diff --git a/spring-mvc-forms/pom.xml b/spring-mvc-forms/pom.xml
index 31a0c38791..f17d695c35 100644
--- a/spring-mvc-forms/pom.xml
+++ b/spring-mvc-forms/pom.xml
@@ -46,6 +46,23 @@
commons-fileupload
${fileupload.version}
+
+
+ org.springframework.security
+ spring-security-web
+ ${org.springframework.security.version}
+
+
+ org.springframework.security
+ spring-security-config
+ ${org.springframework.security.version}
+
+
+ org.springframework.security
+ spring-security-taglibs
+ ${org.springframework.security.version}
+
+
@@ -98,6 +115,7 @@
5.3.3.Final
enter-location-of-server
1.3.2
+ 4.2.1.RELEASE
diff --git a/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/configuration/SecurityConfig.java b/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/configuration/SecurityConfig.java
new file mode 100644
index 0000000000..e35844138d
--- /dev/null
+++ b/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/configuration/SecurityConfig.java
@@ -0,0 +1,122 @@
+package com.baeldung.springmvcforms.configuration;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.TestingAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+ @Bean
+ public UserDetailsService userDetailsService() throws Exception {
+ InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
+ manager.createUser(User.withUsername("user")
+ .password("userPass")
+ .roles("USER")
+ .build());
+ manager.createUser(User.withUsername("admin")
+ .password("adminPass")
+ .roles("ADMIN")
+ .build());
+ return manager;
+ }
+
+ @Configuration
+ @Order(1)
+ public static class App1ConfigurationAdapter extends WebSecurityConfigurerAdapter {
+
+ public App1ConfigurationAdapter() {
+ super();
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.inMemoryAuthentication()
+ .withUser("admin")
+ .password("admin")
+ .roles("ADMIN");
+ }
+
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.antMatcher("/admin*")
+ .authorizeRequests()
+ .anyRequest()
+ .hasRole("ADMIN")
+ // log in
+ .and()
+ .formLogin()
+ .loginPage("/loginAdmin")
+ .loginProcessingUrl("/admin_login")
+ .failureUrl("/loginAdmin?error=loginError")
+ .defaultSuccessUrl("/adminPage")
+ // logout
+ .and()
+ .logout()
+ .logoutUrl("/admin_logout")
+ .logoutSuccessUrl("/protectedLinks")
+ .deleteCookies("JSESSIONID")
+ .and()
+ .exceptionHandling()
+ .accessDeniedPage("/403")
+ .and()
+ .csrf()
+ .disable();
+ }
+ }
+
+ @Configuration
+ @Order(2)
+ public static class App2ConfigurationAdapter extends WebSecurityConfigurerAdapter {
+
+ public App2ConfigurationAdapter() {
+ super();
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.inMemoryAuthentication()
+ .withUser("user")
+ .password("user")
+ .roles("USER");
+ }
+
+ protected void configure(HttpSecurity http) throws Exception {
+ http.antMatcher("/user*")
+ .authorizeRequests()
+ .anyRequest()
+ .hasRole("USER")
+ // log in
+ .and()
+ .formLogin()
+ .loginPage("/loginUser")
+ .loginProcessingUrl("/user_login")
+ .failureUrl("/loginUser?error=loginError")
+ .defaultSuccessUrl("/userPage")
+ // logout
+ .and()
+ .logout()
+ .logoutUrl("/user_logout")
+ .logoutSuccessUrl("/protectedLinks")
+ .deleteCookies("JSESSIONID")
+ .and()
+ .exceptionHandling()
+ .accessDeniedPage("/403")
+ .and()
+ .csrf()
+ .disable();
+ }
+ }
+
+}
diff --git a/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/configuration/WebInitializer.java b/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/configuration/WebInitializer.java
index c602ea6454..fdc155e101 100644
--- a/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/configuration/WebInitializer.java
+++ b/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/configuration/WebInitializer.java
@@ -3,6 +3,7 @@ package com.baeldung.springmvcforms.configuration;
import org.springframework.web.WebApplicationInitializer;
import org.springframework.web.context.ContextLoaderListener;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
+import org.springframework.web.filter.DelegatingFilterProxy;
import org.springframework.web.servlet.DispatcherServlet;
import javax.servlet.ServletContext;
@@ -24,6 +25,9 @@ public class WebInitializer implements WebApplicationInitializer {
servlet.setLoadOnStartup(1);
servlet.addMapping("/");
+
+ container.addFilter("springSecurityFilterChain", new DelegatingFilterProxy("springSecurityFilterChain"))
+ .addMappingForUrlPatterns(null, false, "/*");
}
// @Override
// public void onStartup(ServletContext container) {
diff --git a/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/controller/UsersController.java b/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/controller/UsersController.java
new file mode 100644
index 0000000000..c0858d427f
--- /dev/null
+++ b/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/controller/UsersController.java
@@ -0,0 +1,38 @@
+package com.baeldung.springmvcforms.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+public class UsersController {
+
+ @RequestMapping("/protectedLinks")
+ public String getAnonymousPage() {
+ return "protectedLinks";
+ }
+
+ @RequestMapping("/userPage")
+ public String getUserPage() {
+ return "userPage";
+ }
+
+ @RequestMapping("/adminPage")
+ public String getAdminPage() {
+ return "adminPage";
+ }
+
+ @RequestMapping("/loginAdmin")
+ public String getAdminLoginPage() {
+ return "loginAdmin";
+ }
+
+ @RequestMapping("/loginUser")
+ public String getUserLoginPage() {
+ return "loginUser";
+ }
+
+ @RequestMapping("/403")
+ public String getAccessDeniedPage() {
+ return "403";
+ }
+}
diff --git a/spring-mvc-forms/src/main/webapp/WEB-INF/views/403.jsp b/spring-mvc-forms/src/main/webapp/WEB-INF/views/403.jsp
new file mode 100644
index 0000000000..e665793e10
--- /dev/null
+++ b/spring-mvc-forms/src/main/webapp/WEB-INF/views/403.jsp
@@ -0,0 +1,12 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+
+
+
+
+
+
+
+Your do not have permission to view this page.
+
+
\ No newline at end of file
diff --git a/spring-mvc-forms/src/main/webapp/WEB-INF/views/adminPage.jsp b/spring-mvc-forms/src/main/webapp/WEB-INF/views/adminPage.jsp
new file mode 100644
index 0000000000..a210b690b0
--- /dev/null
+++ b/spring-mvc-forms/src/main/webapp/WEB-INF/views/adminPage.jsp
@@ -0,0 +1,16 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+
+
+
+
+Insert title here
+
+
+Welcome admin! Logout
+
+
+Back to links
+
+
\ No newline at end of file
diff --git a/spring-mvc-forms/src/main/webapp/WEB-INF/views/loginAdmin.jsp b/spring-mvc-forms/src/main/webapp/WEB-INF/views/loginAdmin.jsp
new file mode 100644
index 0000000000..a6b2ee7914
--- /dev/null
+++ b/spring-mvc-forms/src/main/webapp/WEB-INF/views/loginAdmin.jsp
@@ -0,0 +1,38 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+
+
+
+
+Insert title here
+
+
+
+ Admin login page
+
+
+ <%
+ if (request.getParameter("error") != null) {
+ out.println("Login failed!");
+ }
+ %>
+
+
+
\ No newline at end of file
diff --git a/spring-mvc-forms/src/main/webapp/WEB-INF/views/loginUser.jsp b/spring-mvc-forms/src/main/webapp/WEB-INF/views/loginUser.jsp
new file mode 100644
index 0000000000..e65c11edaf
--- /dev/null
+++ b/spring-mvc-forms/src/main/webapp/WEB-INF/views/loginUser.jsp
@@ -0,0 +1,37 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+
+
+
+
+Login
+
+
+
+ User login page
+
+
+ <%
+ if (request.getParameter("error") != null) {
+ out.println("Login failed!");
+ }
+ %>
+
+
+
\ No newline at end of file
diff --git a/spring-mvc-forms/src/main/webapp/WEB-INF/views/protectedLinks.jsp b/spring-mvc-forms/src/main/webapp/WEB-INF/views/protectedLinks.jsp
new file mode 100644
index 0000000000..b8453903ba
--- /dev/null
+++ b/spring-mvc-forms/src/main/webapp/WEB-INF/views/protectedLinks.jsp
@@ -0,0 +1,16 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+
+
+
+
+Insert title here
+
+
+
+">User page
+
+">Admin page
+
+
\ No newline at end of file
diff --git a/spring-mvc-forms/src/main/webapp/WEB-INF/views/userPage.jsp b/spring-mvc-forms/src/main/webapp/WEB-INF/views/userPage.jsp
new file mode 100644
index 0000000000..4c1bd47502
--- /dev/null
+++ b/spring-mvc-forms/src/main/webapp/WEB-INF/views/userPage.jsp
@@ -0,0 +1,15 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+
+
+
+
+Insert title here
+
+
+Welcome user! Logout
+
+Back to links
+
+
\ No newline at end of file