How to: Simple maven project with spring security (username and password)

Simple tutorial, how to create a maven web project with username/password authentication based on spring security.



  • Java IDE (NetBeans, Eclipse, IntelliJ, …)
  • JDK 7 or newer
  • Maven
  • Tomcat 8


 Web project creation

  1. Create empty maven web project in your IDE or run command in terminal
    mvn -DarchetypeGroupId=org.codehaus.mojo.archetypes -DarchetypeArtifactId=webapp-javaee7 -DarchetypeVersion=1.1 -DarchetypeRepository= -DgroupId=org.korecky -DartifactId=spring-password -Dversion=1.0 -Dpackage=org.korecky.spring.password -Darchetype.interactive=false --batch-mode archetype:generate
  2. Import created project into your IDE



Add spring-security dependencies

  1. Open pom.xml file in the project
  2. To the section dependencies add following lines
        <!-- logging -->            
        <!-- Spring Security -->
  3. And to the section properties these lines


Configure web application

  1. Create new folder “WEB-INF” in “Web Pages” (physical path in the project is /src/main/webapp)
  2. Create in the “WEB-INF” folder file “web.xml” fill it by lines below
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns:xsi=""
     xmlns="" xmlns:web=""
     <display-name>Spring security TEST (password)</display-name>
     <!-- WebApplicationContext --> 
     <!-- Spring security -->
     <!-- Logging -->
  3. We now configure log4j. Create “”  file in the “WEB-INF” folder and copy/paste lines below
    # log4j configuration file
    log4j.rootCategory=INFO, stdout
    log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} %5p %t %c{2}:%L - %m%n


Configure spring

  1. Create “applicationContext.xml”  file in the “WEB-INF” folder and copy/paste lines below
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns=""
    <import resource="security.xml"/>
  2. Create “security.xml”  file in the “WEB-INF” folder with content
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns:beans=""
     xmlns:xsi="" xmlns=""
    <http pattern="/resources/**" security="none" />
    <global-method-security />
    <http auto-config="true" use-expressions="true">
     <http-basic />
     <logout logout-url="/logout" />
     <intercept-url pattern="/**" access="isAuthenticated()" /> 
     <password-encoder hash="sha-256" /> 
     <!-- Password encoding: 
     1) Download jacksum.jar tool (e.g. from URL
     2) Run command: java -jar jacksum.jar -a sha-256 -q "txt:password"
     3) Paste command output into "password" attribute in element "user", default password is "password123"-->
     <user name="testUser" password="ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f" authorities="ROLE_USER, ROLE_ADMIN" />


 Create test JSP page

  1. Delete file “index.html” in the “Web Pages” folder (physical path in the project is /src/main/webapp)
  2. Create file “index.jsp” instead of “index.html” with content
    <%@page contentType="text/html" pageEncoding="UTF-8"%>
    <%@ taglib prefix="security" uri="" %>
    <!DOCTYPE html>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
     <title>JSP Page</title>
     <h1>Hello World!</h1> 
     <b>User name:</b></br> 
     <b>User principal:</b></br> 


Done. We can now test our application.



  1. Compile application in your IDE or by command
    mvn clean install
  2. And deploy it to the Tomcat server (from your IDE or copy WAR file from target directory to the webapps in the Tomcat installation)
  3. Run browser and go to the URL http://localhost:8080/spring-password
  4. Application asks you for username and password (if you didn’t change anything it is “testUser” and “password123”)
  5. The index.jsp page is shown after authentication process with your username and credentials


You can download complete source code here: SOURCE CODE ZIP



4 thoughts to “How to: Simple maven project with spring security (username and password)”

  1. Right here is the right webpage for anyone who wants to understand this topic.You realize so much itss almost hard to argue with
    you (not that I personally willl need to…HaHa).
    Youu dwfinitely put a new spin on a subject which
    has been written about for years. Great stuff, just great!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.