You can find the original documentation at Ferdi Sonmezay Website
Here is the source code of the project. You can download or clone from github
$ git clone
In this tutorial, I am going to create a sample java web application using:
- Apache Maven,
- Spring Framework,
- Spring Security,
- Twitter bootstrap
I will create project structure with Apache Maven (version 3.2.3), so please make sure that maven is installed before you start.
Creating a Java Project With Maven
Navigate to the folder you want to create the project and in Command Line, type:
$ mvn archetype:generate -DgroupId=com.ferdisonmezay -DartifactId=springsecuritywebapp -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false
This command will create springsecuritywebapp
directory in your file system. When you navigate to the folder, you'll see that there's a directory called src
and a file called pom.xml
. the content of the 'pom.xml' file looks like this:
<project xmlns="" xmlns:xsi=""
First we will add some personal staff, properties and build parameters to pom.xml
. So, open the file in your favorite editor, and add these lines after <name></name>
<description>Ferdi Sonmezay | Spring Security Web App</description>
<name>Ferdi Sonmezay</name>
<email>[email protected]</email>
<role>Software Developer</role>
Then, we need to add some dependencies to pom.xml
file. between <dependencies> ... </dependencies>
Lines to add
<!-- Spring -->
<!-- Spring Security -->
<!-- Hibernate -->
<!-- Database driver -->
<!-- JSTL -->
<!-- Junit -->
The project was generated as a Java Application, so we need to convert it to a web application.
For the conversion, we need to create a webapp
directory in the /src/main
Now, navigate to the webapp folder and create two folders in webapp
- web_resource
We will keep our web resource files like images, js files, css files in web_resource folder, and web pages and web configurations in WEB-INF folder.
To make spring configuration we will need an application context
configuration file, so create applicationContext.xml
file in WEB-INF
folder, and add these lines to the file.
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns=""
<mvc:annotation-driven />
<context:component-scan base-package="com.ferdisonmezay.springsecuritywebapp" />
<mvc:resources mapping="/webapp/web_resource/**" location="/web_resource/" />
p:prefix="/WEB-INF/pages/" p:suffix=".jsp" />
Now, create a file called web.xml
in the folder WEB-INF
. Open the file and add these lines to the web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns=""
<display-name>Ferdi Sonmezay | Spring Security Web App</display-name>
Our project structure should look like
Now, if you run mvn jetty:run
on command line, and open localhost:8080
on your browser, you should be able to see an error 404 page, containing a link to the application.
Now we need a working website. So first we will add some resource files, to web_resource
you can add any *.css
or *.js
files to web_resources
I have created css
, js
, images
directories in web_resources
directory and, copied bootstrap.min.css
file to css
directory and bootstrap.min.js
and jQuery.js
files to js
directory. I also copied some images that I will use for this project to images
NOTE : You can download Twitter Bootstrap, and jQuery from these links
Now we need to create an html file to display the web content. Create pages
directory in WEB-INF
and place an html file (index.html
) in pages folder.
index.html (Remember that we will use taglib for future operations.)
<%@ taglib prefix="spring" uri=""%>
<%@ taglib prefix="c" uri=""%>
<%@ taglib prefix="sec" uri="" %>
<%@ page contentType="text/html;charset=UTF-8" pageEncoding="UTF-8" %>
<!DOCTYPE html>
<meta charset="UTF-8">
<title>Spring Security Web App</title>
<link rel="stylesheet"
<nav class="navbar navbar-default navbar-fixed-top">
<div class="container">
<div style="float: left; width: 60px;">
<img style="width: 40px; margin-top: 4px;" alt="Ferdi Sonmezay | Spring Security Web App" src="${pageContext.request.contextPath}/web_resource/images/logo.png">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<a class="navbar-brand" href="./"> | Spring Security Web App</a>
<div class="collapse navbar-collapse pull-right">
<ul class="nav navbar-nav">
<li class="active"><a href="./"><span class="glyphicon glyphicon-home"></span> Home</a></li>
<li><a href="${pageContext.request.contextPath}/books">Books</a></li>
<li><a href="<c:url value="/j_spring_security_logout" />">Logout</a></li>
<div class="container" style="margin-top: 90px;">
<div class="jumbotron">
<h1>Spring Bootstrap App</h1>
<p class="lead">Spring Maven Hibernate Bootstrap template application</p>
<script src="${pageContext.request.contextPath}/web_resource/js/jquery.min.js"></script>
<script src="${pageContext.request.contextPath}/web_resource/js/bootstrap.min.js"></script>
Now we have to create a controller, to handle web requests. First create a package called com.ferdisonmezay.springsecuritywebapp.controller
, and then create a file called
package com.ferdisonmezay.springsecuritywebapp.controller;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
public class MainController {
@RequestMapping(value = "/*")
public String mainController(Model model) {
return "index";
Now, if you run
$ mvn jetty:run
on terminal, and open http://localhost:8080/springsecuritywebapp/
in your browser, you can see sample web application.
First, we have to create a spring-security configuration file in WEB-INF directory.
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns=""
xmlns:beans="" xmlns:xsi=""
<http auto-config="true" access-denied-page="/accessdenied">
<intercept-url pattern="/login" access="ROLE_ANONYMOUS"/>
<intercept-url pattern="/loginfailed" access="ROLE_ANONYMOUS"/>
<intercept-url pattern="/books" access="ROLE_USER,ROLE_SUPER_USER"/>
<intercept-url pattern="/*" access="ROLE_USER, ROLE_SUPER_USER" />
<intercept-url pattern="/admin/*" access="ROLE_SUPER_USER" />
<form-login login-page="/login" default-target-url="/success" authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
<password-encoder hash="md5" />
<!-- user: sudo , password: su -->
<user name="sudo"
authorities="ROLE_SUPER_USER, ROLE_USER" />
<!-- user: webuser , password: user1 -->
<user name="webuser"
authorities="ROLE_USER" />
<beans:bean id="webexpressionHandler" class="" />
Then we must create login.jsp, logout.jsp pages. We also have to modify our file to handle spring security requests.
First create a login
directory, in the pages
directory. and add a jsp file login.jsp
in login directory. The content of login.jsp should be as follows:
<%@ taglib prefix="c" uri=""%>
<%@ taglib prefix="fmt" uri=""%>
<%@ taglib prefix="spring" uri=""%>
<%@ taglib prefix="form" uri=""%>
<%@ page contentType="text/html;charset=UTF-8" pageEncoding="UTF-8" %>
<!DOCTYPE html>
<html lang="en">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="Configuration Server">
<meta name="author" content="Ferdi Sonmezay - [email protected]">
<title>Spring Security Web App</title>
<link rel="stylesheet" href="${pageContext.request.contextPath}/web_resource/css/bootstrap.min.css">
<!--[if lt IE 9]>
<script src=""></script>
<script src=""></script>
<div id="wrap">
<div class="container">
<div id="loginbox" style="margin-top: 50px;" class="mainbox col-md-6 col-md-offset-3 col-sm-6 col-sm-offset-3">
<c:when test="${not empty error}">
<div class="alert alert-danger">
<a class="close" data-dismiss="alert" href="#">x</a>
Invalid username or password.
<br />
<div class="panel panel-danger">
<div class="panel panel-success">
<div class="panel-heading">
<div class="panel-title">Login</div>
<div style="padding-top: 30px" class="panel-body">
<div class="row">
<div class="col-md-4" style="text-align:center;">
<img alt="Ferdi Sonmezay | Spring Security Web App" src="${pageContext.request.contextPath}/web_resource/images/logo.png" style="margin-top:15px;">
<br/> Spring Security Web App
<div class="col-md-6">
<form name='loginForm' action="j_spring_security_check" method="POST" class="form-horizontal" role="form">
<div style="margin-bottom: 25px" class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-user"></i> </span>
<input id="login-username" required="true" type="text" class="form-control" name="j_username" value="" placeholder="Username">
<div style="margin-bottom: 25px" class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i> </span>
<input id="login-password" required="true" type="password" class="form-control" name="j_password" placeholder="Password">
<div style="margin-top: 10px" class="form-group">
<div class="col-sm-12 controls">
<button id="btn-login" type="submit" class="btn btn-sm btn-success pull-right">
<span class="glyphicon glyphicon-ok"> </span>
<script src="${pageContext.request.contextPath}/web_resource/js/jquery.min.js"></script>
<script src="${pageContext.request.contextPath}/web_resource/js/bootstrap.min.js"></script>
Now we have to add spring-security configurations to web.xml
Then, we need to add spring security request handlers to
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(ModelMap model) {
return "login/login";
@RequestMapping(value = "/loginfailed", method = RequestMethod.GET)
public String loginerror(ModelMap model) {
model.addAttribute("error", "true");
return "login/login";
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(ModelMap model) {
return "index";