Chapter 6. Authenticating users

 

This chapter covers

  • Implementing user authentication with Spring Security
  • Customizing a login page via Hibernate
  • Using password hashing, salting, and auto-authentication

Many applications need a way to allow users to authenticate—that is, to say who they are and prove it. In this chapter, you’ll learn how to support this common requirement using Spring Security 3. The first three recipes look at approaches to implementing a login form. The five remaining recipes look at sourcing user data from a persistent store.

6.1. Implementing login and logout with remember-me authentication

Prerequisites

None

Key technologies

Spring Security 3 (including tag libraries)

Background

Spring Security 3, although a large framework, makes it easy to get started with basic authentication. This recipe shows what you can do with a fairly minimal configuration.

Problem

Support basic logins and logouts, including remember-me authentication.

Solution

You’ll use Spring Security 3 to add logins and logouts to a simple web app. You’ll do this entirely through configuration; that is, you don’t need to write any Java code to make it work.

The app is a simple university portal with nothing more than a home page and a login page (figure 6.1). To implement it, you’ll need to configure Spring Security, configure web.xml, and add login and logout links to the app.

6.2. Customizing the login page

 

6.3. Implementing an always-resident login form

 

6.4. Sourcing user data from a database

 
 

6.5. Customizing the user database schema

 
 

6.6. Using a custom user service and user principal

 
 
 
 

6.7. Secure user passwords in the database

 
 
 
 

6.8. Auto-authenticating the user after a successful registration

 
 
 
 

6.9. Summary

 
 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage