Tuesday, March 15, 2011

Getting started with Spring Security 3 with JBoss and MySQL

Hi Folks,

Lets get started.

You need to download,

1. Spring Security Module 3
2. MySQL 5.1
3. JBoss 4.2 GA

I'm using eclipse as the IDE.

Create a simple Web Project in eclipse IDE,

Among the jar files of the Spring Security module you will see a 2 WAR files. open the WAR file spring-security-samples-tutorial-3.0.5.RELEASE.war with WinZIP or WinRAR like tool and copy all the JAR files there to the lib folder of the project.

Add all the copied JAR files to buildpath.

First of all you need to create a login page for your web application. create a simple JSP file and name it as login.jsp and paste the following code fragment there.

<form action="/test/j_spring_security_check" method="post"> 
Username : <input type="text" name="j_username" id="j_username">
Password : <input type="password" name="j_password" id="j_password">
<input type="submit" value="Submit">

Remember that,

1. j_spring_security_check is the URL you need to call as the action (/test is the context root of your web application).

2. Name of your username and the password fields should be j_username and j_password

Once the user been authenticated, we need to forward the user to a different page. so lets create another jsp file for that and name it as user_authenticated.jsp

You are going to authorize the user according to their user roles, so here I have created separate JSPs to show some user role level authorization. my user roles are,

1. ROLE_SUPERVISOR (supervisor.jsp)
2. ROLE_USER (user.jsp)
3. ROLE_TELLER (teller.jsp)

Now let's configure Spring.

You will need 2 xml files to hold Spring Security info and the Datasource info to the MySQL DB. See below,

1. applicationContext-security.xml (Your Spring Security configuration file)
2. applicationContext-db.xml (Your datasource configuration file)

Create above 2 files in your WEB-INF directory.


Simply you can copy the same file from the tutorial war file that I have mentioned above, and modify its contents as I have described below.

<http use-expressions="true">
<intercept-url pattern="/user_authenticated.jsp" access="isAuthenticated()" />
<intercept-url pattern="/supervisor.jsp" access="hasRole('ROLE_SUPERVISOR')" />
<intercept-url pattern="/teller.jsp" access="hasRole('ROLE_TELLER')" />
<intercept-url pattern="/user.jsp" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/**"  access="permitAll" />
<form-login login-page='/login.jsp'/>
<logout />
<remember-me />

Uncomment to enable X509 client authentication support

<x509 />


<!-- Uncomment to limit the number of sessions a user can have -->
<session-management invalid-session-url="/timeout.jsp">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />

<password-encoder hash="md5"/>
<jdbc-user-service data-source-ref="mysqlds"/>

<intercept-url pattern="/user_authenticated.jsp" access="isAuthenticated()" />

This is the JSP (user_authenticated.jsp) that we want to forward the user after getting authenticated, that will tell by this: access="isAuthenticated().

<intercept-url pattern="/supervisor.jsp" access="hasRole('ROLE_SUPERVISOR')" />

This will tell the Spring security module to authorize this JSP page access only to the users who are having ROLE_SUPERVISOR role.

Within the <authentication-manager> tag you will enter all the details for authenticating a particular user.

Passwords will be encoded with md5 algorithm. (<password-encoder hash="md5"/>).

This will point the datasource to the DB where the user credentials are stored:

<jdbc-user-service data-source-ref="mysqlds"/>

mysqlds is the datasource name.


This Spring configuration file is to configure the datasource lookup. (here im assuming that your JBoss installed on your local machine)

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<bean id="mysqlds" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName">
<property name="jndiEnvironment">
<prop key="java.naming.factory.initial">org.jnp.interfaces.NamingContextFactory</prop>
<prop key="java.naming.provider.url">jnp://localhost:1099</prop>

Since you are going to deploy the application JBoss application server, you need to create another jboss-web.xml file with datasource information.


<?xml version="1.0" encoding="UTF-8"?>

Finally you need to wire all the things with web.xml



Here we need to specify where are our Spring security configuration file and the datasource configuration file.


<filter-class> org.springframework.web.filter.DelegatingFilterProxy


Finally with the datasource information,


Spring assumes that your database contains particular tables in default. so you need to create those tables in order to follow the default way of Spring.

Create those tables from below script.
create table users(
      username varchar(50) not null primary key,
      password varchar(50) not null,
      enabled boolean not null);

  create table authorities (
      username varchar(50) not null,
      authority varchar(50) not null,
      constraint fk_authorities_users foreign key(username) references users(username));
      create unique index ix_auth_username on authorities (username,authority);

Now you need to create the datasource file in JBoss and configure it.

Go to JBOSS_HOME\server\default\deploy. Get a copy of the existing hsqldb-ds.xml file and name it as mysqldb-ds.xml and modify its contents as below.





save the file to the deploy folder of the JBoss and restart the server. (dont forget to put some values in the tables, since we are encoding passwords with md5 you need to put the encrypted passwords in the table.

Use this site to do that.


You are done now.

Right click on the eclipse project and export it as a WAR file and copy it to the JBoss deploy folder, and access the URL http://localhost:8080/test/user_authenticated.jsp (i have used test as the WAR file name)

Now your eclipse project structure should look like this,

Tuesday, March 1, 2011

Hello World with Java Architecture for XML Binding - JAXB

What is JAXB?

JAXB (Java Architecture for XML Binding) facilitates you to read or write to a XML file. since XML involves with Java everywhere, It will be very useful when working with Java. Here I'm assuming you are having some knowledge on XML.

What you should have

1. JAXB 

Download it and add its bin  folder to your classpath.

I have used eclipse as the IDE.

Let's start...

1. Create a project in eclipse called JAXB.
2. Create the library  directory and copy all the JAXB jars there. (lets call its "lib")
3. Add lib to the build path.
4. You should have a XML schema definition file, so let's create one. Let's name it as GSCProfile.xsd
5. Copy following content to the schema file.


<schema xmlns="http://www.w3.org/2001/XMLSchema" 
xmlns:tns="http://www.example.org/GSCProfile" elementFormDefault="qualified">

<complexType name="GSC">
<element name="Name" type="string"></element>
<element name="Rating" type="int"></element>

<complexType name="Profile">
<element name="ProfileName" type="string"></element>
<element name="GSCElements" type="tns:GSC" maxOccurs="14" minOccurs="14">

<complexType name="GSCProfiles">
<element name="Profile" type="tns:Profile" maxOccurs="unbounded" minOccurs="1">

There are 3 complex types called,
GSCProfiles is the root of all. here how is the relationship goes, 

GSCProfiles  ---< Profile ---< GSC

Once you have added the bin folder to the classpath,  go to the src folder of your project from command line and issue the following command,

xjc -d binding -p com.jaxb.gsc GSCProfiles.xsd

This will generates several classes in the above mentioned package (com.jaxb.gsc) one class for each complex type and an object factory and a package info class.

create another class called JAXBTest  in a diffrernt package, lets name that as com.jaxb.test


Create this variable at class level. and variable to hold the xml file name.
private static Map<String, Map<String, String>> gscProfileMap = new HashMap<String, Map<String, String>>();
* Output xml file name.
private static File xmlFile = new File("xml/GSCProfile.xml");
1. create a method called saveGSCProfiles and add following code fragments there. this method will save the content for it.
public static void saveGSCProfiles() {
try {
Map<String, String> gscValueMap = new HashMap<String, String>();

// Adding GSC Elements

gscValueMap.put("Data Communications", "0");
gscValueMap.put("Distributed Data Processing", "0");
gscValueMap.put("Performance", "0");
gscValueMap.put("Heavily Used Configuration", "0");
gscValueMap.put("Transaction Rate", "0");
gscValueMap.put("Online Data Entry", "0");
gscValueMap.put("End User Efficiency", "0");
gscValueMap.put("Online Update", "0");
gscValueMap.put("Complex Processing", "0");
gscValueMap.put("Reusability", "0");
gscValueMap.put("Installation Ease", "0");
gscValueMap.put("Operational Ease", "0");
gscValueMap.put("Multiple Sites", "0");
gscValueMap.put("Facilitate Change", "0");
gscProfileMap.put("ProfileName", gscValueMap);
Set<String> pofileNames = gscProfileMap.keySet();

ObjectFactory factory = new ObjectFactory();

GSCProfiles gscProfiles = factory.createGSCProfiles();

for (String profileKey : pofileNames) {

Profile profile = factory.createProfile();

// Setting profile name.

gscValueMap = gscProfileMap.get(profileKey);
Set<String> gscSet = gscValueMap.keySet();

for (String gscKey : gscSet) {

GSC gsc = factory.createGSC();



JAXBContext jaxbContext = JAXBContext.newInstance("com.jaxb.gsc");

// Creating marshaller.
Marshaller marshaller = jaxbContext.createMarshaller();
marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);

FileOutputStream outputStream = new FileOutputStream(xmlFile);

// Marshalling object in to the XML file.

marshaller.marshal(gscProfiles, outputStream);

} catch (JAXBException e) {
} catch (FileNotFoundException e) {
 2. Create another method to read from the XML file. let's name this as loadGSCProfiles

public static void loadGSCProfiles() {
try {

JAXBContext jaxbContext = JAXBContext.newInstance("com.jaxb.gsc");

// Create unmarshaller.
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); 

GSCProfiles gscProfiles = (GSCProfiles) unmarshaller.unmarshal(xmlFile);

// Retrieving list of profiles.
List<Profile> profile = gscProfiles.getProfile();

for (Profile profile2 : profile) {

Map<String, String> gscValueMap = new HashMap<String, String>();

List<GSC> gsc = profile2.getGSCElements();

for (GSC gsc2 : gsc) {
gscValueMap.put(gsc2.getName(), gsc2.getRating() + "");

gscProfileMap.put(profile2.getProfileName(), gscValueMap);
} catch (JAXBException e) {

Create a directory inside your eclipse project and name it as xml, and create a xml file called  GSCProfile.xml

Write the main method in JAXBTest class and execute,

 public static void   main(String[] args)   {


Open your GSCProfile.xml file and see... :)

Finally your eclipse project directory structure should like this,