Spring Security 3.2 - Adding Signup Form to Login Page

Question

I have integrated Spring Security login successfuly to my wb application. However, I would like to have in the login page, in addition to login form, a signup form.

In order to do validation I need to pass to that form the object SignupForm which represents my form.

How can I do it? I have tried so many approaches and nothing works.

Please help....

Answer 1

ApplicationContext.xml

<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
    <property name="basenames">
        <list><value>classpath:com/harryfwong/config/messages</value></list>
    </property>
</bean>

message.properties in com.harryfwong.config resource package

username.required=Username is required
password.required=Password is required
passwordconfirm.mustmatch=Password must match
email.required=Email is required

Spring Validator

<!-- language: java -->
public class SignUpFormValidator implements Validator {

    @Override
    public boolean supports(Class<?> clazz) {
        return SignUpForm.class.equals(clazz);
    }

    @Override
    public void validate(Object target, Errors errors) {
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "username", "username.required");
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "password", "password.required");

        SignUpForm form = (SignUpForm) target;

        if (!StringUtils.isBlank(form.getPassword())) {
            if (!form.getPassword().equals(form.getPasswordConfirm())) {
                errors.rejectValue("passwordConfirm", "passwordconfirm.mustmatch");
            }            
        }

        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "email", "email.required");

    }

}

Controller

<!-- language: java -->
    @RequestMapping(method=RequestMethod.GET, value="signup")
    public String signup(@ModelAttribute("form") SignUpForm form) {
        if (form == null) {
            form = new SignUpForm();
        }
        return "auth/signup";
    }

    @RequestMapping(method=RequestMethod.POST, value="signup")
    public String signupSuccess(@ModelAttribute("form") SignUpForm form, BindingResult result, HttpServletRequest request) {
        SignUpFormValidator suValidator = new SignUpFormValidator();
        suValidator.validate(form, result);

        if (result.hasErrors()) {
            return signup(form);
        } else {
            authenticateUserAndSetSession(form, request);
            return "auth/signupSuccess";
        }
    }

External Reference Login after signup: Auto login after successful registration

Answer 2

What does your SS configuration currently look like?

    <form-login 
        login-page="/login" 
        login-processing-url="/loginProcess"
        default-target-url="/landing"
        always-use-default-target="false" />

Where /login is the request mapping

@RequestMapping(value="login")
public String login() {
    // do something prior to display form below
    return "auth/login";
}

auth/login.jsp

<form name='f' action="<c:url value='/loginProcess' />"
    method='POST'>

Answer 3

Not sure what your security context config looks like - this is a response to your issue about not getting to the signup page

<http use-expressions="true">
    <intercept-url pattern="/login" access="permitAll"/>
    <intercept-url pattern="/loggedout" access="permitAll"/>
    <intercept-url pattern="/signup" access="permitAll"/>
    <intercept-url pattern="/" access="hasRole('ROLE_USER')" />
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

...

</http>