Configure Spring security

In order to configure Spring security we are doing the following

1. We are creating an user with authority of ROLE_USER

2. We specify that we shall be intercepting any traffic coming to our application.

3. We also create an authentication-manager and a authentication-provider for creating the user-service for us.

Let’s add the below code in our spring-security.xml.

<b:beans xmlns="http://www.springframework.org/schema/security"
		 xmlns:b="http://www.springframework.org/schema/beans"
		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		 xsi:schemaLocation="http://www.springframework.org/schema/beans 
                 http://www.springframework.org/schema/beans/spring-beans.xsd
		 http://www.springframework.org/schema/security 
                 http://www.springframework.org/schema/security/spring-security.xsd">

	<http auto-config="true">
             <intercept-url pattern ="/**" access="ROLE_USER" />
        </http>

        <authentication-manager>
           <authentication-provider>
               <user-service>
		 <user name="saptarshi" password="password" authorities="ROLE_USER" />
	       </user-service>
           </authentication-provider>
        <authentication-manager>
	

</b:beans>

Now if we try to open any of the pages, we will be greeted with a popup asking for username and password.

Also the approach of saving the username and password in the xml file is also not very extensible. Therefore a better approach would be to store the username and password details in a data-storage.

We will be using mysql for storing the username and password info which is discussed in detail on the next tutorial.