• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Spring Security + Hibernate + Annotation

 
Ranch Hand
Posts: 499
Spring AngularJS Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am trying spring security + hibernate (PostgreSql) in my project, so I thought of trying an example from Mykong website. The sample project works fine but I am not able to understand it's working. To be specific, I am not able to understand the flow from form action. In the example, the value in the form action is given as "/login"



But on successful login, it is redirected to admin.jsp. I am not able to figure out how it is redirected. Can some please explain this to me? I prefer annotations over xml, so it would be helpful if you can explain with annotations.
 
Ranch Hand
Posts: 43
Spring Tomcat Server Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Short answer.

I believe that the url you initially entered is browser matches the pattern "/admin/**", like "/admin/showMeTheMoney".

The SecurityConfig configure() catches that. After your log in, he sees that you are authorized to enter "/admin/showMeTheMoney", so he does forward you to that url.

Below is in more detail.

Here is the flow.

First, lets say that you are not logged in yet.

Then, you request "/admin/showMeTheMoney" in the browser.

In SecurityConfig (a java config style) configure() method, you see that all urls matching "/admin/**" must have the role 'ROLE_ADMIN', otherwise, the login page "/login" is used to ask the user to login if he is not logged in yet. Because you are not logged in yet, you are sent to "/login" to do login.

And now in that page and you did the login.

The control is returned where it left off at SecurityConfig configure() method. He extracts the username and password from the form, performs authentication, sees that you are authorized now, so lets you in into "/admin/showMeTheMoney".

In MainController, you see that adminPage() will pickup all urls of pattern "/admin**", and end up with view name 'admin', which ends up with admin.jsp using the InternalResourceViewResolver you declared in AppConfig.
 
Partheban Udayakumar
Ranch Hand
Posts: 499
Spring AngularJS Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi John,

Thank you very much for such detailed explanation. I didn't get such a clear article on spring security, could you share with me the resource you studied this??
 
John Cruz
Ranch Hand
Posts: 43
Spring Tomcat Server Chrome
 
An elephant? An actual elephant. Into the apartment. How is the floor still here. Hold this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic