Spring Rest + Spring Security example

In this post , we are going to apply Spring Security on Spring Rest example.

Web services tutorial:

    Introduction to web services Web services interview questions SOAP web service introduction RESTful web service introduction Difference between SOAP and REST web services SOAP web service example in java using eclipse JAX-WS web service eclipse tutorial JAX-WS web service deployment on tomcat Create RESTful web service in java(JAX-RS) using jersey RESTful web service JAXRS json example using jersey RESTful web service JAXRS CRUD example using jersey AngularJS RESTful web service JAXRS CRUD example using $http RESTful Web Services (JAX-RS) @QueryParam Example Spring Rest simple example Spring Rest json example Spring Rest xml example Spring Rest CRUD example

Here are steps to create a simple Spring Restful web services with Spring Security which will return json.
1) Create a dynamic web project using maven in eclipse.
2) We need to add Spring Security and Jackson json utility in the classpath. 
Spring will load Jackson2JsonMessageConverter into its application context automatically. Whenever you request resource as json with accept headers="Accept=application/json", then Jackson2JsonMessageConverter comes into picture and convert resource to json format.
Now change pom.xml as follows:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 <name>SpringRestSpringSecurityExample Maven Webapp</name>






3) Change web.xml as below:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
  <display-name>Archetype Created Web Application</display-name>
4) create a xml file named springrest-servlet.xml in /WEB-INF/ folder.
Please change context:component-scan if you want to use different package for spring to search for controller.Please refer to spring mvc hello world example for more understanding.
<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">

<context:component-scan base-package="org.arpit.java2blog.controller" />


Configure Spring security:

Create a file named spring-security.xml in WEB-INF folder as below:
<beans:beans xmlns="http://www.springframework.org/schema/security"

    <http auto-config="true" use-expressions="true">
      <intercept-url pattern="/resources/**" access="permitAll" />

       <intercept-url pattern="/count*" access="hasRole('ROLE_ADMIN')" />
<logout logout-success-url="/" logout-url="/j_spring_security_logout" />
   <csrf disabled="true"/>

            <user name="java2blog" password="java123" authorities="ROLE_ADMIN" />          


You can read more about Spring security to understand above configuration better. When user will try to access countries or country/{id} url, he will get login form and he need to put correct credentials (Username : java2blog and password= java123) to access Spring Rest APIs.

Create bean class 

5) Create a bean name "Country.java" in org.arpit.java2blog.bean.
package org.arpit.java2blog.bean;

public class Country{
 int id;
 String countryName; 
 public Country(int i, String countryName) {
  this.id = i;
  this.countryName = countryName;
 public int getId() {
  return id;
 public void setId(int id) {
  this.id = id;
 public String getCountryName() {
  return countryName;
 public void setCountryName(String countryName) {
  this.countryName = countryName;

Create controller 

6) Create a controller named "CountryController.java"
package org.arpit.java2blog.controller;

import java.util.ArrayList;
import java.util.List;

import org.arpit.java2blog.bean.Country;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

public class CountryController {
 @RequestMapping(value = "/countries", method = RequestMethod.GET,headers="Accept=application/json")
 public List<Country> getCountries()
  List<Country> listOfCountries = new ArrayList<Country>();
  return listOfCountries;

 @RequestMapping(value = "/country/{id}", method = RequestMethod.GET,headers="Accept=application/json")
 public Country getCountryById(@PathVariable int id)
  List<Country> listOfCountries = new ArrayList<Country>();

  for (Country country: listOfCountries) {
    return country;
  return null;

// Utiliy method to create country list.
 public List<Country> createCountryList()
  Country indiaCountry=new Country(1, "India");
  Country chinaCountry=new Country(4, "China");
  Country nepalCountry=new Country(3, "Nepal");
  Country bhutanCountry=new Country(2, "Bhutan");

  List<Country> listOfCountries = new ArrayList<Country>();
  return listOfCountries;

@PathVariable: Used to inject values from the URL into a method parameter.This way you inject id in getCountryById method .
We are not providing any view information in springrest-servlet.xml as we do in Spring MVC. If we need to directly get resource from controller, we need to return @ResponseBody as per Spring 3 but with Spring 4, we can use @RestController for that.
In spring 4.0, we can use @RestController which is combination of @Controller + @ResponseBody.
@RestController = @Controller + @ResponseBody
6) It 's time to do maven build.
Right click on project -> Run as -> Maven build
7) Provide goals as clean install (given below) and click on run

Run the application

8) Right click on project -> run as -> run on server
Select apache tomcat and click on finish

When you run the application, you might get this kind of warning
Mar 26, 2016 1:45:51 AM org.springframework.web.servlet.PageNotFound noHandlerFound
WARNING: No mapping found for HTTP request with URI [/SpringRestfulWebServicesWithJSONExample/] in DispatcherServlet with name 'SpringRestfulWebServicesWithJSONExample'

Please ignore above warning. When you start application, you have below URL if you have not provided start page:

As we have used DispatcherServlet in web.xml, this request goes to spring DispatcherServlet and it did not find corresponding mapping in controller , hence you get that warning.

9) Test your REST service under: "http://localhost:8080/SpringRestSpringSecurityExample/countries".
When you try to access above URL, you will get login page as below
Spring Rest security login

If you put correct username and password, you will get below page:
Spring Rest security success login

We are done with Spring Restful web services with Spring Security example. If you are still facing any issue, please comment.

If you getting 404 error with above steps, you may need to follow below steps:

1) If you are getting this warning into your Tomcat startup console log, then it can cause the issue

WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'source' to 'org.eclipse.jst.j2ee.server:SpringRestfulWebServicesExample' did not find a matching property.

This particular warning basically means that the <Context> element in Tomcat's server.xml contains an unknown attribute source and that Tomcat doesn't know what to do with this attribute and therefore will ignore it.
To resolve this in eclipse,
Remove the project from the server from the Server View. Right click on server -> add and remove

then remove project from server configuration.
Then run the project under the same server. Warning should be removed now
Or if warning still remains then
  • Go to server view
  • Double click on your tomcat server. It will open the server configuration.
  • Under server options check ‘Publish module contents to separate XML files’ checkbox. 
  • Restart your server. This time your page will come without any issues.
2) Try to update Maven project.
Right click on project ->Maven-> update project

This should solve you issues.

Written by Arpit:

If you have read the post and liked it. Please connect with me on Facebook | Twitter | Google Plus


Java tutorial for beginners Copyright © 2012