Spring security login and logout form

February 9th, 2009 | Tags: , , ,

So I managed to configure spring security in my last article here but what do I do now. How do I create the login form, login.jsp for my users to authenticate from. I searched around and found a few articles but none that listed out the login page. Then I looked in the spring-security distribution and found a sample login.jsp there.

login.jsp:

<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core_rt' %>
<%@ page import="org.springframework.security.ui.AbstractProcessingFilter" %>
<%@ page import="org.springframework.security.ui.webapp.AuthenticationProcessingFilter" %>
<%@ page import="org.springframework.security.AuthenticationException" %>

<html>
  <head>
    <title>Login</title>
  </head>

  <body>
    <h1>Login</h1>

    <c:if test="${not empty param.login_error}">
      <font color="red">
        Your login attempt was not successful, try again.<br/><br/>
        Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.
      </font>
    </c:if>

    <form name="f" action="<c:url value='j_spring_security_check'/>" method="POST">
      <table>
        <tr><td>User:</td><td><input type='text' name='j_username' value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/></td></tr>
        <tr><td>Password:</td><td><input type='password' name='j_password'></td></tr>
        <tr><td><input type="checkbox" name="_spring_security_remember_me"></td><td>Don't ask for my password for two weeks</td></tr>

        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
        <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
      </table>
    </form>
  </body>
</html>

The names of the fields MUST remain the same or else your authentication will fail.

As far as the logout goes, all you have to do is send the user to a particular servlet define by spring-security.

logout link:

<a href="<c:url value="/j_spring_security_logout"/>">Logout</a>

To bring your user to a particular page after logout defined logout-success-url element in your security context.
Thats it, your login and logout pages are good to go.

Be Sociable, Share!

No related posts.

Leave a comment | Trackback
  1. buyclomido
    August 30th, 2009 at 17:15
    Reply | Quote | #1

    Is not spam, it is only my commercial offer. Sorry if i mistake of topic!

    Buy Clomid – Best testimonials. Buy now. Satisfaction is guaranteed.
    Best price for brand and generic medications.
    From $0.60 per item. Free Airmail shipping for Clomid 100mg 90 tabs and save $135 on order!

  2. gembin
    August 30th, 2009 at 17:51
    Reply | Quote | #2

    very nice post

  3. Asad
    December 21st, 2009 at 19:01
    Reply | Quote | #3

    thats nice..but i am confused where does this security layer resides ? is it above the jsp , servlets and y do we need it if we can log in and log out user by simple method ?

  4. john
    February 26th, 2010 at 00:15
    Reply | Quote | #4

    thanks very good information.

  5. IlkirHis0
    May 31st, 2010 at 21:21
    Reply | Quote | #5

    Hi all, can somebody aid please.

    For what reason will not the hyperlinks at the top of the website webpage that post a comment work for me?

    Appreciate it

  6. Gunjan
    July 5th, 2011 at 17:58
    Reply | Quote | #6

    Hi,
    The example you presented is for spring security 2.0.5. Can you post something for spring security 3.0.5

  7. Augusto
    August 5th, 2011 at 21:23
    Reply | Quote | #7

    Hi i’m new to Spring Security too, and this is my first post … somebody know how do I detect if the user currently have an active session so that I can display a warning message and provide option for user to open a new session or close the current active session. Please advise

  8. nadasudhum
    October 8th, 2011 at 18:03
    Reply | Quote | #8

    Very good example. I was looking for login page example and got you in googles first page.