Username and Password

[tango]

hello to all.
im new to spring security.
i want to create a simple project that only have 2 pages:
login.jsp

Code:

<%@ page import="org.springframework.security.web.authentication.AuthenticationProcessingFilter" %>
<%@ page import="org.springframework.security.web.authentication.AbstractProcessingFilter" %>
<%@ page import="org.springframework.security.core.AuthenticationException" %>

<html>
<head>
    <title>Spring Security Test</title>
</head>
<body>
<form action="/j_spring_security_check" method="post">
    <label for="j_username">Username</label>
    <input type="text" name="j_username" id="j_username">
    <br/>
    <label for="j_password">Password</label>
    <input type="password" name="j_password" id="j_password"/>
    <br/>
    <input type="submit" value="Login"/>
</form>
</body>
</html>

home.jsp

Code:

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
  <head><title>Simple jsp page</title></head>
  <body>Place your content here</body>
</html>

in login page user must fill username and password field;
after user submitting login page if username was reverse of password, (for example username="abc123" password="321cba")
go to the home page, otherwise show login page.
i know that how to get username with an implimentation of UserDetailsService interface

Code:

package controller;

import org.springframework.dao.DataAccessException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

public class UserController implements UserDetailsService {

    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException, DataAccessException {
        // my code to here
        return null;
    }
}

and how to config my applicationContext-security.xml for use than my UserController class

Code:

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:context="http://www.springframework.org/schema/context"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

    <global-method-security secured-annotations="enabled">
    </global-method-security>

    <http auto-config="true">
        <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/**" access="ROLE_USER"/>
        <form-login login-page="/login.jsp" default-target-url="/index.jsp"/>
    </http>
    <authentication-manager>
        <authentication-provider user-service-ref="myController">
        </authentication-provider>
    </authentication-manager>
    <beans:bean id="myController" class="controller.UserController"/>
</beans:beans>

but problem is i dont know how to get password value in what way.(likely be implementing another interface or doing somethigs else)
please somebody help me.

so thanks

[skram]

Why do you need the password value?

It's up to Spring Security to use the password that was entered in the JSP page for comparison purposes.

if username was reverse of password, (for example username="abc123" password="321cba")
go to the home page, otherwise show login page.

Why does it need to be reversed? When the password is wrong, regardless if it's reversed, shouldn't it still go to the login page?

Try checking the tutorial I wrote for Spring Security and MVC at http://krams915.blogspot.com/p/tutorials.html

It might give you some pointers

[tango]

you suppose in an application not need to a valid username and password that existed in a database or LDAP or ...
the only condition is username must be reverse of password.
so how you check this?

[skram]

I did some research about your question.

You will need to declare a custom filter

Code:

<security:custom-filter ref="usernamePasswordAuthenticationFilter" position="FORM_LOGIN_FILTER"/>

And the following beans

Code:

<bean id="customAuthenticationManager" class="org.krams.tutorial.filter.CustomAuthenticationManager" />
 	
 	<bean id="customFailureUrlHandler" class="org.krams.tutorial.handler.CustomFailureUrlHandler">
 		<property name="defaultFailureUrl" value="/krams/auth/login?error=true" />
 	</bean>
 	
 	<bean id="authenticationEntryPoint"  class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
	  <property name="loginFormUrl" value="/krams/auth/login"/>
	</bean>

Give me time and I'm gonna post a tutorial about this either later or tomorrow

[skram]

I got the tutorial done and the sample application. Feel free to visit it at

http://krams915.blogspot.com/2010/12...-using_26.html