SpringSecurity – RememberMe Authentication & Basic Authentication


In Spring Security, you can enable RememberMe Authentication for persistent login. This is achieved via the exchange of a RememberMe cookie between server and client. The configuration presented here shows how this can be accomplished using the Spring Security “form-login” (or equivalent). Shortly, in order to ask for the RememberMe cookie/mechanism from the server, the client must post the parameter “_spring_security_remember_me” along with the login credentials; the RememberMe authentication mechanism is thus tightly related to that parameter and thus to a login form.

In a recent project (a webservices project), I had to establish a persistent login along with a Basic authentication across multiple platforms using the Remember Me cookie approach using Spring Security. The difficulty is to configure Spring Security to send back to client the Remember Me cookie on successful authentication with Basic Authentication credentials (no login form and thus no request parameter “_spring_security_remember_me”).

Here the configuration that allows you to achieved this.

The Basic Authentication entry point configuration

You have to (re-)declare the Basic Authentication entry point and filter:

<http auto-config="false" entry-point-ref="basicAuthenticationEntryPoint">
   <intercept-url pattern="/**" access="ROLE_USER" />
   <remember-me key="mykey" services-ref="rememberMeServices" />
   <custom-filter position="BASIC_AUTH_FILTER" ref="basicAuthenticationFilter" />

<beans:bean id="basicAuthenticationFilter"
	<beans:property name="rememberMeServices" ref="rememberMeServices" />
	<beans:property name="authenticationManager" ref="authenticationManager" />
	<beans:property name="authenticationEntryPoint" ref="basicAuthenticationEntryPoint" />

<beans:bean id="basicAuthenticationEntryPoint"
	<beans:property name="realmName" value="Webservices" />

This XML configuration comes in replacement to the following classical configuration:

<http auto-config="true">
   <intercept-url pattern="/**" access="ROLE_USER" />
   <remember-me key="mykey" services-ref="rememberMeServices" />
   <basic-auth />

In the first configuration above, we disabled the form login (remember that it is a webservices project where authentication is done via Basic Authentication). In order to enable the Remember Me authentication along with that Basic authentication on successful login, we had to:

  1. Disable any default login form and http-basic configuration through the “http” attribute
  2. Define an entry point (there must be at least one) through the “http” attribute

    This is the entry point Spring loads when using “http-basic”

  3. Define the Basic Authentication filter
    <custom-filter position="BASIC_AUTH_FILTER" ref="basicAuthenticationFilter" />

    This again is the default filter Spring loads when using “http-basic” with the difference here that we are referencing the Remember me service bean to support remember on successful authentication

The rest of the configuration file (download file here) is no more that classical Spring Security Remember Me authentication configuration.

This was tested with Spring Security 3.0.x and 4.x.

A Pagination service with AngularJS and Bootstrap CSS

In this post, I propose an implementation of an AngularJS service to handle pagination on injected views (via the angular route service and the ng-view directive).

  1. This pagination service has the advantage to be specific to each controller (via instances creation per controller).
  2. Per page data are loaded and refreshed via asynchronous calls to a back-end service (through angular events), you have not to load the entire data and handle pagination on the client side. This service decouples entirely the pagination service with the back end service as you will see later.

follow this link to view and try it on jsFiddle

The Pagination service

A working implementation of the pagination service might seem like this

var Pagination = function(maxCount, $rootScope) {
    this.maxCount = maxCount;
    this.counter = 1;
    this.max = function() {
        return this.maxCount;
    this.current = function() {
        return this.counter;
    this.next = function() {
        if (this.hasNext()) {
    this.previous = function() {
        if (this.hasPrevious()) {
    this.hasPrevious = function() {
        return this.counter > 1;
    this.hasNext = function() {
        return this.counter < this.maxCount;

Each time the service is asked to go forth (next) or back (previous), it notifies all registered listeners for page navigation events via rootScope.$broadcast. This will allow us to bind this events to a Back-end service in order to refresh the data for the new displayed page.

The service has two key parameters:

  • maxCount (constructor parameter) is the total number of data that will be handled. This is generally provided by a Back-end service (count all).
  • counter is the current displayed page number.
Return the service through a factory

Since AngularJS services are singleton per application, in order to make the pagination service controller specific, we have to provide it through a factory like service :

// the Pagination service
angular.module('project.services', [])
   .factory('PaginatonService', function($rootScope) {
     return {
       Pagination: function(maxCount, $rootScope) {
         return new Pagination(maxCount);
Injecting the service into the controller

The service is then simply declared and instantiated on each controller that requires pagination feature

// injecting the Pagination service into the application module
var myapp = angular.module('project', ['project.services']);
myapp.controller('Controller1', function ($scope, PaginatonService) {
    // here the max count of 10 can be provided by a Backend service through an API
    $scope.pagination = PaginatonService.Pagination(10);
myapp.controller('Controller2', function ($scope, PaginatonService) {
    // here the max count of 20 can be provided by a Backend service through an API
    $scope.pagination = PaginatonService.Pagination(20);

View Binding

Once the pagination service is added to the controller scope, the binding with AngularJS is straight forward. Here is an example with the Bootstrap CSS Pagination component:

<ul class="pagination">
   <li class="{{pagination.hasPrevious()?'':'disabled'}}"><a href="" ng-click="pagination.previous()">&laquo;</a></li>
   <li ng-show="pagination.hasPrevious()"><a href="">{{pagination.current() - 1}}</a></li>
   <li ng-hide="pagination.hasPrevious()"><span>&nbsp;</span></li>
   <li class="active"><a href="">{{pagination.current()}}</a></li>
   <li ng-show="pagination.hasNext()"><a href="">{{pagination.current() + 1}}</a></li>
   <li class="{{pagination.hasNext()?'':'disabled'}}"><a href="" ng-click="pagination.next()">&raquo;</a></li>

I make use of the ng-show AngularJS directive to hide/show navigation on lower and upper data borders/limits.


Solving the “Plugin execution not covered by lifecycle configuration” error in Eclipse

In a recent project, we were using the “xmlbeans-maven-plugin” for XML parsing with the “xmlbeans” goal configured on the plugin. However we get this annoying error message about lifecycle configuration on Eclipse “Plugin execution not covered by lifecycle configuration”!

To fix this, one solution consists of adding an ignore configuration to the pom.xml file that says to eclipse to ignore that goal on validation. I personally don’t like this solution because It pollutes the project pom.xml file with IDE specific stuff; and this solution is specific to the project, i.e. you could have this problem on other projects and you just want to fix once for all.

The other solution, that I personally advise, is to add that same configuration to the lifecycle mappings file of the m2e eclipse plugin:

    1. Open the Eclipse preferences window and open the maven preferences page:


  1. Open the mapping file with “Open workspace lifecycle mappings metadata” and add the following configuration (actually this configuration is the same as the one that is inserted into the project pom file with the help of the “quick-fix” menu):
<?xml version="1.0" encoding="UTF-8"?>
				<ignore />

This solution will fix the problem for all the projects in your workspace.


  • Eclispe 3.7
  • Maven 2.x
  • m2e eclispe plugin


The Reactive Manifesto

I recently read an article about “Reactive Applications” on the Reactive Manifesto website and I wanted to share this small paragraph with you. I found this part particulary interesting and give the main direction architects and developers should emphasize on when developing new applications:

“New requirements demand new technologies. Previous solutions have emphasized managed servers and containers. Scaling was achieved through buying larger servers and concurrent processing via multi-threading. Additional servers were added through complex, inefficient and expensive proprietary solutions.

But now a new architecture has evolved to let developers conceptualize and build applications that satisfy today’s demands. We call these Reactive Applications. This architecture allows developers to build systems that are event-driven, scalable, resilient and responsive: delivering highly responsive user experiences with a real-time feel, backed by a scalable and resilient application stack, ready to be deployed on multicore and cloud computing architectures. The Reactive Manifesto describes these critical traits which are needed for going reactive.”

Visit the original website of the Reactive Manifesto.

Spring MVC along with Spring Security 3.1 maven archetype

In a previous post I posted an article on a Spring MVC (with Apache Tiles) maven archetype project and I explained how to initiate such a Maven project using the supplied archetype.

In this post, I come with a new archetype that allows you initiate, via a single command line, a maven web project that is configured to use Spring MVC 3.1.4 along with Spring Security. Knowing how it can be sometimes painful to configure such a project and to overcome dependencies issues (version conflicts, missing dependencies issues and configuration issues), I wanted to share that with you.

The project is configured to use:

  • Spring MVC 3.1.4
  • Spring Security 3.1.4
  • Apache Tiles 2.2.2
  • Servlets API 2.5 (as provided)
  • jstl 1.2

The project comes up with the following configuration:

  1. Spring MVC is configured to Intercept /spring context requests: locate the file spring-servlet.xml
  2. Spring security is configured with two users, a regular user role user and an admin role user: locate the file spring-security.xml, it contains the two users logins and passwords
  3. (JSP) Tiles pages (view parts) are in the WEB-INF/jsp: users folder contains user role jsp pages and admin folder contains admin role jsp pages
  4. As examples, two servlets are pre-configured for each of the two users: the AdminPage1Controller.java and the Page1Controller.java
  5. The sidebar menu.jsp contains an example on how to filter content so that some content is only displayed when admin is connected

In order to use the archetype to initiate such a new maven project:

  1. Download the archetype maven project here and install it to your local repository using the following command
    mvn install:install-file -Dfile=springmvc3.1-security-archetype-1.0.0.jar -DgroupId=com.michir.projects -DartifactId=springmvc3.1-security-archetype -Dversion=1.0.0 -Dpackaging=jar -DgeneratePom=true [-DlocalRepositoryPath=[path to your local repository]]
  2. Once installed, generate your Spring MVC – Security project using the following maven command
    mvn archetype:generate -DarchetypeGroupId=com.michir.projects -DarchetypeArtifactId=springmvc3.1-security-archetype -DarchetypeVersion=1.0.0 -DgroupId=com.mycompany -DartifactId=myproject -Dversion=1.0.0-SNAPSHOT

It’s done … import your project into your favorite IDE as a maven project, compile and install on your favorite Web Application server and enjoy!

maven jaxb plugin configuration to generate XSD schema files

Here is how to configure your project in order to generate XSD schema files from Java JAXB annotated classes


This will generate an XSD file named ${xsd_filename} in the target/schemas folder.

We chose the generate-source phase in order to make the schema file available for the sources (particularly for the test sources), in conjunction with the following resources configuration to add the schema to the generated artifact:


Get every new post delivered to your Inbox.