Geek Answers Handbook

How to transfer username / passwords from spring-security-context.xml?

I am using Spring Security in one of my projects. The web application requires the user to log in. Therefore, I added several usernames and passwords to the spring -security-context.xml file as follows:

<authentication-manager> <authentication-provider> <user-service> <user name="user_1" password="password_1" authorities="ROLE_USER" /> <user name="user_2" password="password_2" authorities="ROLE_USER" /> </user-service> </authentication-provider> </authentication-manager>

My question is: how do I move these username and password pairs to another file (like a properties file) instead of storing them in spring-security-context.xml? And how to read this file properties file?

+7
source share
5 answers

You can save usernames and passwords in a separate .properties file.

 <user-service id="userDetailsService" properties="users.properties"/>

users.properties should be in the following format:

 jimi=jimispassword,ROLE_USER,ROLE_ADMIN,enabled bob=bobspassword,ROLE_USER,enabled

If you want to save it to a database, I would recommend you read this article: http://www.mkyong.com/spring-security/spring-security-form-login-using-database/

Help: Spring in-memory security authentication

+13
source

You can find a way to move them to a database or LDAP. Spring Security certainly supports both.

+1
source

You can use PropertyPlaceholderConfigurer - put them in a properties file and then reference them using EL:

http://static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer

+1
source

I tried the suggested methods, I did the following, it seemed to work beautifully

Added these changes to your web xml

 <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet-mapping> <servlet-name>service</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>

Add these changes to spring-security xml

 <security:authentication-manager alias="authenticationManager"> <security:authentication-provider> <security:user-service> <security:user name="${resource.service.authentication.name}" authorities="${resource.service.authentication.authorities}" password="${resource.service.authentication.password}"/> </security:user-service> </security:authentication-provider> </security:authentication-manager>

Add these changes to your xml application context or if you have an xml property loader file better

 <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="placeholderPrefix" value="${" /> <property name="placeholderSuffix" value="}" /> <property name="locations"> <list> <value>classpath:resourceservice.properties</value> </list> </property> </bean>

Then add these changes to your resourceservice.properties property file

 memberservice.authentication.name=usename memberservice.authentication.authorities=AUTHORISED memberservice.authentication.password=password

Add these changes to your jersey resource

 @PUT @Path("{accountId}") @Consumes("application/xml") @PreAuthorize("hasRole('AUTHORISED')") public Response methodName
+1
source

This works for me for Spring authentication and security authorization using the properties file:

 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd"> <mvc:annotation-driven /> <bean id="webPropertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="ignoreResourceNotFound" value="true" /> <property name="ignoreUnresolvablePlaceholders" value="true" /> <property name="locations"> <list> <value>classpath:abc.properties</value> </list> </property> </bean> <bean class="org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor" /> <security:http auto-config="true" use-expressions="true"> <security:intercept-url pattern="/stat/login" access="permitAll"/> <security:intercept-url pattern="/stat/summary" access="hasRole('ROLE_ADMIN')" /> <security:form-login login-page="/stat/login" default-target-url="/stat/summary" authentication-failure-url="/stat/loginError" /> </security:http> <!-- Username and password used from xml --> <!-- <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="xyz" password="xyz" authorities="ROLE_ADMIN" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> --> <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="${stat.user}" password="${stat.pwd}" authorities="ROLE_ADMIN" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> </beans>

abc.properties file:

 stat.user=xyz stat.pwd=xyz

Web.xml entry for implementing spring-security:

 <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
0
source

More articles:


All Articles