How to integrate Spring Security to an existing web application?

Let see how we can integrate a Spring Security to an existing web application. Download the Spring Security from here, from the download add the following jar spring-security-core-3.2.0.M2.jar and spring-security-config-3.2.0.M2.jar from \spring-security-3.2.0.M2\dist, to your project lib folder.

Since this is the existing project, i assume the all the url pattern will be routed through Spring Dispatcher Servlet. Now let's modify our web.xml to add the filter, since spring security uses filter approach, this provides a hook into the Spring Security web infrastructure.

   org.springframework.web.context.ContextLoaderListener               


   contextConfigLocationWEB-INF\applicationContext-security.xml    

   springSecurityFilterChain
   org.springframework.web.filter.DelegatingFilterProxy


   springSecurityFilterChain
   /*

Next we need to create applicationContext-security.xml under WEB-INF

The element http in the applicationContext-security.xml, says that we want all URLs within our application to be secured, requiring the role ROLE_USER to access them. Thus we are forcing to authenticate ourselves when visiting our pages in the site.

Now to add some test users for a rapid development, we have configured two users here ramanujam and user1, with their password and roles using the authentication-provider and user-service. That's all you have integrated a simple security to your web application. Now if you access any of your web pages, you will redirecting to a default spring login pages.

Happy Programming...!!!