I am using Spring Security in one of my project. The web-app requires the user to login. Hence I have added few usernames and passwords in the spring-security-context.xml file as follows:
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user_1" password="password_1" authorities="ROLE_USER" />
<user name="user_2" password="password_2" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
My question is, how to move these username-password pairs to a different file (like some properties file) instead of keeping them in spring-security-context.xml? And how to read that file properties file?
You can store the usernames and passwords in a separate .properties file.
users.properties should have the following format:
If you want to store it in a database, I would recommend you to read this article: http://www.mkyong.com/spring-security/spring-security-form-login-using-database/
Reference: Spring Security In-Memory Authentication
You can use the
PropertyPlaceholderConfigurer
- put them in properties file and then reference them using EL:http://static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer
I have tried the suggested ways lastly I did the following seemed to work nicely
Added these changes in your web xml
Add these changes in your spring-security xml
Add these changes into your application context xml or if you have property-loader xml even better
Then Add these changes in your property file resourceservice.properties
Add these changes in you resource that uses Jersey
You can find a way to move them to a database or LDAP. Spring Security surely supports both.
This works for me for Spring security authentication and authorization using Properties file:
The
abc.properties
file:The
web.xml
entry for spring-security implementation: