new in spring mvc security

[sprinstud]

hi,
i'm new in spring mvc ,i want to know more about spring security that we we can setup in a mvc application,
the steps we had done is
in web.xml file
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFil terProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoade rListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherSe rvlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessi onEventPublisher
</listener-class>
</listener>
<welcome-file-list>
<welcome-file>redirect.jsp</welcome-file>
</welcome-file-list>
in jsp page
redirect.jsp we will call a login.htm
this will dispaly login.jsp
in the login.jsp
<form action="<c:url value='j_spring_security_check'/>" onsubmit="return validateForm();" method="post">
<input type="text" id="j_username" name="j_username" maxlength="50" tabindex="1" />
<input type="password" id="j_password" name="j_password" maxlength="30" tabindex="2" />
<input type="submit" urtitle="Submit" class="submit" value="<spring:message code="img.login"/>" id="button" name="submit" tabindex="3"/>
and call a class
public class AuthenticationProcessingFilter extends UsernamePasswordAuthenticationFilter
and if the values are correct then username and password is set to session
return super.attemptAuthentication(request, response);
and we had done a customauthentication handler,
<beans:bean class="org.mycompany.filter.AuthenticationProcessi ngFilter" id="authenticationFilter">
<beansroperty name="sessionAuthenticationStrategy" ref="sas"/>
<beansroperty name="authenticationManager" ref="authenticationManager"/>
<beansroperty name="authenticationSuccessHandler" ref="customAuthenticationSuccessHandler"/>
<beansroperty name="authenticationFailureHandler" ref="customAuthenticationFailureHandler"/>
</beans:bean>

and all the roles we are externally mapped at this xml file,by that the role and user are selecting from


and its working but i has lot doubts is this is the correct way to do spring security and what about spring authorisation and authentication,
what about SSO intergration
how can i do it with spring
do any one has any good sample or good tutorial to begin spring security ,please help asap

[rohan123]

1), use [code] tag, so that your code looks readable.
2)You can access roles from any source(XML/DB/Properties/Static). Its depends on your requirements.
3) Spring Supports CAS, You can use it.
4)Samples you can get it from here, follow it.