Writing RESTful web services is not a huge task with Spring framework. There are annotations expose by Spring which can speed up development work. Follow this Spring REST tutorial to write your first REST web service using Spring.In this tutorial, we shall add HTTP basic authentication which will ask for username and password when the REST url’s are accessed using a web browser.

Username: Spring Password:Spring

The security implementation is specific to web browsers and if you need authenticate non-HTTP clients for your RESTful web service then you go to implement BASIC authentication which I will discuss about in next tutorial. For now let us get started with HTTP based spring security.

I am not going to teach how to create REST web service using Spring as there is a tutorial already present with working code and demo. I shall list the steps to enhance it and then will provide a link to download the zip archive of application.

1) Add spring-security.xml:

Add the following xml to WEB-INF folder. This xml is used to define security related parameters. The URL’s to secure, security mechanism to be used, username and password are being configure in this xml file. This file has to be present in the classpath. We shall also need to add a reference to it in our web.xml.

<?xml version="1.0" encoding="UTF-8"?>
<beans  xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:security="http://www.springframework.org/schema/security"
        xsi:schemaLocation="http://www.springframework.org/schema/beans

http://www.springframework.org/schema/beans/spring-beans-3.1.xsd


http://www.springframework.org/schema/security


http://www.springframework.org/schema/security/spring-security-3.1.xsd">

	<security:http auto-config="true" authentication-manager-ref="authManager">
			<security:intercept-url pattern="/**" access="ROLE_USER"/>
			<security:form-login />
			 <security:logout />
	</security:http>

	<security:authentication-manager id="authManager">
	  <security:authentication-provider>
	    <security:user-service>
		<security:user name="spring" password="spring" authorities="ROLE_USER" />
	    </security:user-service>
	  </security:authentication-provider>
	</security:authentication-manager>

</beans>

2) Modify web.xml:

Now add the Spring security filter which intercepts HTTP requests we are interested in and throws a login form to the user. If you have worked with filters in Java EE application, configuring the spring security filter would be very easy for you. The complete web.xml is reproduced here:

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
	xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

	<servlet>
		<servlet-name>spring</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>

	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>

	<servlet-mapping>
		<servlet-name>spring</servlet-name>
		<url-pattern>/*</url-pattern>
	</servlet-mapping>

	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>

	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/spring-security.xml
			/WEB-INF/applicationContext.xml
		</param-value>
	</context-param>

	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

</web-app>

That’s it, those are the only two changes required to add basic HTTP authentication to your REST web services using Spring. I repeat again this configuration will add security only for web based clients.

Test the web service

A working demo is available on following link:

To test other REST operations, you need a REST client and access the following URL:

Add Employee : http://springrswebsecurity.extremejava.cloudbees.net/addEmp
HTTP header : Content-Type: application/xml
HTTP Authentication : user: spring, password:spring
Body:

<?xml version="1.0" encoding="UTF-8"?>
<Employee>
    <empId>10</empId>
    <deptName>abc</deptName>
</Employee>

Remove Employee : http://springrswebsecurity.extremejava.cloudbees.net/removeEmp/10

Update Employee : http://springrswebsecurity.extremejava.cloudbees.net/updateEmp
HTTP header : Content-Type: application/xml
HTTP Authentication : user: spring, password:spring
Body:

<?xml version="1.0" encoding="UTF-8"?>
<Employee>
    <empId>100</empId>
    <deptName>abcde</deptName>
</Employee>

Download application WAR

The complete war archive of the Employee RS web service can be downloaded from the following link. This war file is tested for Tomcat7.0, JDK 1.6 and Spring 3.1.0. This contains a valid pom.xml as well as Spring 3.1.0 dependencies:

Related Posts

HTTP Basic authentication in Spring REST web services admin Spring
Writing RESTful web services is not a huge task with Spring framework. There are annotations expose by Spring which can speed up development work. Follow this Spring REST tutorial to write your first REST web service using Spring.In this tutorial, we shall add HTTP basic authentication which will ask...
Writing RESTful web services is not a huge task with Spring framework. There are annotations expose by Spring which can speed up development work. Follow this <a href="http://www.javaexperience.com/spring-restful-web-service-tutorial/">Spring REST tutorial</a> to write your first REST web service using Spring.In this tutorial, we shall add HTTP basic authentication which will ask for username and password when the REST url's are accessed using a web browser. <a href="http://springrswebsecurity.extremejava.cloudbees.net/getEmp/10" target="_blank" rel="nofollow"><img alt="" src="http://www.javaexperience.com/wp-content/uploads/2012/12/demo.jpg" /></a> <strong>Username:</strong> Spring <strong>Password:</strong>Spring The security implementation is specific to web browsers and if you need authenticate non-HTTP clients for your RESTful web service then you go to implement BASIC authentication which I will discuss about in next tutorial. For now let us get started with HTTP based spring security. I am not going to teach how to create REST web service using Spring as there is a tutorial already present with working code and demo. I shall list the steps to enhance it and then will provide a link to download the zip archive of application. <h2>1) Add spring-security.xml:</h2> Add the following xml to WEB-INF folder. This xml is used to define security related parameters. The URL's to secure, security mechanism to be used, username and password are being configure in this xml file. This file has to be present in the classpath. We shall also need to add a reference to it in our web.xml. 1 <h2>2) Modify web.xml:</h2> Now add the Spring security filter which intercepts HTTP requests we are interested in and throws a login form to the user. If you have worked with filters in Java EE application, configuring the spring security filter would be very easy for you. The complete web.xml is reproduced here: 1 That's it, those are the only two changes required to add basic HTTP authentication to your REST web services using Spring. I repeat again this configuration will add security only for web based clients. <h2>Test the web service</h2> A working demo is available on following link: <a href="http://springrswebsecurity.extremejava.cloudbees.net/getEmp/10" target="_blank" rel="nofollow"><img alt="" src="http://www.javaexperience.com/wp-content/uploads/2012/12/demo.jpg" /></a> To test other REST operations, you need a REST client and access the following URL: <strong>Add Employee :</strong> <a href="http://springrswebsecurity.extremejava.cloudbees.net/addEmp" rel="nofollow">http://springrswebsecurity.extremejava.cloudbees.net/addEmp</a> HTTP header : Content-Type: application/xml HTTP Authentication : user: spring, password:spring Body: 1 <strong>Remove Employee : </strong> <a href="http://springrswebsecurity.extremejava.cloudbees.net/removeEmp/10" rel="nofollow">http://springrswebsecurity.extremejava.cloudbees.net/removeEmp/10</a> <strong>Update Employee : </strong> <a href="http://springrswebsecurity.extremejava.cloudbees.net/updateEmp" rel="nofollow">http://springrswebsecurity.extremejava.cloudbees.net/updateEmp</a> HTTP header : Content-Type: application/xml HTTP Authentication : user: spring, password:spring Body: 1 <h2>Download application WAR</h2> The complete war archive of the Employee RS web service can be downloaded from the following link. This war file is tested for Tomcat7.0, JDK 1.6 and Spring 3.1.0. This contains a valid pom.xml as well as Spring 3.1.0 dependencies: <div class="download-code"><img alt="" src="http://www.javaexperience.com/wp-content/uploads/2012/12/downloadcode-e1349278942164.jpg" /><a href="http://javaexperience.com/wp-content/uploads/2012/12/SpringRSWebSecurity.war"><br/><br/><strong>Basic HTTP Spring REST Security</strong></a></div>
Enable logging for specific Spring modules
Alternatives to ApplicationContext.getBean
The following two tabs change content below.
I run this blog with lots of passion. In this website, you will find tutorials on Core Java, Spring, Struts, Web Applications, Portals and Database. Please support me and the website by sharing the posts on your facebook / twitter. You can tap the share button at the top of each post. Thanks for the support.

Latest posts by admin (see all)

Comments

comments