damogallagher/HelloController.java

## fileUpload.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>FileUpload</title>
</head>
<body>

		<form name='fileUploadForm'
			action="processFileUpload" method='POST' enctype="multipart/form-data">

			<table>
				<tr>
					<td>File:</td>
					<td><input type='file' name='file'></td>
				</tr>
				<tr>
					<td colspan='2'><input name="upload" type="submit"
						value="Upload" /></td>
				</tr>
			</table>

			<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />

		</form>


</body>
</html>

## HelloController.java
package com.test.controller;

import org.springframework.stereotype.Controller;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.servlet.ModelAndView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@Controller
public class HelloController {

    /** Local log variable. **/
    private static final Logger LOG = LoggerFactory.getLogger(HelloController.class);


	@RequestMapping(value = { "/welcome**" }, method = RequestMethod.GET)
	public ModelAndView welcomePage() {

		ModelAndView model = new ModelAndView();
		model.addObject("title", "Spring Security Custom Login Form");
		model.addObject("message", "This is welcome page!");
		model.setViewName("hello");
		return model;

	}

	@RequestMapping(value = "/admin**", method = RequestMethod.GET)
	public ModelAndView adminPage() {

		ModelAndView model = new ModelAndView();
		model.addObject("title", "Spring Security Custom Login Form");
		model.addObject("message", "This is protected page!");
		model.setViewName("admin");

		return model;

	}

	@RequestMapping(value = "/login", method = RequestMethod.GET)
	public ModelAndView login(@RequestParam(value = "error", required = false) String error,
			@RequestParam(value = "logout", required = false) String logout) {

		ModelAndView model = new ModelAndView();
		if (error != null) {
			model.addObject("error", "Invalid username and password!");
		}

		if (logout != null) {
			model.addObject("msg", "You've been logged out successfully.");
		}
		model.setViewName("login");

		return model;

	}

	@RequestMapping(value = "/", method = RequestMethod.GET)
	public ModelAndView preUploadFile(){
		LOG.info("Entered preUploadFile");
		ModelAndView model = new ModelAndView();
		model.setViewName("fileUpload");
		LOG.info("Exiting preUploadFile");
		return model;
	}
	@RequestMapping(value = "/processFileUpload", method = RequestMethod.POST)
	public ModelAndView processFileUpload(@RequestParam("file") MultipartFile file){
		LOG.info("Entered processFileUpload");

		ModelAndView model = new ModelAndView();
		model.setViewName("fileUpload");
		LOG.info("Exiting processFileUpload");
		return model;
	}


}

## mvc-dispatcher-servlet.xml
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		xmlns:mvc="http://www.springframework.org/schema/mvc"
	xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context-3.0.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd">
<context:annotation-config />
	<context:component-scan base-package="com.test.*" />
	<mvc:annotation-driven />


	<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="prefix">
			<value>/WEB-INF/pages/</value>
		</property>
		<property name="suffix">
			<value>.jsp</value>
		</property>
	</bean>

   <bean id="filterMultipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
        <property name="maxUploadSize" value="100000000" />
    </bean>


</beans>

## pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>com.test</groupId>
  <artifactId>SpringSecurityAndMultipartUploads</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  <packaging>war</packaging>
<properties>
		<jdk.version>1.6</jdk.version>
		<spring.version>4.0.6.RELEASE</spring.version>
		<spring.security.version>3.2.4.RELEASE</spring.security.version>
		<jstl.version>1.2</jstl.version>
		<commons-fileupload-version>1.3.1</commons-fileupload-version>
		<logback-version>1.1.2</logback-version>
	</properties>

	<dependencies>

		<!-- Spring 3 dependencies -->
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-core</artifactId>
			<version>${spring.version}</version>
		</dependency>

		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-web</artifactId>
			<version>${spring.version}</version>
		</dependency>

		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-webmvc</artifactId>
			<version>${spring.version}</version>
		</dependency>

		<!-- Spring Security -->
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-web</artifactId>
			<version>${spring.security.version}</version>
		</dependency>

		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
			<version>${spring.security.version}</version>
		</dependency>

		<!-- jstl for jsp page -->
		<dependency>
			<groupId>jstl</groupId>
			<artifactId>jstl</artifactId>
			<version>${jstl.version}</version>
		</dependency>
<dependency>
	<groupId>commons-fileupload</groupId>
	<artifactId>commons-fileupload</artifactId>
	<version>${commons-fileupload-version}</version>
</dependency>
			<dependency>
				<groupId>ch.qos.logback</groupId>
				<artifactId>logback-classic</artifactId>
				<version>${logback-version}</version>
			</dependency>
	</dependencies>

	<build>
		<finalName>SpringSecurityAndMultipartUploads</finalName>
		<plugins>

			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<version>2.3.2</version>
				<configuration>
					<source>${jdk.version}</source>
					<target>${jdk.version}</target>
				</configuration>
			</plugin>

            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-war-plugin</artifactId>
                <configuration>
                    <webXml>WebContent\WEB-INF\web.xml</webXml>
                </configuration>
            </plugin>

			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-eclipse-plugin</artifactId>
				<version>2.9</version>
				<configuration>
					<downloadSources>true</downloadSources>
					<downloadJavadocs>false</downloadJavadocs>
					<wtpversion>2.0</wtpversion>
				</configuration>
			</plugin>

		</plugins>
	</build>
</project>

## spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.2.xsd">

	<http auto-config="true" use-expressions="true">
		<intercept-url pattern="/admin**" access="ROLE_ADMIN" />
		<anonymous enabled="true" granted-authority="REGULAR"/>
		<form-login
		    login-page="/login"
		    default-target-url="/welcome"
			authentication-failure-url="/login?error"
			username-parameter="username"
			password-parameter="password" />
		<logout logout-success-url="/login?logout"  />
		<!-- enable csrf protection -->
		<csrf/>
	</http>

	<authentication-manager>
		<authentication-provider>
			<user-service>
				<user name="normal" password="normal" authorities="ROLE_USER" />
				<user name="admin" password="admin" authorities="ROLE_ADMIN" />
			</user-service>
		</authentication-provider>
	</authentication-manager>

</beans:beans>


## web.xml
<web-app id="WebApp_ID" version="2.4"
	xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
	http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

	<display-name>SpringSecurityAndMultipartUploads</display-name>

	<!-- Spring MVC -->
	<servlet>
		<servlet-name>mvc-dispatcher</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>mvc-dispatcher</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>

	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>

	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/spring-security.xml
		</param-value>
	</context-param>

 <filter>
        <description>
            Allows the application to accept multipart file data.
        </description>
        <display-name>multipartFilter</display-name>
        <filter-name>multipartFilter</filter-name>
        <filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>multipartFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <description>
            Secures access to web resources using the Spring Security framework.
        </description>
        <display-name>springSecurityFilterChain</display-name>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>ERROR</dispatcher>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>


</web-app>
	<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
	pageEncoding="ISO-8859-1"%>
	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
	<html>
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
	<title>FileUpload</title>
	</head>
	<body>

	<form name='fileUploadForm'
	action="processFileUpload" method='POST' enctype="multipart/form-data">

	<table>
	<tr>
	<td>File:</td>
	<td><input type='file' name='file'></td>
	</tr>
	<tr>
	<td colspan='2'><input name="upload" type="submit"
	value="Upload" /></td>
	</tr>
	</table>

	<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />

	</form>



	</body>
	</html>
	package com.test.controller;

	import org.springframework.stereotype.Controller;

	import org.springframework.web.bind.annotation.RequestMapping;
	import org.springframework.web.bind.annotation.RequestMethod;
	import org.springframework.web.bind.annotation.RequestParam;
	import org.springframework.web.multipart.MultipartFile;
	import org.springframework.web.servlet.ModelAndView;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;
	@Controller
	public class HelloController {

	/ Local log variable. /
	private static final Logger LOG = LoggerFactory.getLogger(HelloController.class);


	@RequestMapping(value = { "/welcome**" }, method = RequestMethod.GET)
	public ModelAndView welcomePage() {

	ModelAndView model = new ModelAndView();
	model.addObject("title", "Spring Security Custom Login Form");
	model.addObject("message", "This is welcome page!");
	model.setViewName("hello");
	return model;

	}

	@RequestMapping(value = "/admin**", method = RequestMethod.GET)
	public ModelAndView adminPage() {

	ModelAndView model = new ModelAndView();
	model.addObject("title", "Spring Security Custom Login Form");
	model.addObject("message", "This is protected page!");
	model.setViewName("admin");

	return model;

	}

	@RequestMapping(value = "/login", method = RequestMethod.GET)
	public ModelAndView login(@RequestParam(value = "error", required = false) String error,
	@RequestParam(value = "logout", required = false) String logout) {

	ModelAndView model = new ModelAndView();
	if (error != null) {
	model.addObject("error", "Invalid username and password!");
	}

	if (logout != null) {
	model.addObject("msg", "You've been logged out successfully.");
	}
	model.setViewName("login");

	return model;

	}

	@RequestMapping(value = "/", method = RequestMethod.GET)
	public ModelAndView preUploadFile(){
	LOG.info("Entered preUploadFile");
	ModelAndView model = new ModelAndView();
	model.setViewName("fileUpload");
	LOG.info("Exiting preUploadFile");
	return model;
	}
	@RequestMapping(value = "/processFileUpload", method = RequestMethod.POST)
	public ModelAndView processFileUpload(@RequestParam("file") MultipartFile file){
	LOG.info("Entered processFileUpload");

	ModelAndView model = new ModelAndView();
	model.setViewName("fileUpload");
	LOG.info("Exiting processFileUpload");
	return model;
	}


	}
	<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:mvc="http://www.springframework.org/schema/mvc"
	xsi:schemaLocation="
	http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/context
	http://www.springframework.org/schema/context/spring-context-3.0.xsd
	http://www.springframework.org/schema/mvc
	http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd">
	<context:annotation-config />
	<context:component-scan base-package="com.test.*" />
	<mvc:annotation-driven />


	<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
	<property name="prefix">
	<value>/WEB-INF/pages/</value>
	</property>
	<property name="suffix">
	<value>.jsp</value>
	</property>
	</bean>

	<bean id="filterMultipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
	<property name="maxUploadSize" value="100000000" />
	</bean>


	</beans>
	<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>com.test</groupId>
	<artifactId>SpringSecurityAndMultipartUploads</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<packaging>war</packaging>
	<properties>
	<jdk.version>1.6</jdk.version>
	<spring.version>4.0.6.RELEASE</spring.version>
	<spring.security.version>3.2.4.RELEASE</spring.security.version>
	<jstl.version>1.2</jstl.version>
	<commons-fileupload-version>1.3.1</commons-fileupload-version>
	<logback-version>1.1.2</logback-version>
	</properties>

	<dependencies>

	<!-- Spring 3 dependencies -->
	<dependency>
	<groupId>org.springframework</groupId>
	<artifactId>spring-core</artifactId>
	<version>${spring.version}</version>
	</dependency>

	<dependency>
	<groupId>org.springframework</groupId>
	<artifactId>spring-web</artifactId>
	<version>${spring.version}</version>
	</dependency>

	<dependency>
	<groupId>org.springframework</groupId>
	<artifactId>spring-webmvc</artifactId>
	<version>${spring.version}</version>
	</dependency>

	<!-- Spring Security -->
	<dependency>
	<groupId>org.springframework.security</groupId>
	<artifactId>spring-security-web</artifactId>
	<version>${spring.security.version}</version>
	</dependency>

	<dependency>
	<groupId>org.springframework.security</groupId>
	<artifactId>spring-security-config</artifactId>
	<version>${spring.security.version}</version>
	</dependency>

	<!-- jstl for jsp page -->
	<dependency>
	<groupId>jstl</groupId>
	<artifactId>jstl</artifactId>
	<version>${jstl.version}</version>
	</dependency>
	<dependency>
	<groupId>commons-fileupload</groupId>
	<artifactId>commons-fileupload</artifactId>
	<version>${commons-fileupload-version}</version>
	</dependency>
	<dependency>
	<groupId>ch.qos.logback</groupId>
	<artifactId>logback-classic</artifactId>
	<version>${logback-version}</version>
	</dependency>
	</dependencies>

	<build>
	<finalName>SpringSecurityAndMultipartUploads</finalName>
	<plugins>

	<plugin>
	<groupId>org.apache.maven.plugins</groupId>
	<artifactId>maven-compiler-plugin</artifactId>
	<version>2.3.2</version>
	<configuration>
	<source>${jdk.version}</source>
	<target>${jdk.version}</target>
	</configuration>
	</plugin>

	<plugin>
	<groupId>org.apache.maven.plugins</groupId>
	<artifactId>maven-war-plugin</artifactId>
	<configuration>
	<webXml>WebContent\WEB-INF\web.xml</webXml>
	</configuration>
	</plugin>

	<plugin>
	<groupId>org.apache.maven.plugins</groupId>
	<artifactId>maven-eclipse-plugin</artifactId>
	<version>2.9</version>
	<configuration>
	<downloadSources>true</downloadSources>
	<downloadJavadocs>false</downloadJavadocs>
	<wtpversion>2.0</wtpversion>
	</configuration>
	</plugin>

	</plugins>
	</build>
	</project>
	<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.2.xsd">

	<http auto-config="true" use-expressions="true">
	<intercept-url pattern="/admin**" access="ROLE_ADMIN" />
	<anonymous enabled="true" granted-authority="REGULAR"/>
	<form-login
	login-page="/login"
	default-target-url="/welcome"
	authentication-failure-url="/login?error"
	username-parameter="username"
	password-parameter="password" />
	<logout logout-success-url="/login?logout" />
	<!-- enable csrf protection -->
	<csrf/>
	</http>

	<authentication-manager>
	<authentication-provider>
	<user-service>
	<user name="normal" password="normal" authorities="ROLE_USER" />
	<user name="admin" password="admin" authorities="ROLE_ADMIN" />
	</user-service>
	</authentication-provider>
	</authentication-manager>

	</beans:beans>
	<web-app id="WebApp_ID" version="2.4"
	xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
	http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

	<display-name>SpringSecurityAndMultipartUploads</display-name>

	<!-- Spring MVC -->
	<servlet>
	<servlet-name>mvc-dispatcher</servlet-name>
	<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
	<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
	<servlet-name>mvc-dispatcher</servlet-name>
	<url-pattern>/</url-pattern>
	</servlet-mapping>

	<listener>
	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>

	<context-param>
	<param-name>contextConfigLocation</param-name>
	<param-value>
	/WEB-INF/spring-security.xml
	</param-value>
	</context-param>

	<filter>
	<description>
	Allows the application to accept multipart file data.
	</description>
	<display-name>multipartFilter</display-name>
	<filter-name>multipartFilter</filter-name>
	<filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class>
	</filter>
	<filter-mapping>
	<filter-name>multipartFilter</filter-name>
	<url-pattern>/*</url-pattern>
	</filter-mapping>

	<filter>
	<description>
	Secures access to web resources using the Spring Security framework.
	</description>
	<display-name>springSecurityFilterChain</display-name>
	<filter-name>springSecurityFilterChain</filter-name>
	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
	<filter-name>springSecurityFilterChain</filter-name>
	<url-pattern>/*</url-pattern>
	<dispatcher>ERROR</dispatcher>
	<dispatcher>FORWARD</dispatcher>
	<dispatcher>REQUEST</dispatcher>
	</filter-mapping>



	</web-app>