We are going to develop a Login and Logout login using Spring security, hibernate, spring web mvc and token authentication features.
We will develop this application with following features:
If our filter finds information that looks like login (and it must be POST), it will pass username/password to AuthenticationService. This is still our part of solution and glues the filter with the rest of Spring Security. It calls Springs AuthenticationManager, which in turns calls our implementation of UserDetailsService, which provides username and password.
For this we have separate component – TokenManager – which creates and stores the token for the user. Currently only one token per user is supported, but you can implement your own approach here. Actually if you re-implement AuthenticationService considerably, there may be nothing to call TokenManager. There’s a lot of freedom here, but I think TokenManager is the place where most of the customization can go into. How to create the tokens? How to store them? How to check them? Or expire them? However you want to answer these questions, TokenManager is your guy. You still may need to adjust authentication service or filter – for instance to add some HTTP related information (IP address?) into token.
We will develop this application with following features:
- Login Page
- Token Authentication
- Home Page
- Logout Features
Four things may be happening in our application. You may be anonymous, you may be authenticated already, you’re logging in, or logging out. My implementation tries not to mix things together much, you should do just one of these things in a single request. Let’s log in to get authenticated. Login request can continue to the REST resource and return data, but I chose otherwise.
If our filter finds information that looks like login (and it must be POST), it will pass username/password to AuthenticationService. This is still our part of solution and glues the filter with the rest of Spring Security. It calls Springs AuthenticationManager, which in turns calls our implementation of UserDetailsService, which provides username and password.
For this we have separate component – TokenManager – which creates and stores the token for the user. Currently only one token per user is supported, but you can implement your own approach here. Actually if you re-implement AuthenticationService considerably, there may be nothing to call TokenManager. There’s a lot of freedom here, but I think TokenManager is the place where most of the customization can go into. How to create the tokens? How to store them? How to check them? Or expire them? However you want to answer these questions, TokenManager is your guy. You still may need to adjust authentication service or filter – for instance to add some HTTP related information (IP address?) into token.
HTTP response returns status 200 and the header X-Auth-Token contains the token next requests should use to prove who you are.
Project Structure
Let us start our discussion with project structure, please go through the pom.xml file to get information regarding dependencies needed in spring-security. setup maven project and import it in eclipse.
Database Setup
As per spring security, we need to create two suggested tables 'role' and 'userlogin' in database with exact datatype and columns.
Project Structure
Let us start our discussion with project structure, please go through the pom.xml file to get information regarding dependencies needed in spring-security. setup maven project and import it in eclipse.
Database Setup
As per spring security, we need to create two suggested tables 'role' and 'userlogin' in database with exact datatype and columns.
CREATE DATABASE IF NOT EXISTS `loginapp`
USE `loginapp`
CREATE TABLE `role` (
`roleId` int(11) NOT NULL,
`roleName` varchar(20) NOT NULL,
`roleStatus` varchar(20) NOT NULL,
PRIMARY KEY (`roleId`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE `userlogin` (
`loginId` int(11) NOT NULL,
`loginUsername` varchar(20) NOT NULL,
`loginPassword` longtext NOT NULL,
`loginStatus` varchar(15) NOT NULL,
`Role_Id_Fk` int(11) NOT NULL,
PRIMARY KEY (`loginId`),
KEY `FK_lr4v3awna8f9mtf27s2vi67n0` (`Role_Id_Fk`),
CONSTRAINT `FK_lr4v3awna8f9mtf27s2vi67n0` FOREIGN KEY (`Role_Id_Fk`) REFERENCES mpledreams.`role` (`roleId`)
); ENGINE=InnoDB DEFAULT CHARSET=latin1;
No comments:
Post a Comment
Thanks to comment our blog. i will contact you as soon as possible