().exceptionHandling().accessDeniedPage("/Access_Denied");   } }

This is SecurityWebApplicationInitializer.java file having the source code to execute business logic.

package com.cv.spring.security; import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; /**  * @author Chandra Vardhan  */ public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }

This is SpringMvcInitializer.java file having the source code to execute business logic.

package com.cv.spring.security; import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer; /**  * @author Chandra Vardhan  */ public class SpringMvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {   @Override   protected Class<?>[] getRootConfigClasses() {     return new Class[] { HelloWorldConfiguration.class };   }     @Override   protected Class<?>[] getServletConfigClasses() {     return null;   }     @Override   protected String[] getServletMappings() {     return new String[] { "/" };   } }

This is pom.xml file having the entries of dependency jars and information to build the application .

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">.0" encoding="UTF-8"?> <modelVersion>4.0.0</modelVersion> <groupId>com.cv.spring.mvc.hibernate</groupId> <artifactId>SpringMVCSecurityCustomLogout</artifactId> <name>SpringMVCSecurityCustomLogout</name> <packaging>war</packaging> <version>1.0</version> <properties> <springframework.version>4.2.0.RELEASE</springframework.version> <springsecurity.version>4.0.1.RELEASE</springsecurity.version> </properties> <dependencies> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>${springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>${springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${springframework.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${springsecurity.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${springsecurity.version}</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> </dependency> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>javax.servlet.jsp-api</artifactId> <version>2.3.1</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> </dependencies> <build> <pluginManagement> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>2.4</version> <configuration> <warSourceDirectory>src/main/webapp</warSourceDirectory> <warName>SpringMVCSecurityCustomLogout</warName> <failOnMissingWebXml>false</failOnMissingWebXml> </configuration> </plugin> </plugins> </pluginManagement> <finalName>SpringMVCSecurityCustomLogout</finalName> </build> </project>

This is log4j.properties file having the entries for logging the information into the console/file.

#By default enabling Console appender # Root logger option log4j.rootLogger=INFO, stdout # Redirect log messages to console log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.Target=System.out log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=%-5p [%c]:%L -->> %m%n # Redirect log messages to a log file #log4j.appender.file=org.apache.log4j.RollingFileAppender #log4j.appender.file.File=C:\servlet-application.log #log4j.appender.file.MaxFileSize=5MB #log4j.appender.file.MaxBackupIndex=10 #log4j.appender.file.layout=org.apache.log4j.PatternLayout #log4j.appender.file.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n