Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-2252: Add custom form guide

This commit is contained in:
Rob Winch 2013-08-19 14:57:23 -05:00
parent 51b9c4a19a
commit 658a93178c
22 changed files with 8002 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/guides/src/asciidoc/form-includes/verify-app.asc Normal file
View File

@ -0,0 +1,6 @@
Verify the application is working:
* Navigate to http://localhost:8080/sample/ You should see a login form
* Enter the *username* _user_, the *password* _password_, and click the *Login* button. You should now see the main application.
* Try clicking on the Compose link and creating a message. The message details should be displayed.
* Now click on the Inbox link and see the message listed. You can click on the summary link to see the details displayed again.

255
docs/guides/src/asciidoc/form.asc Normal file
View File

@ -0,0 +1,255 @@
= Creating a Custom Login Form
:author: Rob Winch
:starter-appname: hellomvc-jc
:completed-appname: form-jc
:verify-starter-app-include: form-includes/verify-app.asc
This guide builds off of link:hellomvc.html[Hello Spring MVC Security Java Config] to explain how to configure and use a custom login form with Spring Security Java Configuration.
include::hello-includes/setting-up-the-sample.asc[]
= Overriding the default configure(HttpSecurity) method
As we saw in link:hellomvc.html[Hello Spring MVC Security Java Config], Spring Security's `WebSecurityConfigurerAdapter` provides some convenient defaults to get our application
up and running quickly. However, our login form does not match the rest of our application. Let's see how we can update our configuration to use a custom form.
== Default configure(HttpSecurity)
The default configuration for the configure(HttpSecurity) method can be seen below:
[source,java]
----
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated() <1>
.and()
.formLogin() <2>
.and()
.httpBasic(); <3>
}
----
The configuration ensures that:
<1> every request requires the user to be authenticated
<2> form based authentication is supported
<3> HTTP Basic Authentication is supported
== Configuring a custom login page
We will want to ensure we compensate for overriding these defaults in our updates. Open up the `SecurityConfig` and insert the configure method as shown below:
.src/main/java/org/springframework/security/samples/config/SecurityConfig.java
[source,java]
----
// ...
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login");
}
// ...
}
----
The line `loginPage("/login")` instructs Spring Security
* when authentication is required, redirect the browser to */login*
* we are in charge of rendering the login page when */login* is requested
* when authentication attempt fails, redirect the browser to */login?error* (since we have not specified otherwise)
* we are in charge of rendering a failure page when */login?error* is requested
* when we successfully logout, redirect the browser to */login?logout* (since we have not specified otherwise)
* we are in charge of rendering a logout confirmation page when */login?logout* is requested
Go ahead and start up the server and try visiting http://localhost:8080/sample/ to see the updates to our configuration. In many browsers you will see an error similar to *This webpage has a redirect loop*. What is happening?
== Granting access to unauthenticated users
The issue is that Spring Security is protecting access to our custom login page. In particular the following is happening:
* We make a request to our web application
* Spring Security sees that we are not authenticated
* We are redirected to */login*
* The browser requests */login*
* Spring Security sees that we are not authenticated
* We are redirected to */login* ...
To fix this we need to instruct Spring Security to allow anyone to access the */login* URL. We can easily do this with the following updates:
.src/main/java/org/springframework/security/samples/config/SecurityConfig.java
[source,java]
----
// ...
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll();
}
// ...
}
----
The `permitAll()` statement instructs Spring Security to allow any access to any URL (i.e. */login* and */login?error*) associated to `formLogin()`.
NOTE: Granting access to the `formLogin()` URLs is not done by default since Spring Security needs to make certain assumptions about what is allowed and what is not. To be secure, it is best to ensure granting access to resources is explicit.
Start up the server and try visiting http://localhost:8080/sample/ to see the updates to our configuration. You should now get a 404 error stating that */login* cannot be found.
= Creating a login page
Within Spring Web MVC there are two steps to creating our login page:
* Creating a controller
* Creating a view
== Configuring a login view controller
Within Spring Web MVC, the first step is to ensure that we have a controller that can point to our view. Since our project adds the *messages-jc* project as a dependency and it contains a view controller for */login* we do not need to create a controller within our application. For reference, you can see the configuration below:
[source,java]
----
// ...
@EnableWebMvc
@ComponentScan("org.springframework.security.samples.mvc")
public class WebMvcConfiguration extends WebMvcConfigurerAdapter {
// ...
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
}
@Bean
public InternalResourceViewResolver jspxViewResolver() {
InternalResourceViewResolver result = new InternalResourceViewResolver();
result.setPrefix("/WEB-INF/views/");
result.setSuffix(".jspx");
return result;
}
}
----
== Creating a login view
Our existing configuration means that all we need to do is create a *login.jspx* file with the following contents:
.src/main/webapp/WEB-INF/views/login.jspx
[source,xml]
----
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:spring="http://www.springframework.org/tags"
xmlns:c="http://java.sun.com/jsp/jstl/core"
xmlns:form="http://www.springframework.org/tags/form" version="2.0">
<jsp:directive.page language="java" contentType="text/html" />
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Please Login</title>
</head>
<body>
<c:url value="/login" var="loginUrl"/>
<form:form name="f" action="${loginUrl}" method="post"> <1>
<fieldset>
<legend>Please Login</legend>
<c:if test="${param.error != null}"> <2>
<div class="alert alert-error">
Invalid username and password.
</div>
</c:if>
<c:if test="${param.logout != null}"> <3>
<div class="alert alert-success">
You have been logged out.
</div>
</c:if>
<label for="username">Username</label>
<input type="text" id="username" name="username"/> <4>
<label for="password">Password</label>
<input type="password" id="password" name="password"/> <5>
<div class="form-actions">
<button type="submit" class="btn">Log in</button>
</div>
</fieldset>
</form:form>
</body>
</html>
</jsp:root>
----
<1> The URL we submit our username and password to is the same URL as our login form (i.e. */login*), but a *POST* instead of a *GET*.
<2> When authentication fails, the browser is redirected to */login?error* so we can display an error message by detecting if the parameter *error* is non-null.
IMPORTANT: Do not display details about why authentication failed. For example, we do not want to display that the user does not exist as this will tell an attacker that they should try a different username.
<3> When we are successfully loged out, the browser is redirected to */login?logout* so we can display an logout success message by detecting if the parameter *logout* is non-null.
<4> The username should be present on the HTTP parameter username
<5> The password should be present on the HTTP parameter password
TIP: We use Spring Web MVC's <form:form> tag to automatically add the CSRF token to our form. We could also manually add the CSRF token using `<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>`.
Start up the server and try visiting http://localhost:8080/sample/ to see the updates to our configuration. We now see our login page, but it does not look very pretty. The issue is that we have not granted access to the css files.
== Grant access to remaining resources
We need to update our configuration to allow anyone to access our resources and our logout pages. Update the configuration as shown below:
.src/main/java/org/springframework/security/samples/config/SecurityConfig.java
[source,java]
----
// ...
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**").permitAll() <1>
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout() <2>
.permitAll();
}
// ...
}
----
<1> This allows anyone to access a URL that begins with */resources/*. Since this is where our css, javascript, and images are stored all our static resources are viewable by anyone.
<2> As you might expect, `logout().permitAll()` allows any user to request logout and view logout success URL.
Start up the server and try visiting http://localhost:8080/sample/ to see the updates to our configuration. We now see a custom login page that looks like the rest of our application.
* Try entering an invalid username and password. You will see our error message is displayed.
* Try entering a valid username and password. You will be authenticated successfully.
* Try clicking the Log Out button. You will see our logout success message

2
docs/guides/src/asciidoc/hello-includes/setting-up-the-sample.asc
View File

@ -1,6 +1,6 @@
== Setting up the sample
This section outlines how to setup a workspace within STS so that you can follow along with this guide. The <<securing-the-application>> section outlines generic steps for how to apply Spring Security to your existing application. While you could simply apply the steps to your existing application, we encourage you to follow along with this guide as is to reduce the complexity.
This section outlines how to setup a workspace within STS so that you can follow along with this guide. The next section outlines generic steps for how to apply Spring Security to your existing application. While you could simply apply the steps to your existing application, we encourage you to follow along with this guide as is to reduce the complexity.
=== Obtaining the sample projects

2
docs/guides/src/asciidoc/hellomvc.asc
View File

@ -142,4 +142,4 @@ include::hello-includes/basic-authentication.asc[]
== Conclusion
You should now now how to secure your application using Spring Security without using any XML.
You should now now how to secure your application using Spring Security without using any XML. Next, we will see how to link:form.html[customize our login form].

4
docs/guides/src/asciidoc/index.asc
View File

@ -10,3 +10,7 @@ These are the most basic starting points for using a web based application.
* link:helloworld.html[Hello Spring Security Java Config] - demonstrates how to integrate Spring Security with an existing application that does not already use Spring
* link:hellomvc.html[Hello Spring MVC Security Java Config] - demonstrates how to integrate Spring Security with an existing Spring MVC application
== Simple Customization
* link:hellomvc.html[Creating a custom login form] - demonstrates how to create a custom login form

25
samples/form-jc/build.gradle Normal file
View File

@ -0,0 +1,25 @@
apply from: WAR_SAMPLE_GRADLE
dependencies {
providedCompile "javax.servlet:javax.servlet-api:3.0.1",
'javax.servlet.jsp:jsp-api:2.1'
compile project(":spring-security-config"),
project(":spring-security-samples-messages-jc"),
project(":spring-security-core"),
project(":spring-security-web"),
"org.springframework:spring-webmvc:$springVersion",
"org.springframework:spring-jdbc:$springVersion",
"org.slf4j:slf4j-api:$slf4jVersion",
"org.slf4j:log4j-over-slf4j:$slf4jVersion",
"org.slf4j:jul-to-slf4j:$slf4jVersion",
"org.slf4j:jcl-over-slf4j:$slf4jVersion",
"javax.servlet:jstl:1.2",
"javax.validation:validation-api:1.0.0.GA",
"org.hibernate:hibernate-validator:4.2.0.Final"
runtime "opensymphony:sitemesh:2.4.2",
'cglib:cglib-nodep:2.2.2',
'ch.qos.logback:logback-classic:0.9.30'
}

214
samples/form-jc/pom.xml Normal file
View File

@ -0,0 +1,214 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-form-jc</artifactId>
<version>3.2.0.CI-SNAPSHOT</version>
<packaging>war</packaging>
<name>spring-security-samples-form-jc</name>
<description>spring-security-samples-form-jc</description>
<url>http://springsource.org/spring-security</url>
<organization>
<name>SpringSource</name>
<url>http://springsource.org/</url>
</organization>
<licenses>
<license>
<name>The Apache Software License, Version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
<distribution>repo</distribution>
</license>
</licenses>
<developers>
<developer>
<id>rwinch</id>
<name>Rob Winch</name>
<email>rwinch@vmware.com</email>
</developer>
</developers>
<scm>
<connection>scm:git:git://github.com/SpringSource/spring-security</connection>
<developerConnection>scm:git:git://github.com/SpringSource/spring-security</developerConnection>
<url>https://github.com/SpringSource/spring-security</url>
</scm>
<build>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>spring-snasphot</id>
<url>http://repo.springsource.org/libs-snapshot</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>1.0.0.GA</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>4.2.0.Final</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.7.5</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
<version>1.7.5</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>1.7.5</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.5</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.0.CI-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.2.0.CI-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-messages-jc</artifactId>
<version>3.2.0.CI-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.2.0.CI-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>3.2.3.RELEASE</version>
<scope>compile</scope>
<exclusions>
<exclusion>
<artifactId>commons-logging</artifactId>
<groupId>commons-logging</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>3.2.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>3.2.3.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.1</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>cglib</groupId>
<artifactId>cglib-nodep</artifactId>
<version>2.2.2</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>0.9.30</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>opensymphony</groupId>
<artifactId>sitemesh</artifactId>
<version>2.4.2</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>0.9.29</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.7</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.easytesting</groupId>
<artifactId>fest-assert</artifactId>
<version>1.4</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>1.8.5</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>3.2.3.RELEASE</version>
<scope>test</scope>
</dependency>
</dependencies>
<properties>
<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
</properties>
</project>

27
samples/form-jc/src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java Normal file
View File

@ -0,0 +1,27 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.samples.config;
import org.springframework.core.annotation.Order;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
/**
* No customizations of {@link AbstractSecurityWebApplicationInitializer} are necessary.
*
* @author Rob Winch
*/
public class MessageSecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}

34
samples/form-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java Normal file
View File

@ -0,0 +1,34 @@
package org.springframework.security.samples.config;
import org.springframework.context.annotation.*;
import org.springframework.security.config.annotation.authentication.builders.*;
import org.springframework.security.config.annotation.web.builders.*;
import org.springframework.security.config.annotation.web.configuration.*;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Override
protected void registerAuthentication(
AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}

5
samples/form-jc/src/main/webapp/WEB-INF/decorators.xml Normal file
View File

@ -0,0 +1,5 @@
<decorators defaultdir="/WEB-INF/decorators">
<decorator name="main" page="main.jsp">
<pattern>/*</pattern>
</decorator>
</decorators>

138
samples/form-jc/src/main/webapp/WEB-INF/decorators/main.jsp Normal file
View File

@ -0,0 +1,138 @@
<?xml version="1.0" encoding="UTF-8" ?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:c="http://java.sun.com/jsp/jstl/core"
xmlns:fn="http://java.sun.com/jsp/jstl/functions"
xmlns:decorator="http://www.opensymphony.com/sitemesh/decorator"
xmlns:page="http://www.opensymphony.com/sitemesh/page"
xmlns:form="http://www.springframework.org/tags/form"
xmlns:spring="http://www.springframework.org/tags"
xmlns:sec="http://www.springframework.org/security/tags"
xmlns:tags="urn:jsptagdir:/WEB-INF/tags" version="2.0">
<jsp:directive.page contentType="text/html" pageEncoding="UTF-8" />
<jsp:output omit-xml-declaration="true" />
<jsp:output doctype-root-element="HTML"
doctype-system="about:legacy-compat" />
<html lang="en">
<head>
<title>SecureMail: <decorator:title/></title>
<c:url var="faviconUrl" value="/resources/img/favicon.ico"/>
<link rel="icon" type="image/x-icon" href="${faviconUrl}"/>
<c:url var="bootstrapUrl" value="/resources/css/bootstrap.css"/>
<link href="${bootstrapUrl}" rel="stylesheet"></link>
<style type="text/css">
/* Sticky footer styles
-------------------------------------------------- */
html,
body {
height: 100%;
/* The html and body elements cannot have any padding or margin. */
}
/* Wrapper for page content to push down footer */
#wrap {
min-height: 100%;
height: auto !important;
height: 100%;
/* Negative indent footer by it's height */
margin: 0 auto -60px;
}
/* Set the fixed height of the footer here */
#push,
#footer {
height: 60px;
}
#footer {
background-color: #f5f5f5;
}
/* Lastly, apply responsive CSS fixes as necessary */
@media (max-width: 767px) {
#footer {
margin-left: -20px;
margin-right: -20px;
padding-left: 20px;
padding-right: 20px;
}
}
/* Custom page CSS
-------------------------------------------------- */
/* Not required for template or sticky footer method. */
.container {
width: auto;
max-width: 680px;
}
.container .credit {
margin: 20px 0;
text-align: center;
}
a {
color: green;
}
.navbar-form {
margin-left: 1em;
}
</style>
<c:url var="bootstrapResponsiveUrl" value="/resources/css/bootstrap-responsive.css"/>
<link href="${bootstrapResponsiveUrl}" rel="stylesheet"></link>
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
</head>
<body>
<div id="wrap">
<div class="navbar navbar-inverse navbar-static-top">
<div class="navbar-inner">
<div class="container">
<a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</a>
<c:url var="homeUrl" value="/"/>
<c:url var="logoUrl" value="/resources/img/logo.png"/>
<a class="brand" href="${homeUrl}"><img src="${logoUrl}" alt="Spring Security Sample"/></a>
<div class="nav-collapse collapse">
<c:if test="${pageContext.request.remoteUser != null}">
<c:url var="logoutUrl" value="/logout"/>
<form:form class="navbar-form pull-right" action="${logoutUrl}" method="post"><input type="submit" value="Log out" /></form:form>
<p class="navbar-text pull-right">
<c:out value="${pageContext.request.remoteUser}"/>
</p>
</c:if>
<ul class="nav">
<c:url var="inboxUrl" value="/"/>
<li><a href="${inboxUrl}">Inbox</a></li>
<c:url var="composeUrl" value="/?form"/>
<li><a href="${composeUrl}">Compose</a></li>
</ul>
</div>
</div>
</div>
</div>
<!-- Begin page content -->
<div class="container">
<decorator:body/>
</div>
<div id="push"><!-- --></div>
</div>
<div id="footer">
<div class="container">
<p class="muted credit">Visit the <a href="#">Spring Security</a> site for more <a href="#">samples</a>.</p>
</div>
</div>
</body>
</html>
</jsp:root>

36
samples/form-jc/src/main/webapp/WEB-INF/views/login.jspx Normal file
View File

@ -0,0 +1,36 @@
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:spring="http://www.springframework.org/tags"
xmlns:c="http://java.sun.com/jsp/jstl/core"
xmlns:form="http://www.springframework.org/tags/form" version="2.0">
<jsp:directive.page language="java" contentType="text/html" />
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Please Login</title>
</head>
<body>
<c:url value="/login" var="loginUrl"/>
<form:form name="f" action="${loginUrl}" method="post">
<fieldset>
<legend>Please Login</legend>
<c:if test="${param.error != null}">
<div class="alert alert-error">
Invalid username and password.
</div>
</c:if>
<c:if test="${param.logout != null}">
<div class="alert alert-success">
You have been logged out.
</div>
</c:if>
<label for="j_username">Username</label>
<input type="text" id="j_username" name="username" value="${username}"/>
<label for="j_password">Password</label>
<input type="password" id="j_password" name="password"/>
<div class="form-actions">
<button type="submit" class="btn">Log in</button>
</div>
</fieldset>
</form:form>
</body>
</html>
</jsp:root>

26
samples/form-jc/src/main/webapp/WEB-INF/views/messages/compose.jspx Normal file
View File

@ -0,0 +1,26 @@
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:spring="http://www.springframework.org/tags"
xmlns:c="http://java.sun.com/jsp/jstl/core"
xmlns:form="http://www.springframework.org/tags/form" version="2.0">
<jsp:directive.page language="java" contentType="text/html" />
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Compose</title>
</head>
<body>
<div class="container">
<h1>Messages : Create</h1>
<form:form action="./" method="post" modelAttribute="message">
<form:errors path="*" element="div" cssClass="alert alert-error" />
<label for="summary">Summary</label>
<form:input type="text" path="summary" class="input-xxlarge" />
<label for="text">Message</label>
<form:textarea path="text" class="input-xxlarge"></form:textarea>
<div class="form-actions">
<input type="submit" value="Create" />
</div>
</form:form>
</div>
</body>
</html>
</jsp:root>

40
samples/form-jc/src/main/webapp/WEB-INF/views/messages/inbox.jspx Normal file
View File

@ -0,0 +1,40 @@
<jsp:root
xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:spring="http://www.springframework.org/tags"
xmlns:c="http://java.sun.com/jsp/jstl/core" xmlns:form="http://www.springframework.org/tags/form"
xmlns:fmt="http://java.sun.com/jsp/jstl/fmt"
version="2.0">
<jsp:directive.page language="java" contentType="text/html"/>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Inbox</title>
</head>
<body>
<h1>Inbox</h1>
<table class="table">
<thead>
<tr>
<th>Created</th>
<th>Summary</th>
</tr>
</thead>
<tbody>
<c:if test="${empty messages}">
<tr>
<td colspan="2" class="msg">You have not received any mail yet.</td>
</tr>
</c:if>
<c:forEach items="${messages}" var="message">
<tr>
<td><fmt:formatDate value="${message.created.time}"/></td>
<spring:url var="messageUrl" value="/{id}">
<spring:param name="id" value="${message.id}"/>
</spring:url>
<td><a href="${messageUrl}"><c:out value="${message.summary}"/></a></td>
</tr>
</c:forEach>
</tbody>
</table>
</body>
</html>
</jsp:root>

24
samples/form-jc/src/main/webapp/WEB-INF/views/messages/show.jspx Normal file
View File

@ -0,0 +1,24 @@
<jsp:root
xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:spring="http://www.springframework.org/tags"
xmlns:fmt="http://java.sun.com/jsp/jstl/fmt"
xmlns:c="http://java.sun.com/jsp/jstl/core" xmlns:form="http://www.springframework.org/tags/form"
version="2.0">
<jsp:directive.page language="java" contentType="text/html"/>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title><c:out value="${message.summary}"/></title>
</head>
<body>
<div class="container">
<h1>Message : <c:out value="${message.summary}"/></h1>
<dl>
<dt>Created</dt>
<dd><fmt:formatDate value="${message.created.time}"/></dd>
<dt>Message</dt>
<dd><c:out value="${message.text}"/></dd>
</dl>
</div>
</body>
</html>
</jsp:root>

1092
samples/form-jc/src/main/webapp/resources/css/bootstrap-responsive.css vendored Normal file
View File

File diff suppressed because it is too large Load Diff

6039
samples/form-jc/src/main/webapp/resources/css/bootstrap.css vendored Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
samples/form-jc/src/main/webapp/resources/img/favicon.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

BIN
samples/form-jc/src/main/webapp/resources/img/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

33
samples/form-jc/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java Normal file
View File

@ -0,0 +1,33 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.samples.config;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
/**
* @author Rob Winch
*
*/
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(classes=SecurityConfig.class)
public class SecurityConfigTests {
@Test
public void securityConfigurationLoads() {}
}

5
samples/messages-jc/src/main/java/org/springframework/security/samples/mvc/config/WebMvcConfiguration.java
View File

@ -21,17 +21,14 @@ public class WebMvcConfiguration extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
super.addViewControllers(registry);
registry.addViewController("/login").setViewName("login");
registry.addViewController("/errors/404").setViewName("errors/404");
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
super.addResourceHandlers(registry);
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
registry.addResourceHandler("/resources/**").addResourceLocations("/resources/").setCachePeriod(31556926);
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
}
@Bean

1
settings.gradle
View File

@ -26,6 +26,7 @@ def String[] samples = [
'jaas-xml',
'servletapi-xml',
'concurrency-jc',
'form-jc',
'helloworld-jc',
'hellomvc-jc',
'insecure',