Welcome to Spring Security Example using UserDetailsService. In the last post we learned how to use Spring Security in Web Application. Today we will look into how we can integrate Spring Security in Spring MVC Projects for authentication purposes.

欢迎来到使用UserDetailsS​​ervice的Spring Security示例。 在上一篇文章中，我们学习了如何在Web应用程序中使用Spring Security 。 今天，我们将研究如何将Spring Security集成到Spring MVC项目中以进行身份​​验证。

Spring安全示例 (Spring Security Example)

Integrating Spring Security with Spring MVC Framework is very easy, because we already have Spring Beans configuration file. All we need is to create spring security authentication related changes to get it working. Today we will look into how we can implement authentication in Spring MVC application using in-memory, UserDetailsService DAO implementation and JDBC based authentication.

将Spring Security与Spring MVC Framework集成非常容易，因为我们已经有了Spring Beans配置文件。 我们需要做的是创建与Spring Security身份验证相关的更改以使其正常运行。 今天，我们将研究如何使用内存， UserDetailsService DAO实现和基于JDBC的身份验证在Spring MVC应用程序中实现身份验证。

First create a simple Spring MVC project in the Spring Tool Suite, that will give us the base spring MVC application to build our Spring security example application. Once we will be done with all the changes, our application will look like below image.

首先在Spring Tool Suite中创建一个简单的Spring MVC项目，这将为我们提供基础Spring MVC应用程序，以构建我们的Spring安全示例应用程序。 完成所有更改后，我们的应用程序将如下图所示。

Let’s look into each of the components of our Spring security example project.

让我们研究一下Spring安全示例项目的每个组件。

Spring Security Maven依赖关系 (Spring Security Maven Dependencies)

Our final pom.xml file looks like below.

我们最终的pom.xml文件如下所示。

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="https://maven.apache.org/POM/4.0.0" xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="https://maven.apache.org/POM/4.0.0 https://maven.apache.org/maven-v4_0_0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.journaldev.spring</groupId><artifactId>SpringMVCSecurity</artifactId><name>SpringMVCSecurity</name><packaging>war</packaging><version>1.0.0-BUILD-SNAPSHOT</version><properties><java-version>1.6</java-version><org.springframework-version>4.0.2.RELEASE</org.springframework-version><org.aspectj-version>1.7.4</org.aspectj-version><org.slf4j-version>1.7.5</org.slf4j-version></properties><dependencies><!-- Spring --><dependency><groupId>org.springframework</groupId><artifactId>spring-context</artifactId><version>${org.springframework-version}</version><exclusions><!-- Exclude Commons Logging in favor of SLF4j --><exclusion><groupId>commons-logging</groupId><artifactId>commons-logging</artifactId></exclusion></exclusions></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-webmvc</artifactId><version>${org.springframework-version}</version></dependency><!-- Spring Security --><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-config</artifactId><version>3.2.3.RELEASE</version></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-web</artifactId><version>3.2.3.RELEASE</version></dependency><!-- AspectJ --><dependency><groupId>org.aspectj</groupId><artifactId>aspectjrt</artifactId><version>${org.aspectj-version}</version></dependency>    <!-- Logging --><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-api</artifactId><version>${org.slf4j-version}</version></dependency><dependency><groupId>org.slf4j</groupId><artifactId>jcl-over-slf4j</artifactId><version>${org.slf4j-version}</version><scope>runtime</scope></dependency><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-log4j12</artifactId><version>${org.slf4j-version}</version><scope>runtime</scope></dependency><dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.15</version><exclusions><exclusion><groupId>javax.mail</groupId><artifactId>mail</artifactId></exclusion><exclusion><groupId>javax.jms</groupId><artifactId>jms</artifactId></exclusion><exclusion><groupId>com.sun.jdmk</groupId><artifactId>jmxtools</artifactId></exclusion><exclusion><groupId>com.sun.jmx</groupId><artifactId>jmxri</artifactId></exclusion></exclusions><scope>runtime</scope></dependency><!-- @Inject --><dependency><groupId>javax.inject</groupId><artifactId>javax.inject</artifactId><version>1</version></dependency><!-- Servlet --><dependency><groupId>javax.servlet</groupId><artifactId>servlet-api</artifactId><version>2.5</version><scope>provided</scope></dependency><dependency><groupId>javax.servlet.jsp</groupId><artifactId>jsp-api</artifactId><version>2.1</version><scope>provided</scope></dependency><dependency><groupId>javax.servlet</groupId><artifactId>jstl</artifactId><version>1.2</version></dependency><!-- Test --><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>4.7</version><scope>test</scope></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-jdbc</artifactId><version>4.0.2.RELEASE</version></dependency></dependencies><build><plugins><plugin><artifactId>maven-eclipse-plugin</artifactId><version>2.9</version><configuration><additionalProjectnatures><projectnature>org.springframework.ide.eclipse.core.springnature</projectnature></additionalProjectnatures><additionalBuildcommands><buildcommand>org.springframework.ide.eclipse.core.springbuilder</buildcommand></additionalBuildcommands><downloadSources>true</downloadSources><downloadJavadocs>true</downloadJavadocs></configuration></plugin><plugin><groupId>org.apache.maven.plugins</groupId><artifactId>maven-compiler-plugin</artifactId><version>2.5.1</version><configuration><source>1.6</source><target>1.6</target><compilerArgument>-Xlint:all</compilerArgument><showWarnings>true</showWarnings><showDeprecation>true</showDeprecation></configuration></plugin><plugin><groupId>org.codehaus.mojo</groupId><artifactId>exec-maven-plugin</artifactId><version>1.2.1</version><configuration><mainClass>org.test.int1.Main</mainClass></configuration></plugin></plugins></build>
</project>

We have included spring-security-config and spring-security-web dependencies for Spring Security. Apart from that we have spring-jdbc dependency because we will be using Spring JDBC authentication too.

我们为Spring Security提供了spring-security-config和spring-security-web依赖项。 除此之外，我们还具有spring-jdbc依赖关系，因为我们还将使用Spring JDBC身份验证。

Rest of the dependencies are related to Spring MVC, logging, AOP etc.

其余的依赖关系与Spring MVC，日志记录，AOP等有关。

Spring Security示例部署描述符 (Spring Security Example Deployment Descriptor)

Our web.xml file looks like below.

我们的web.xml文件如下所示。

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="https://java.sun.com/xml/ns/javaee"xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="https://java.sun.com/xml/ns/javaee https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"><!-- Spring Security Configuration File --><context-param><param-name>contextConfigLocation</param-name><param-value>/WEB-INF/spring/appServlet/spring-security.xml</param-value></context-param><!-- Creates the Spring Container shared by all Servlet and Filters --><listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener><listener><listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class></listener><session-config><session-timeout>15</session-timeout></session-config><!-- Spring Security Filter --><filter><filter-name>springSecurityFilterChain</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/*</url-pattern></filter-mapping><!-- Spring MVC - START --><servlet><servlet-name>appServlet</servlet-name><servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class><init-param><param-name>contextConfigLocation</param-name><param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value></init-param><load-on-startup>1</load-on-startup></servlet><servlet-mapping><servlet-name>appServlet</servlet-name><url-pattern>/</url-pattern></servlet-mapping><!-- Spring MVC - END --></web-app>

contextConfigLocation is the context parameter where we provide the spring security beans configuration file name. It is used by ContextLoaderListener to configure authentication in our application.

contextConfigLocation是上下文参数，我们在其中提供Spring Security Bean配置文件的名称。 ContextLoaderListener使用它在我们的应用程序中配置身份验证。

We have also added HttpSessionEventPublisher listener to publish session created/destroyed events to the Spring Root WebApplicationContext.

我们还添加了HttpSessionEventPublisher侦听器，以将会话创建/销毁的事件发布到Spring Root WebApplicationContext。

I am also setting session-timeout to 15 minutes, this is used for auto timeout when user is inactive for 15 minutes.

我还将session-timeout设置为15分钟，这用于当用户不活动15分钟时自动超时。

DelegatingFilterProxy is the application filter defined, it is used for intercepting the HTTP requests and performing authentication related tasks.

DelegatingFilterProxy是定义的应用程序筛选器，用于拦截HTTP请求并执行与身份验证相关的任务。

DispatcherServlet servlet is the front controller for the Spring MVC application.

DispatcherServlet servlet是Spring MVC应用程序的前端控制器。

UserDetailsS​​ervice (UserDetailsService)

If we want to use any DAO class for authentication, we need to implement UserDetailsService interface. Once the DAO is configured, it’s loadUserByUsername() is used to validate the user.

如果要使用任何DAO类进行身份验证，则需要实现UserDetailsService接口。 配置DAO后，将使用loadUserByUsername()来验证用户。

package com.journaldev.spring.security.dao;import java.util.Collection;
import java.util.List;import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;public class AppUserDetailsServiceDAO implements UserDetailsService {protected final Log logger = LogFactory.getLog(getClass());@Overridepublic UserDetails loadUserByUsername(final String username)throws UsernameNotFoundException {logger.info("loadUserByUsername username="+username);if(!username.equals("pankaj")){throw new UsernameNotFoundException(username + " not found");}//creating dummy user details, should do JDBC operationsreturn new UserDetails() {private static final long serialVersionUID = 2059202961588104658L;@Overridepublic boolean isEnabled() {return true;}@Overridepublic boolean isCredentialsNonExpired() {return true;}@Overridepublic boolean isAccountNonLocked() {return true;}@Overridepublic boolean isAccountNonExpired() {return true;}@Overridepublic String getUsername() {return username;}@Overridepublic String getPassword() {return "pankaj123";}@Overridepublic Collection<? extends GrantedAuthority> getAuthorities() {List<SimpleGrantedAuthority> auths = new java.util.ArrayList<SimpleGrantedAuthority>();auths.add(new SimpleGrantedAuthority("Admin"));return auths;}};}}

Note that I am returning UserDetails instance by using anonymous inner class implementation. Ideally, we should have an implementation class for UserDetails that can have other user data also, such as emailID, user name, address etc.

请注意，我通过使用匿名内部类实现返回UserDetails实例。 理想情况下，我们应该为UserDetails提供一个实现类，该实现类还可以具有其他用户数据，例如emailID，用户名，地址等。

Notice that the only combination that will work is when user name is “pankaj” and password is “pankaj123”.

请注意，唯一有效的组合是用户名是“ pankaj”，密码是“ pankaj123”。

Spring Security示例控制器类 (Spring Security Example Controller Class)

Here is our controller class that defines two URIs that we can access.

这是我们的控制器类，它定义了我们可以访问的两个URI。

package com.journaldev.spring.controller;import java.text.DateFormat;
import java.util.Date;
import java.util.Locale;import javax.servlet.http.HttpServletRequest;import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;@Controller
public class HomeController {private static final Logger logger = LoggerFactory.getLogger(HomeController.class);@RequestMapping(value = "/home", method = RequestMethod.GET)public String home(Locale locale, Model model) {logger.info("Welcome home! The client locale is {}.", locale);Date date = new Date();DateFormat dateFormat = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.LONG, locale);String formattedDate = dateFormat.format(date);model.addAttribute("serverTime", formattedDate );return "home";}@RequestMapping(value = "/emp/get/{id}", method = RequestMethod.GET)public String getEmployee(Locale locale, Model model,@PathVariable("id") int id) {logger.info("Welcome user! Requested Emp ID is: "+id);Date date = new Date();DateFormat dateFormat = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.LONG, locale);String formattedDate = dateFormat.format(date);model.addAttribute("serverTime", formattedDate );model.addAttribute("id", id);model.addAttribute("name", "Pankaj");return "employee";}@RequestMapping(value="/login")public String login(HttpServletRequest request, Model model){return "login";}@RequestMapping(value="/logout")public String logout(){return "logout";}@RequestMapping(value="/denied")public String denied(){return "denied";}
}

In our example, we will apply authentication to URI “/emp/get/{id}” only. All other URIs will be accessible without any authentication. login, logout and denied URIs are used to send corresponding response pages when secured URL is requested.

在我们的示例中，我们将仅对URI“ / emp / get / {id}”应用身份验证。 所有其他URI无需任何身份验证即可访问。 登录，注销和拒绝的URI用于在请求安全的URL时发送相应的响应页面。

Spring Security示例Bean配置文件 (Spring Security Example Bean Configuration File)

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="https://www.springframework.org/schema/mvc"xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"xmlns:beans="https://www.springframework.org/schema/beans"xmlns:context="https://www.springframework.org/schema/context"xsi:schemaLocation="https://www.springframework.org/schema/mvc https://www.springframework.org/schema/mvc/spring-mvc.xsdhttps://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsdhttps://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd"><!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure --><!-- Enables the Spring MVC @Controller programming model --><annotation-driven /><!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory --><resources mapping="/resources/**" location="/resources/" /><!-- Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory --><beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"><beans:property name="prefix" value="/WEB-INF/views/" /><beans:property name="suffix" value=".jsp" /></beans:bean><context:component-scan base-package="com.journaldev.spring.controller" /></beans:beans>

Our spring bean configuration file is simple, it has configurations related to Spring MVC application only.

我们的spring bean配置文件很简单，它的配置仅与Spring MVC应用程序有关。

Spring MVC安全配置 (Spring MVC Security Configuration)

This is the most important part of our tutorial, let’s have a look at our file. We will understand each of the parts one by one.

这是本教程最重要的部分，让我们看一下我们的文件。 我们将一一理解每个部分。

spring-security.xml

spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="https://www.springframework.org/schema/security"xmlns:beans="https://www.springframework.org/schema/beans" xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="https://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsdhttps://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd"><!-- Configuring RoleVoter bean to use custom access roles, by default roles should be in the form ROLE_{XXX} --><beans:bean id="roleVoter"class="org.springframework.security.access.vote.RoleVoter"><beans:property name="rolePrefix" value=""></beans:property></beans:bean><beans:bean id="accessDecisionManager"class="org.springframework.security.access.vote.AffirmativeBased"><beans:constructor-arg name="decisionVoters"ref="roleVoter" /></beans:bean><http authentication-manager-ref="jdbc-auth"access-decision-manager-ref="accessDecisionManager">    <intercept-url pattern="/emp/**" access="Admin" /><form-login login-page="/login" authentication-failure-url="/denied"username-parameter="username" password-parameter="password"default-target-url="/home" /><logout invalidate-session="true" logout-success-url="/login"logout-url="/j_spring_security_logout" /><access-denied-handler error-page="/denied"/><session-management invalid-session-url="/login"><concurrency-control max-sessions="1"expired-url="/login" /></session-management></http><authentication-manager id="in-memory-auth"><authentication-provider><user-service><user name="pankaj" password="pankaj123" authorities="Admin" /></user-service></authentication-provider></authentication-manager><authentication-manager id="dao-auth"><authentication-provider user-service-ref="userDetailsService"></authentication-provider></authentication-manager><beans:bean id="userDetailsService"class="com.journaldev.spring.security.dao.AppUserDetailsServiceDAO" /><authentication-manager id="jdbc-auth"><authentication-provider><jdbc-user-service data-source-ref="dataSource"users-by-username-query="select username,password,enabled from Employees where username = ?"authorities-by-username-query="select username,role from Roles where username = ?" /></authentication-provider></authentication-manager><!-- MySQL DB DataSource --><beans:bean id="dataSource"class="org.springframework.jdbc.datasource.DriverManagerDataSource"><beans:property name="driverClassName" value="com.mysql.jdbc.Driver" /><beans:property name="url"value="jdbc:mysql://localhost:3306/TestDB" /><beans:property name="username" value="pankaj" /><beans:property name="password" value="pankaj123" /></beans:bean><!-- If DataSource is configured in Tomcat Servlet Container --><beans:bean id="dbDataSource"class="org.springframework.jndi.JndiObjectFactoryBean"><beans:property name="jndiName" value="java:comp/env/jdbc/MyLocalDB" /></beans:bean>
</beans:beans>

accessDecisionManager bean is defined so that we can have our custom roles, by default all the roles should start with ROLE_ and we are overriding this setting in the roleVoter bean property rolePrefix.

定义了accessDecisionManager bean，以便我们可以拥有自定义角色，默认情况下，所有角色都应以ROLE_开头，并且我们将在roleVoter bean属性rolePrefix中覆盖此设置。

We can have multiple authentication managers defined in the spring security configuration. I have defined in-memory-auth for in-memory authentication, dao-auth for UserDetailsService DAO implementation and jdbc-auth for JDBC authentication. For JDBC authentication, I have provided configuration for DataSource defined in the application as well as if we want to use JNDI resource defined in the servlet container.

我们可以在spring安全配置中定义多个身份验证管理器。 我为内存身份验证定义in-memory-auth内存中身份验证，为UserDetailsS​​ervice DAO实现定义in-memory-auth dao-auth ，为JDBC身份验证定义了jdbc-auth 。 对于JDBC身份验证，我为应用程序中定义的DataSource提供了配置，以及是否要使用在servlet容器中定义的JNDI资源。

http authentication-manager-ref is used to define the authentication manager that will be used for authenticating the user. Currently it’s configured to use the JDBC based authentication.

http authentication-manager-ref用于定义将用于对用户进行身份验证的身份验证管理器。 当前，它已配置为使用基于JDBC的身份验证。

http access-decision-manager-ref is used to specifying the ID of the AccessDecisionManager implementation which should be used for authorizing HTTP requests.

http access-decision-manager-ref用于指定应用于授权HTTP请求的AccessDecisionManager实现的ID。

intercept-url is used to define the URL pattern and authorities of the user who can access this page. For example, we have defined that URI “/emp/**” can be accessible only by users having “Admin” access.

intercept-url用于定义URL模式和可以访问此页面的用户的权限。 例如，我们定义了URI“ / emp / **”只能由具有“管理员”访问权限的用户访问。

form-login defines the login form configuration and we can provide the username and password parameter names. authentication-failure-url is used to define the URL for the authentication failure page. If no login failure URL is specified, Spring Security will automatically create a failure login URL at /spring_security_login?login_error and a corresponding filter to render that login failure URL when requested.

form-login定义登录表单配置，我们可以提供用户名和密码参数名称。 authentication-failure-url用于定义身份验证失败页面的URL。 如果未指定登录失败URL，Spring Security将在/ spring_security_login？login_error处自动创建一个失败登录URL，并创建一个相应的过滤器以在请求时呈现该登录失败URL。

default-target-url is used to define the default URL that will be redirected to after successful authentication, if the user’s previous action could not be resumed. This generally happens if the user visits a login page without having first requested a secured operation that triggers authentication. If unspecified, it defaults to the root of the application.

default-target-url用于定义如果无法恢复用户的先前操作，则在成功认证后将重定向到的默认URL。 如果用户在未首先请求触发身份验证的安全操作的情况下访问登录页面，通常会发生这种情况。 如果未指定，则默认为应用程序的根目录。

logout is used to define the logout processing filter. Here we are invalidating the session and sending the user to login page after successful logout. logout-url is used to define the URL to be used for logout action.

logout用于定义注销处理过滤器。 在这里，我们使会话无效，并在成功注销后将用户发送到登录页面。 logout-url用于定义用于注销操作的URL。

access-denied-handler defines the global error page if the user is denied the access, because he is not authorized to perform the specified action.

如果由于用户无权执行指定的操作而被拒绝访问，则access-denied-handler定义全局错误页面。

session-management will add a SessionManagementFilter filter to the filter stack for Session Management.

session-management会将SessionManagementFilter过滤器添加到用于会话管理的过滤器堆栈中。

There are some other configurations also, but I have included most of the important ones that we use.

还有其他一些配置，但是我已经包括了我们使用的大多数重要配置。

Spring Security示例视图页面 (Spring Security Example View Pages)

Let’s have a quick look at our view pages, before we deploy and test our application.

在部署和测试应用程序之前，让我们快速浏览一下查看页面。

home.jsp

home.jsp

<%@ taglib uri="https://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ page session="false"%>
<html>
<head>
<title>Home</title>
</head>
<body><h1>Hello world!</h1><P>The time on the server is ${serverTime}.</P>
</body>
</html>

home.jsp is returned for “/home” URI and it should not require any authentication.

将为“ / home” URI返回home.jsp，并且它不需要任何身份验证。

employee.jsp

employee.jsp

<%@ taglib uri="https://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ page session="false"%>
<html>
<head>
<title>Get Employee Page</title>
</head>
<body><h1>Employee Information</h1><p>Employee ID:${id}<br> Employee Name:${name}<br></p><c:if test="${pageContext.request.userPrincipal.name != null}">Hi ${pageContext.request.userPrincipal.name}<br><c:url var="logoutAction" value="/j_spring_security_logout"></c:url><form action="${logoutAction}" method="post"><input type="submit" value="Logout" /></form></c:if>
</body>
</html>

This page is returned when we are accessing URI that requires authentication. Here I have provided logout option so that user can logout and terminate the session. Once logout is successful, user should be sent back to login page as configured.

当我们访问需要身份验证的URI时，将返回此页面。 在这里，我提供了注销选项，以便用户可以注销并终止会话。 注销成功后，应按照配置将用户发送回登录页面。

login.jsp

login.jsp

<%@ taglib uri="https://java.sun.com/jsp/jstl/core" prefix="c"%><html><head>
<title>Login Page</title>
</head>
<body><h3>Login with Username and Password</h3><c:url var="loginUrl" value="/j_spring_security_check"></c:url><form action="${loginUrl}" method="POST"><table><tr><td>User ID:</td><td><input type='text' name='username' /></td></tr><tr><td>Password:</td><td><input type='password' name='password' /></td></tr><tr><td colspan='2'><input name="submit" type="submit"value="Login" /></td></tr></table></form>
</body>
</html>

There are few important points to note here. The first one is that the login URL is “/j_spring_security_check“. This is the default login processing URL, just like the logout-url.

这里有几点要注意的要点。 第一个是登录URL为“ / j_spring_security_check ”。 这是默认的登录处理URL，就像注销URL一样。

Another important point is the form parameters name for username and password. They should be same as configured in the spring security configurations.

另一个要点是用户名和密码的表单参数名称。 它们应该与spring安全配置中的配置相同。

logout.jsp

logout.jsp

<html>
<head><title>Logout Page</title>
</head>
<body>
<h2>Logout Successful!
</h2></body>
</html>

denied.jsp

denied.jsp

<html>
<head><title>Access Denied</title>
</head>
<body>
<h1>Access Denied!
</h1></body>
</html>

logout.jsp and denied.jsp pages are simple, but we could have included some information here based on the user details.

logout.jsp和否认.jsp页面很简单，但是我们可以根据用户详细信息在此处包含一些信息。

Our spring security example application is ready to test, note that for JDBC authentication I am using the same setup as our previous Spring Security Example. So if you have landed directly here, you should check that out.

我们的Spring安全性示例应用程序已准备就绪，可以进行测试，请注意，对于JDBC身份验证，我使用的设置与先前的Spring Security Example相同 。 因此，如果您直接降落在这里，则应该检查一下。

Spring Security MVC示例测试 (Spring Security MVC Example Testing)

Just deploy the application in your favorite servlet container, mine is Apache Tomcat 7. Below images show us the different outputs for different URLs.

只需将应用程序部署在您喜欢的servlet容器中，我的应用程序就是Apache Tomcat7。下图显示了针对不同URL的不同输出。

Spring Security Example – Home Page without Authentication

Spring Security示例–未经身份验证的主页

Spring Security Example – Login Page when Authentication Enabled Page is requested (/emp/get/{20})

Spring安全性示例–请求认证启用页面时的登录页面（/ emp / get / {20}）

Spring Security Example – Response Page when Authentication is Successful

Spring Security示例–身份验证成功时的响应页面

Spring Security Example – Access Denied Page when Authentication is Failed

Spring Security示例–身份验证失败时访问被拒绝的页面

That’s all for the Spring Security Example using UserDetailsService, please download the sample project from below link and explore it to learn more.

这就是使用UserDetailsS​​ervice的Spring Security Example的全部内容，请从下面的链接下载示例项目并进行探索以了解更多信息。

翻译自: https://www.journaldev.com/2736/spring-security-example-userdetailsservice