Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-279 - Deleting Contacts Tiger sample project

This commit is contained in:
Mark St. Godard 2007-08-25 23:16:22 +00:00
parent 93b303e343
commit 5474b3a78c
31 changed files with 0 additions and 1915 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
samples/contacts-tiger/.cvsignore
View File

@ -1,6 +0,0 @@
classes
dist
api
build.properties
temporary
target

57
samples/contacts-tiger/maven.xml
View File

@ -1,57 +0,0 @@
<project
xmlns:j="jelly:core"
xmlns:ant="jelly:ant"
xmlns:artifact="artifact"
xmlns:maven="jelly:maven">
<preGoal name="java:compile">
<path id="additional.src.path">
<pathelement location="../contacts/src/main/java"/>
</path>
<maven:addPath id="maven.compile.src.set" refid="additional.src.path"/>
</preGoal>
<goal name="war">
<echo>The "war" goal is deprecated. Use "multiwar:multiwar" instead.</echo>
</goal>
<goal name="multiwar:multiwar">
<!-- needed otherwise first custom artifact (cas) doesn't get built) -->
<attainGoal name="acegisecurity:war"/>
<!-- filter war -->
<j:set var="webapp" value="filter"/>
<attainGoal name="acegisecurity:war"/>
<!-- delete generic artifact (we only want our three custom WARs) -->
<ant:delete file="${maven.war.build.dir}/${pom.artifactId}.war"/>
</goal>
<goal name="acegisecurity:war">
<maven:set plugin="maven-war-plugin"
property="maven.war.webapp.dir"
value="${maven.war.build.dir}/${pom.artifactId}-${webapp}"/>
<maven:set plugin="maven-war-plugin"
property="maven.war.final.name"
value="${pom.artifactId}-${webapp}.war"/>
<attainGoal name="war:war"/>
</goal>
<goal name="multiwar:install">
<attainGoal name="multiwar:multiwar"/>
<echo>multiproject:install doesn't install Contacts Samples WARs to local repo</echo>
</goal>
<postGoal name="war:war-resources">
<maven:get plugin="maven-war-plugin"
property="maven.war.webapp.dir"
var="maven.war.webapp.dir"/>
<ant:copy todir="${maven.war.webapp.dir}" preservelastmodified="true">
<ant:fileset dir="${maven.war.src}/../${webapp}"/>
</ant:copy>
</postGoal>
</project>

35
samples/contacts-tiger/pom.xml
View File

@ -1,35 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-samples</artifactId>
<version>1.0.5-SNAPSHOT</version>
</parent>
<artifactId>acegi-security-sample-contacts-tiger</artifactId>
<name>Acegi Security System for Spring - Contacts sample</name>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-tiger</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.5</source>
<target>1.5</target>
</configuration>
</plugin>
</plugins>
</build>
</project>

26
samples/contacts-tiger/project.properties
View File

@ -1,26 +0,0 @@
# Ant properties for building the Contacts (Java 5) sample application.
# $Id$
name.filter=filter
src.dir=src
war.dir=war
lib.dir=${basedir}/../../lib
dist.lib.dir=${basedir}/../../dist
build.dir=classes
dist.dir=dist
javadocs.dir=api
jalopy.xml=${basedir}/../../jalopy.xml
tmp.dir=temporary
etc.dir=etc
client.dir=client
maven.war.src=${maven.src.dir}/main/webapp/common
maven.multiproject.type=multiwar
maven.xdoc.distributionType=war
maven.xdoc.distributionUrl=http://acegisecurity.sourceforge.net/maven/acegisecurity/wars
maven.compile.target=1.5
maven.compile.source=1.5

45
samples/contacts-tiger/project.xml
View File

@ -1,45 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<project>
<extend>${basedir}/../project.xml</extend>
<pomVersion>3</pomVersion>
<artifactId>acegi-security-sample-contacts-tiger</artifactId>
<name>Acegi Security System for Spring - Contacts sample (Java 5)</name>
<siteDirectory>/home/groups/a/ac/acegisecurity/htdocs/multiproject/acegi-security-sample-contacts-tiger</siteDirectory>
<repository>
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/samples/contacts-tiger/</url>
</repository>
<dependencies>
<dependency>
<groupId>hessian</groupId>
<artifactId>hessian</artifactId>
<version>3.0.1</version>
<type>jar</type>
<url>http://www.caucho.com</url>
<properties>
<war.bundle>true</war.bundle>
</properties>
</dependency>
<dependency>
<groupId>burlap</groupId>
<artifactId>burlap</artifactId>
<version>2.1.7</version>
<type>jar</type>
<url>http://www.caucho.com</url>
<properties>
<war.bundle>true</war.bundle>
</properties>
</dependency>
<dependency>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-tiger</artifactId>
<version>1.0.4</version>
<type>jar</type>
<properties>
<war.bundle>true</war.bundle>
</properties>
</dependency>
</dependencies>
</project>

216
samples/contacts-tiger/src/main/java/sample/contact/annotation/ContactManagerBackend.java
View File

@ -1,216 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample.contact.annotation;
import org.acegisecurity.Authentication;
import org.acegisecurity.acls.AccessControlEntry;
import org.acegisecurity.acls.MutableAcl;
import org.acegisecurity.acls.MutableAclService;
import org.acegisecurity.acls.NotFoundException;
import org.acegisecurity.acls.Permission;
import org.acegisecurity.acls.domain.BasePermission;
import org.acegisecurity.acls.objectidentity.ObjectIdentity;
import org.acegisecurity.acls.objectidentity.ObjectIdentityImpl;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.acegisecurity.acls.sid.Sid;
import org.acegisecurity.annotation.Secured;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.userdetails.UserDetails;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.support.ApplicationObjectSupport;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import sample.contact.Contact;
import sample.contact.ContactDao;
import sample.contact.ContactManager;
import java.util.List;
import java.util.Random;
/**
* Concrete implementation of Java 5 Annotated {@link ContactManager}.
*
* @author Mark St.Godard
* @version $Id$
*/
@Transactional
public class ContactManagerBackend extends ApplicationObjectSupport implements ContactManager, InitializingBean {
//~ Instance fields ================================================================================================
private ContactDao contactDao;
// TODO: Assignment of annotations against class does not result in match in sample application
private MutableAclService mutableAclService;
private int counter = 1000;
//~ Methods ========================================================================================================
@Secured({"ACL_CONTACT_ADMIN"})
public void addPermission(Contact contact, Sid recipient, Permission permission) {
MutableAcl acl;
ObjectIdentity oid = new ObjectIdentityImpl(Contact.class, contact.getId());
try {
acl = (MutableAcl) mutableAclService.readAclById(oid);
} catch (NotFoundException nfe) {
acl = mutableAclService.createAcl(oid);
}
acl.insertAce(null, permission, recipient, true);
mutableAclService.updateAcl(acl);
if (logger.isDebugEnabled()) {
logger.debug("Added permission " + permission + " for Sid " + recipient + " contact " + contact);
}
}
public void afterPropertiesSet() throws Exception {
Assert.notNull(contactDao, "contactDao required");
Assert.notNull(mutableAclService, "mutableAclService required");
}
@Secured({"ROLE_USER"})
public void create(Contact contact) {
// Create the Contact itself
contact.setId(new Long(counter++));
contactDao.create(contact);
// Grant the current principal administrative permission to the contact
addPermission(contact, new PrincipalSid(getUsername()), BasePermission.ADMINISTRATION);
if (logger.isDebugEnabled()) {
logger.debug("Created contact " + contact + " and granted admin permission to recipient " + getUsername());
}
}
@Secured({"ACL_CONTACT_DELETE"})
public void delete(Contact contact) {
contactDao.delete(contact.getId());
// Delete the ACL information as well
ObjectIdentity oid = new ObjectIdentityImpl(Contact.class, contact.getId());
mutableAclService.deleteAcl(oid, false);
if (logger.isDebugEnabled()) {
logger.debug("Deleted contact " + contact + " including ACL permissions");
}
}
@Secured({"ACL_CONTACT_ADMIN"})
public void deletePermission(Contact contact, Sid recipient, Permission permission) {
ObjectIdentity oid = new ObjectIdentityImpl(Contact.class, contact.getId());
MutableAcl acl = (MutableAcl) mutableAclService.readAclById(oid);
// Remove all permissions associated with this particular recipient (string equality to KISS)
AccessControlEntry[] entries = acl.getEntries();
for (int i = 0; i < entries.length; i++) {
if (entries[i].getSid().equals(recipient) && entries[i].getPermission().equals(permission)) {
acl.deleteAce(entries[i].getId());
}
}
mutableAclService.updateAcl(acl);
if (logger.isDebugEnabled()) {
logger.debug("Deleted contact " + contact + " ACL permissions for recipient " + recipient);
}
}
@Secured({"ROLE_USER", "AFTER_ACL_COLLECTION_READ"})
@Transactional(readOnly = true)
public List getAll() {
if (logger.isDebugEnabled()) {
logger.debug("Returning all contacts");
}
return contactDao.findAll();
}
@Secured({"ROLE_USER"})
@Transactional(readOnly = true)
public List getAllRecipients() {
if (logger.isDebugEnabled()) {
logger.debug("Returning all recipients");
}
List list = contactDao.findAllPrincipals();
return list;
}
@Secured({"ROLE_USER", "AFTER_ACL_READ"})
@Transactional(readOnly = true)
public Contact getById(Long id) {
if (logger.isDebugEnabled()) {
logger.debug("Returning contact with id: " + id);
}
return contactDao.getById(id);
}
/**
* This is a public method.
*
* @return DOCUMENT ME!
*/
public Contact getRandomContact() {
if (logger.isDebugEnabled()) {
logger.debug("Returning random contact");
}
Random rnd = new Random();
List contacts = contactDao.findAll();
int getNumber = rnd.nextInt(contacts.size());
return (Contact) contacts.get(getNumber);
}
protected String getUsername() {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth.getPrincipal() instanceof UserDetails) {
return ((UserDetails) auth.getPrincipal()).getUsername();
} else {
return auth.getPrincipal().toString();
}
}
public void setContactDao(ContactDao contactDao) {
this.contactDao = contactDao;
}
public void setMutableAclService(MutableAclService mutableAclService) {
this.mutableAclService = mutableAclService;
}
public void update(Contact contact) {
contactDao.update(contact);
if (logger.isDebugEnabled()) {
logger.debug("Updated contact " + contact);
}
}
}

37
samples/contacts-tiger/src/main/resources/log4j.properties
View File

@ -1,37 +0,0 @@
# Global logging configuration
log4j.rootLogger=WARN, stdout, fileout
#log4j.logger.org.springframework.aop.framework.autoproxy=DEBUG, stdout, fileout
#log4j.logger.org.springframework.aop.framework.autoproxy.metadata=DEBUG, stdout, fileout
#log4j.logger.org.springframework.aop.framework.autoproxy.target=DEBUG, stdout, fileout
#log4j.logger.org.springframework.transaction.interceptor=DEBUG, stdout, fileout
#log4j.logger.net.sf.acegisecurity.intercept=DEBUG, stdout, fileout
#log4j.logger.net.sf.acegisecurity.intercept.method=DEBUG, stdout, fileout
#log4j.logger.net.sf.acegisecurity.intercept.web=DEBUG, stdout, fileout
#log4j.logger.net.sf.acegisecurity.afterinvocation=DEBUG, stdout, fileout
#log4j.logger.net.sf.acegisecurity.acl=DEBUG, stdout, fileout
#log4j.logger.net.sf.acegisecurity.acl.basic=DEBUG, stdout, fileout
#log4j.logger.net.sf.acegisecurity.taglibs.authz=DEBUG, stdout, fileout
#log4j.logger.net.sf.acegisecurity.ui.basicauth=DEBUG, stdout, fileout
#log4j.logger.net.sf.acegisecurity.ui.rememberme=DEBUG, stdout, fileout
#log4j.logger.net.sf.acegisecurity.ui=DEBUG, stdout, fileout
#log4j.logger.net.sf.acegisecurity.afterinvocation=DEBUG, stdout, fileout
#log4j.logger.net.sf.acegisecurity.ui.rmi=DEBUG, stdout, fileout
#log4j.logger.net.sf.acegisecurity.ui.httpinvoker=DEBUG, stdout, fileout
#log4j.logger.net.sf.acegisecurity.util=DEBUG, stdout, fileout
#log4j.logger.net.sf.acegisecurity.providers.dao=DEBUG, stdout, fileout
log4j.logger.sample.contact=DEBUG, stdout, fileout
# Console output...
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.conversionPattern=[%p,%c{1},%t] %m%n
# Rolling log file output...
log4j.appender.fileout=org.apache.log4j.RollingFileAppender
log4j.appender.fileout.File=contacts.log
#log4j.appender.fileout.File=${webapp.root}/WEB-INF/log4j.log
log4j.appender.fileout.MaxFileSize=1024KB
log4j.appender.fileout.MaxBackupIndex=1
log4j.appender.fileout.layout=org.apache.log4j.PatternLayout
log4j.appender.fileout.layout.conversionPattern=%d{ABSOLUTE} %5p %c{1},%t:%L - %m%n

6
samples/contacts-tiger/src/main/resources/messages.properties
View File

@ -1,6 +0,0 @@
err.name=Name 3-50 characters is required.
err.email=Email 3-50 characters is required.
err.permission=Permission is required.
err.recipient=Recipient is required.
err.permission.invalid=The indicated permission is invalid.
err.recipient.length=The recipient is too long (maximum 100 characters).

2
samples/contacts-tiger/src/main/webapp/common/WEB-INF/.cvsignore
View File

@ -1,2 +0,0 @@
lib

87
samples/contacts-tiger/src/main/webapp/common/WEB-INF/contacts-servlet.xml
View File

@ -1,87 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
- Application context definition for "contacts" DispatcherServlet.
-
- $Id$
-->
<beans>
<!-- ========================== WEB DEFINITIONS ======================= -->
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basename"><value>messages</value></property>
</bean>
<bean id="publicIndexController" class="sample.contact.PublicIndexController">
<property name="contactManager"><ref bean="contactManager"/></property>
</bean>
<bean id="secureIndexController" class="sample.contact.SecureIndexController">
<property name="contactManager"><ref bean="contactManager"/></property>
</bean>
<bean id="secureDeleteController" class="sample.contact.DeleteController">
<property name="contactManager"><ref bean="contactManager"/></property>
</bean>
<bean id="adminPermissionController" class="sample.contact.AdminPermissionController">
<property name="contactManager"><ref bean="contactManager"/></property>
<property name="aclService"><ref bean="aclService"/></property>
</bean>
<bean id="deletePermissionController" class="sample.contact.DeletePermissionController">
<property name="contactManager"><ref bean="contactManager"/></property>
<property name="aclService"><ref bean="aclService"/></property>
</bean>
<bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="/hello.htm">publicIndexController</prop>
<prop key="/secure/add.htm">secureAddForm</prop>
<prop key="/secure/index.htm">secureIndexController</prop>
<prop key="/secure/del.htm">secureDeleteController</prop>
<prop key="/secure/adminPermission.htm">adminPermissionController</prop>
<prop key="/secure/deletePermission.htm">deletePermissionController</prop>
<prop key="/secure/addPermission.htm">addPermissionForm</prop>
</props>
</property>
</bean>
<bean id="addValidator" class="sample.contact.WebContactValidator"/>
<bean id="addPermissionValidator" class="sample.contact.AddPermissionValidator"/>
<bean id="secureAddForm" class="sample.contact.WebContactAddController">
<property name="sessionForm"><value>true</value></property>
<property name="commandName"><value>webContact</value></property>
<property name="commandClass"><value>sample.contact.WebContact</value></property>
<property name="validator"><ref bean="addValidator"/></property>
<property name="formView"><value>add</value></property>
<property name="successView"><value>index.htm</value></property>
<property name="contactManager">
<ref bean="contactManager"/>
</property>
</bean>
<bean id="addPermissionForm" class="sample.contact.AddPermissionController">
<property name="sessionForm"><value>true</value></property>
<property name="commandName"><value>addPermission</value></property>
<property name="commandClass"><value>sample.contact.AddPermission</value></property>
<property name="validator"><ref bean="addPermissionValidator"/></property>
<property name="formView"><value>addPermission</value></property>
<property name="successView"><value>index.htm</value></property>
<property name="contactManager">
<ref bean="contactManager"/>
</property>
</bean>
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix"><value>/WEB-INF/jsp/</value></property>
<property name="suffix"><value>.jsp</value></property>
</bean>
</beans>

40
samples/contacts-tiger/src/main/webapp/common/WEB-INF/jsp/add.jsp
View File

@ -1,40 +0,0 @@
<%@ include file="/WEB-INF/jsp/include.jsp" %>
<html>
<head><title>Add New Contact</title></head>
<body>
<h1>Add Contact</h1>
<form method="post">
<table width="95%" bgcolor="f8f8ff" border="0" cellspacing="0" cellpadding="5">
<tr>
<td alignment="right" width="20%">Name:</td>
<spring:bind path="webContact.name">
<td width="20%">
<input type="text" name="name" value="<c:out value="${status.value}"/>">
</td>
<td width="60%">
<font color="red"><c:out value="${status.errorMessage}"/></font>
</td>
</spring:bind>
</tr>
<tr>
<td alignment="right" width="20%">Email:</td>
<spring:bind path="webContact.email">
<td width="20%">
<input type="text" name="email" value="<c:out value="${status.value}"/>">
</td>
<td width="60%">
<font color="red"><c:out value="${status.errorMessage}"/></font>
</td>
</spring:bind>
</tr>
</table>
<br>
<spring:hasBindErrors name="webContact">
<b>Please fix all errors!</b>
</spring:hasBindErrors>
<br><br>
<input name="execute" type="submit" alignment="center" value="Execute">
</form>
<a href="<c:url value="../hello.htm"/>">Home</a>
</body>
</html>

55
samples/contacts-tiger/src/main/webapp/common/WEB-INF/jsp/addPermission.jsp
View File

@ -1,55 +0,0 @@
<%@ include file="/WEB-INF/jsp/include.jsp" %>
<html>
<head><title>Add Permission</title></head>
<body>
<h1>Add Permission</h1>
<form method="post">
<table width="95%" bgcolor="f8f8ff" border="0" cellspacing="0" cellpadding="5">
<tr>
<td alignment="right" width="20%">Contact:</td>
<td width="60%"><c:out value="${addPermission.contact}"/></td>
</tr>
<tr>
<td alignment="right" width="20%">Recipient:</td>
<spring:bind path="addPermission.recipient">
<td width="20%">
<select name="<c:out value="${status.expression}"/>">
<c:forEach var="thisRecipient" items="${recipients}">
<option <c:if test="${thisRecipient.key == status.value}">selected</c:if> value="<c:out value="${thisRecipient.key}"/>">
<c:out value="${thisRecipient.value}"/></option>
</c:forEach>
</select>
</td>
<td width="60%">
<font color="red"><c:out value="${status.errorMessage}"/></font>
</td>
</spring:bind>
</tr>
<tr>
<td alignment="right" width="20%">Permission:</td>
<spring:bind path="addPermission.permission">
<td width="20%">
<select name="<c:out value="${status.expression}"/>">
<c:forEach var="thisPermission" items="${permissions}">
<option <c:if test="${thisPermission.key == status.value}">selected</c:if> value="<c:out value="${thisPermission.key}"/>">
<c:out value="${thisPermission.value}"/></option>
</c:forEach>
</select>
</td>
<td width="60%">
<font color="red"><c:out value="${status.errorMessage}"/></font>
</td>
</spring:bind>
</tr>
</table>
<br>
<spring:hasBindErrors name="webContact">
<b>Please fix all errors!</b>
</spring:hasBindErrors>
<br><br>
<input name="execute" type="submit" alignment="center" value="Execute">
</form>
<p>
<A HREF="<c:url value="adminPermission.htm"><c:param name="contactId" value="${addPermission.contact.id}"/></c:url>">Admin Permission</A> <a href="<c:url value="index.htm"/>">Manage</a>
</body>
</html>

28
samples/contacts-tiger/src/main/webapp/common/WEB-INF/jsp/adminPermission.jsp
View File

@ -1,28 +0,0 @@
<%@ include file="/WEB-INF/jsp/include.jsp" %>
<html>
<head><title>Administer Permissions</title></head>
<body>
<h1>Administer Permissions</h1>
<P>
<code>
<c:out value="${model.contact}"/>
</code>
<P>
<table cellpadding=3 border=0>
<c:forEach var="acl" items="${model.acl.entries}">
<tr>
<td>
<code>
<c:out value="${acl}"/>
</code>
</td>
<td>
<A HREF="<c:url value="deletePermission.htm"><c:param name="contactId" value="${model.contact.id}"/><c:param name="sid" value="${acl.sid.principal}"/><c:param name="permission" value="${acl.permission.mask}"/></c:url>">Del</A>
</td>
</tr>
</c:forEach>
</table>
<p><a href="<c:url value="addPermission.htm"><c:param name="contactId" value="${model.contact.id}"/></c:url>">Add Permission</a> <a href="<c:url value="index.htm"/>">Manage</a>
</body>
</html>

20
samples/contacts-tiger/src/main/webapp/common/WEB-INF/jsp/deletePermission.jsp
View File

@ -1,20 +0,0 @@
<%@ include file="/WEB-INF/jsp/include.jsp" %>
<html>
<head><title>Permission Deleted</title></head>
<body>
<h1>Permission Deleted</h1>
<P>
<code>
<c:out value="${model.contact}"/>
</code>
<P>
<code>
<c:out value="${model.sid}"/>
</code>
<code>
<c:out value="${model.permission}"/>
</code>
<p><a href="<c:url value="index.htm"/>">Manage</a>
</body>
</html>

13
samples/contacts-tiger/src/main/webapp/common/WEB-INF/jsp/deleted.jsp
View File

@ -1,13 +0,0 @@
<%@ include file="/WEB-INF/jsp/include.jsp" %>
<html>
<head><title>Deletion completed</title></head>
<body>
<h1>Deleted</h1>
<P>
<code>
<c:out value="${contact}"/>
</code>
<p><a href="<c:url value="index.htm"/>">Manage</a>
</body>
</html>

51
samples/contacts-tiger/src/main/webapp/common/WEB-INF/jsp/hello.jsp
View File

@ -1,51 +0,0 @@
<%@ include file="/WEB-INF/jsp/include.jsp" %>
<html>
<head><title>Contacts Security Demo</title></head>
<body>
<h1>Contacts Security Demo</h1>
<P>Contacts demonstrates the following central Acegi Security capabilities:
<ul>
<li><b>Role-based security</b>. Each principal is a member of certain roles,
which are used to restrict access to certain secure objects.</li>
<li><b>Domain object instance security</b>. The <code>Contact</code>, the
main domain object in the application, has an access control list (ACL)
that indicates who is allowed read, administer and delete the object.</li>
<li><b>Method invocation security</b>. The <code>ContactManager</code> service
layer bean has a number of secured (protected) and public (unprotected)
methods.</li>
<li><b>Web request security</b>. The <code>/secure</code> URI path is protected
by Acegi Security from principals not holding the
<code>ROLE_USER</code> granted authority.</li>
<li><b>Security unaware application objects</b>. None of the objects
are aware of the security being implemented by Acegi Security. *</li>
<li><b>Security taglib usage</b>. All of the JSPs use Acegi Security's
taglib to evaluate security information. *</li>
<li><b>Fully declarative security</b>. Every capability is configured in
the application context using standard Acegi Security classes. *</li>
<li><b>Database-sourced security data</b>. All of the user, role and ACL
information is obtained from an in-memory JDBC-compliant database.</li>
<li><b>Integrated form-based and BASIC authentication</b>. Any BASIC
authentication header is detected and used for authentication. Normal
interactive form-based authentication is used by default.</li>
<li><b>Remember-me services</b>. Acegi Security's pluggable remember-me
strategy is demonstrated, with a corresponding checkbox on the login form.</li>
</ul>
* As the application provides an "ACL Administration" use case, those
classes are necessarily aware of security. But no business use cases are.
<p>Please excuse the lack of look 'n' feel polish in this application.
It is about security, after all! :-)
<p>To demonstrate a public method on <code>ContactManager</code>,
here's a random <code>Contact</code>:
<p>
<code>
<c:out value="${contact}"/>
</code>
<p>Get started by clicking "Manage"...
<p><A HREF="<c:url value="secure/index.htm"/>">Manage</a>
<A HREF="<c:url value="secure/debug.jsp"/>">Debug</a>
</body>
</html>

5
samples/contacts-tiger/src/main/webapp/common/WEB-INF/jsp/include.jsp
View File

@ -1,5 +0,0 @@
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
<%@ taglib prefix="authz" uri="http://acegisecurity.org/authz" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jstl/fmt" %>

32
samples/contacts-tiger/src/main/webapp/common/WEB-INF/jsp/index.jsp
View File

@ -1,32 +0,0 @@
<%@ include file="/WEB-INF/jsp/include.jsp" %>
<html>
<head><title>Your Contacts</title></head>
<body>
<h1><authz:authentication operation="username"/>'s Contacts</h1>
<P>
<table cellpadding=3 border=0>
<tr><td><b>id</b></td><td><b>Name</b></td><td><b>Email</b></td></tr>
<c:forEach var="contact" items="${model.contacts}">
<tr>
<td>
<c:out value="${contact.id}"/>
</td>
<td>
<c:out value="${contact.name}"/>
</td>
<td>
<c:out value="${contact.email}"/>
</td>
<authz:accesscontrollist domainObject="${contact}" hasPermission="8,16">
<td><A HREF="<c:url value="del.htm"><c:param name="contactId" value="${contact.id}"/></c:url>">Del</A></td>
</authz:accesscontrollist>
<authz:accesscontrollist domainObject="${contact}" hasPermission="16">
<td><A HREF="<c:url value="adminPermission.htm"><c:param name="contactId" value="${contact.id}"/></c:url>">Admin Permission</A></td>
</authz:accesscontrollist>
</tr>
</c:forEach>
</table>
<p><a href="<c:url value="add.htm"/>">Add</a> <p><a href="<c:url value="../j_acegi_logout"/>">Logoff</a> (also clears any remember-me cookie)
</body>
</html>

54
samples/contacts-tiger/src/main/webapp/common/WEB-INF/remoting-servlet.xml
View File

@ -1,54 +0,0 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
- Contacts web application
- $Id$
-->
<beans>
<!-- RMI exporter for the ContactManager -->
<!-- This could just as easily have been in
applicationContext-common-business.xml, because it doesn't rely on
DispatcherServlet or indeed any other HTTP services. It's in this
application context simply for logical placement with other
remoting exporters. -->
<!-- COMMENTED OUT BY DEFAULT TO AVOID CONFLICTS WITH APPLICATION SERVERS
<bean id="contactManager-rmi" class="org.springframework.remoting.rmi.RmiServiceExporter">
<property name="service"><ref bean="contactManager"/></property>
<property name="serviceInterface">
<value>sample.contact.ContactManager</value>
</property>
<property name="serviceName"><value>contactManager</value></property>
<property name="registryPort"><value>1099</value></property>
</bean>
-->
<!-- HTTP invoker exporter for the ContactManager -->
<!-- Spring's HTTP invoker uses Java serialization via HTTP -->
<bean name="/ContactManager-httpinvoker" class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter">
<property name="service"><ref bean="contactManager"/></property>
<property name="serviceInterface">
<value>sample.contact.ContactManager</value>
</property>
</bean>
<!-- Hessian exporter for the ContactManager -->
<!-- Hessian is a slim binary HTTP remoting protocol -->
<bean name="/ContactManager-hessian" class="org.springframework.remoting.caucho.HessianServiceExporter">
<property name="service"><ref bean="contactManager"/></property>
<property name="serviceInterface">
<value>sample.contact.ContactManager</value>
</property>
</bean>
<!-- Burlap exporter for the ContactManager -->
<!-- Burlap is a slim XML-based HTTP remoting protocol -->
<bean name="/ContactManager-burlap" class="org.springframework.remoting.caucho.BurlapServiceExporter">
<property name="service"><ref bean="contactManager"/></property>
<property name="serviceInterface">
<value>sample.contact.ContactManager</value>
</property>
</bean>
</beans>

311
samples/contacts-tiger/src/main/webapp/common/WEB-INF/spring.tld
View File

@ -1,311 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE taglib PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.2//EN" "http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd">
<taglib>
<tlib-version>1.1.1</tlib-version>
<jsp-version>1.2</jsp-version>
<short-name>Spring</short-name>
<uri>http://www.springframework.org/tags</uri>
<description>Spring Framework JSP Tag Library. Authors: Rod Johnson, Juergen Hoeller</description>
<tag>
<name>htmlEscape</name>
<tag-class>org.springframework.web.servlet.tags.HtmlEscapeTag</tag-class>
<body-content>JSP</body-content>
<description>
Sets default HTML escape value for the current page.
Overrides a "defaultHtmlEscape" context-param in web.xml, if any.
</description>
<attribute>
<name>defaultHtmlEscape</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
<tag>
<name>escapeBody</name>
<tag-class>org.springframework.web.servlet.tags.EscapeBodyTag</tag-class>
<body-content>JSP</body-content>
<description>
Escapes its enclosed body content, applying HTML escaping and/or JavaScript escaping.
The HTML escaping flag participates in a page-wide or application-wide setting
(i.e. by HtmlEscapeTag or a "defaultHtmlEscape" context-param in web.xml).
</description>
<attribute>
<name>htmlEscape</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>javaScriptEscape</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
<tag>
<name>message</name>
<tag-class>org.springframework.web.servlet.tags.MessageTag</tag-class>
<body-content>JSP</body-content>
<description>
Retrieves the message with the given code, or text if code isn't resolvable.
The HTML escaping flag participates in a page-wide or application-wide setting
(i.e. by HtmlEscapeTag or a "defaultHtmlEscape" context-param in web.xml).
</description>
<attribute>
<name>code</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>arguments</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>text</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>var</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>scope</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>htmlEscape</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>javaScriptEscape</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
<tag>
<name>theme</name>
<tag-class>org.springframework.web.servlet.tags.ThemeTag</tag-class>
<body-content>JSP</body-content>
<description>
Retrieves the theme message with the given code, or text if code isn't resolvable.
The HTML escaping flag participates in a page-wide or application-wide setting
(i.e. by HtmlEscapeTag or a "defaultHtmlEscape" context-param in web.xml).
</description>
<attribute>
<name>code</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>arguments</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>text</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>var</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>scope</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>htmlEscape</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>javaScriptEscape</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
<tag>
<name>hasBindErrors</name>
<tag-class>org.springframework.web.servlet.tags.BindErrorsTag</tag-class>
<body-content>JSP</body-content>
<description>
Provides Errors instance in case of bind errors.
The HTML escaping flag participates in a page-wide or application-wide setting
(i.e. by HtmlEscapeTag or a "defaultHtmlEscape" context-param in web.xml).
</description>
<variable>
<name-given>errors</name-given>
<variable-class>org.springframework.validation.Errors</variable-class>
</variable>
<attribute>
<name>name</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>htmlEscape</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
<tag>
<name>nestedPath</name>
<tag-class>org.springframework.web.servlet.tags.NestedPathTag</tag-class>
<body-content>JSP</body-content>
<description>
Sets a nested path to be used by the bind tag's path.
</description>
<variable>
<name-given>nestedPath</name-given>
<variable-class>java.lang.String</variable-class>
</variable>
<attribute>
<name>path</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
<tag>
<name>bind</name>
<tag-class>org.springframework.web.servlet.tags.BindTag</tag-class>
<body-content>JSP</body-content>
<description>
Provides BindStatus object for the given bind path.
The HTML escaping flag participates in a page-wide or application-wide setting
(i.e. by HtmlEscapeTag or a "defaultHtmlEscape" context-param in web.xml).
</description>
<variable>
<name-given>status</name-given>
<variable-class>org.springframework.web.servlet.support.BindStatus</variable-class>
</variable>
<attribute>
<name>path</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>ignoreNestedPath</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>htmlEscape</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
<tag>
<name>transform</name>
<tag-class>org.springframework.web.servlet.tags.TransformTag</tag-class>
<body-content>JSP</body-content>
<description>
Provides transformation of variables to Strings, using an appropriate
custom PropertyEditor from BindTag (can only be used inside BindTag).
The HTML escaping flag participates in a page-wide or application-wide setting
(i.e. by HtmlEscapeTag or a "defaultHtmlEscape" context-param in web.xml).
</description>
<attribute>
<name>value</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>var</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>scope</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>htmlEscape</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
</taglib>

4
samples/contacts-tiger/src/main/webapp/common/index.jsp
View File

@ -1,4 +0,0 @@
<%@ include file="/WEB-INF/jsp/include.jsp" %>
<%-- Redirected because we can't set the welcome page to a virtual URL. --%>
<c:redirect url="/hello.htm"/>

9
samples/contacts-tiger/src/main/webapp/common/logoff.jsp
View File

@ -1,9 +0,0 @@
<%@ page import="javax.servlet.http.Cookie" %>
<%@ page import="net.sf.acegisecurity.ui.rememberme.TokenBasedRememberMeServices" %>
<%
session.invalidate();
Cookie terminate = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY, null);
terminate.setMaxAge(0);
response.addCookie(terminate);
response.sendRedirect("index.jsp");
%>

28
samples/contacts-tiger/src/main/webapp/common/secure/debug.jsp
View File

@ -1,28 +0,0 @@
<%@ page import="net.sf.acegisecurity.context.SecurityContextHolder" %>
<%@ page import="net.sf.acegisecurity.Authentication" %>
<%@ page import="net.sf.acegisecurity.GrantedAuthority" %>
<%@ page import="net.sf.acegisecurity.adapters.AuthByAdapter" %>
<%
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) { %>
Authentication object is of type: <%= auth.getClass().getName() %><BR><BR>
Authentication object as a String: <%= auth.toString() %><BR><BR>
Authentication object holds the following granted authorities:<BR><BR>
<% GrantedAuthority[] granted = auth.getAuthorities();
for (int i = 0; i < granted.length; i++) { %>
<%= granted[i].toString() %> (getAuthority(): <%= granted[i].getAuthority() %>)<BR>
<% }
if (auth instanceof AuthByAdapter) { %>
<BR><B>SUCCESS! Your container adapter appears to be properly configured!</B><BR><BR>
<% } else { %>
<BR><B>SUCCESS! Your web filters appear to be properly configured!</B><BR>
<% }
} else { %>
Authentication object is null.<BR>
This is an error and your Acegi Security application will not operate properly until corrected.<BR><BR>
<% }
%>

212
samples/contacts-tiger/src/main/webapp/filter/WEB-INF/applicationContext-acegi-security.xml
View File

@ -1,212 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
- Application context containing authentication, channel
- security and web URI beans.
-
- Only used by "filter" artifact.
-
- $Id$
-->
<beans>
<!-- ======================== FILTER CHAIN ======================= -->
<!-- if you wish to use channel security, add "channelProcessingFilter," in front
of "httpSessionContextIntegrationFilter" in the list below -->
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,switchUserProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<!-- ======================== AUTHENTICATION ======================= -->
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<ref local="anonymousAuthenticationProvider"/>
<ref local="rememberMeAuthenticationProvider"/>
</list>
</property>
</bean>
<bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource"><ref bean="dataSource"/></property>
</bean>
<bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService"><ref local="jdbcDaoImpl"/></property>
<property name="userCache"><ref local="userCache"/></property>
<property name="passwordEncoder"><ref local="passwordEncoder"/></property>
</bean>
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
<bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<ref local="cacheManager"/>
</property>
<property name="cacheName">
<value>userCache</value>
</property>
</bean>
<bean id="userCache" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache"><ref local="userCacheBackend"/></property>
</bean>
<!-- Automatically receives AuthenticationEvent messages -->
<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
<bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
</bean>
<bean id="basicProcessingFilterEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName"><value>Contacts Realm</value></property>
</bean>
<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key"><value>foobar</value></property>
<property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
</bean>
<bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key"><value>foobar</value></property>
</bean>
<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
</bean>
<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="rememberMeServices"><ref local="rememberMeServices"/></property>
</bean>
<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService"><ref local="jdbcDaoImpl"/></property>
<property name="key"><value>springRocks</value></property>
</bean>
<bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key"><value>springRocks</value></property>
</bean>
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
<constructor-arg>
<list>
<ref bean="rememberMeServices"/>
<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>
<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
<!-- You will need to uncomment the "Acegi Channel Processing Filter"
<filter-mapping> in web.xml for the following beans to be used -->
<bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager"><ref local="channelDecisionManager"/></property>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/secure/.*\Z=REQUIRES_SECURE_CHANNEL
\A/acegilogin.jsp.*\Z=REQUIRES_SECURE_CHANNEL
\A/j_acegi_security_check.*\Z=REQUIRES_SECURE_CHANNEL
\A.*\Z=REQUIRES_INSECURE_CHANNEL
</value>
</property>
</bean>
<bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref local="secureChannelProcessor"/>
<ref local="insecureChannelProcessor"/>
</list>
</property>
</bean>
<bean id="secureChannelProcessor" class="org.acegisecurity.securechannel.SecureChannelProcessor"/>
<bean id="insecureChannelProcessor" class="org.acegisecurity.securechannel.InsecureChannelProcessor"/>
<!-- ===================== HTTP REQUEST SECURITY ==================== -->
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
<property name="accessDeniedHandler">
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp"/>
</bean>
</property>
</bean>
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
<property name="defaultTargetUrl"><value>/</value></property>
<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
<property name="rememberMeServices"><ref local="rememberMeServices"/></property>
</bean>
<bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl"><value>/acegilogin.jsp</value></property>
<property name="forceHttps"><value>false</value></property>
</bean>
<bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
</list>
</property>
</bean>
<!-- Note the order that entries are placed against the objectDefinitionSource is critical.
The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/index.jsp=ROLE_ANONYMOUS,ROLE_USER
/hello.htm=ROLE_ANONYMOUS,ROLE_USER
/logoff.jsp=ROLE_ANONYMOUS,ROLE_USER
/switchuser.jsp=ROLE_SUPERVISOR
/j_acegi_switch_user=ROLE_SUPERVISOR
/acegilogin.jsp*=ROLE_ANONYMOUS,ROLE_USER
/**=ROLE_USER
</value>
</property>
</bean>
<!-- Filter used to switch the user context. Note: the switch and exit url must be secured
based on the role granted the ability to 'switch' to another user -->
<!-- In this example 'marissa' has ROLE_SUPERVISOR that can switch to regular ROLE_USER(s) -->
<bean id="switchUserProcessingFilter" class="org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter">
<property name="userDetailsService" ref="jdbcDaoImpl" />
<property name="switchUserUrl"><value>/j_acegi_switch_user</value></property>
<property name="exitUserUrl"><value>/j_acegi_exit_user</value></property>
<property name="targetUrl"><value>/acegi-security-sample-contacts-filter/secure/index.htm</value></property>
</bean>
</beans>

227
samples/contacts-tiger/src/main/webapp/filter/WEB-INF/applicationContext-annotations.xml
View File

@ -1,227 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
- Application context containing authentication beans.
-
- $Id$
-->
<beans>
<!-- ~~~~~~~~~~~~~~~~~~ "BEFORE INVOCATION" AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~ -->
<!-- ACL permission masks used by this application -->
<bean id="org.acegisecurity.acls.domain.BasePermission.ADMINISTRATION" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
<property name="staticField"><value>org.acegisecurity.acls.domain.BasePermission.ADMINISTRATION</value></property>
</bean>
<bean id="org.acegisecurity.acls.domain.BasePermission.READ" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
<property name="staticField"><value>org.acegisecurity.acls.domain.BasePermission.READ</value></property>
</bean>
<bean id="org.acegisecurity.acls.domain.BasePermission.DELETE" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
<property name="staticField"><value>org.acegisecurity.acls.domain.BasePermission.DELETE</value></property>
</bean>
<!-- An access decision voter that reads ROLE_* configuration settings -->
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/>
<!-- An access decision voter that reads ACL_CONTACT_READ configuration settings -->
<bean id="aclContactReadVoter" class="org.acegisecurity.vote.AclEntryVoter">
<constructor-arg>
<ref bean="aclService"/>
</constructor-arg>
<constructor-arg>
<value>ACL_CONTACT_READ</value>
</constructor-arg>
<constructor-arg>
<list>
<ref local="org.acegisecurity.acls.domain.BasePermission.ADMINISTRATION"/>
<ref local="org.acegisecurity.acls.domain.BasePermission.READ"/>
</list>
</constructor-arg>
<property name="processDomainObjectClass"><value>sample.contact.Contact</value></property>
</bean>
<!-- An access decision voter that reads ACL_CONTACT_DELETE configuration settings -->
<bean id="aclContactDeleteVoter" class="org.acegisecurity.vote.AclEntryVoter">
<constructor-arg>
<ref bean="aclService"/>
</constructor-arg>
<constructor-arg>
<value>ACL_CONTACT_DELETE</value>
</constructor-arg>
<constructor-arg>
<list>
<ref local="org.acegisecurity.acls.domain.BasePermission.ADMINISTRATION"/>
<ref local="org.acegisecurity.acls.domain.BasePermission.DELETE"/>
</list>
</constructor-arg>
<property name="processDomainObjectClass"><value>sample.contact.Contact</value></property>
</bean>
<!-- An access decision voter that reads ACL_CONTACT_ADMIN configuration settings -->
<bean id="aclContactAdminVoter" class="org.acegisecurity.vote.AclEntryVoter">
<constructor-arg>
<ref bean="aclService"/>
</constructor-arg>
<constructor-arg>
<value>ACL_CONTACT_ADMIN</value>
</constructor-arg>
<constructor-arg>
<list>
<ref local="org.acegisecurity.acls.domain.BasePermission.ADMINISTRATION"/>
</list>
</constructor-arg>
<property name="processDomainObjectClass"><value>sample.contact.Contact</value></property>
</bean>
<!-- An access decision manager used by the business objects -->
<bean id="businessAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters">
<list>
<ref local="roleVoter"/>
<ref local="aclContactReadVoter"/>
<ref local="aclContactDeleteVoter"/>
<ref local="aclContactAdminVoter"/>
</list>
</property>
</bean>
<!-- ========= ACCESS CONTROL LIST LOOKUP MANAGER DEFINITIONS ========= -->
<bean id="aclCache" class="org.acegisecurity.acls.jdbc.EhCacheBasedAclCache">
<constructor-arg>
<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
</property>
<property name="cacheName">
<value>aclCache</value>
</property>
</bean>
</constructor-arg>
</bean>
<bean id="lookupStrategy" class="org.acegisecurity.acls.jdbc.BasicLookupStrategy">
<constructor-arg ref="dataSource"/>
<constructor-arg ref="aclCache"/>
<constructor-arg ref="aclAuthorizationStrategy"/>
<constructor-arg>
<bean class="org.acegisecurity.acls.domain.ConsoleAuditLogger"/>
</constructor-arg>
</bean>
<bean id="aclAuthorizationStrategy" class="org.acegisecurity.acls.domain.AclAuthorizationStrategyImpl">
<constructor-arg>
<list>
<bean class="org.acegisecurity.GrantedAuthorityImpl">
<constructor-arg value="ROLE_ADMINISTRATOR"/>
</bean>
<bean class="org.acegisecurity.GrantedAuthorityImpl">
<constructor-arg value="ROLE_ADMINISTRATOR"/>
</bean>
<bean class="org.acegisecurity.GrantedAuthorityImpl">
<constructor-arg value="ROLE_ADMINISTRATOR"/>
</bean>
</list>
</constructor-arg>
</bean>
<bean id="aclService" class="org.acegisecurity.acls.jdbc.JdbcMutableAclService">
<constructor-arg ref="dataSource"/>
<constructor-arg ref="lookupStrategy"/>
<constructor-arg ref="aclCache"/>
</bean>
<!-- ============== "AFTER INTERCEPTION" AUTHORIZATION DEFINITIONS =========== -->
<bean id="afterInvocationManager" class="org.acegisecurity.afterinvocation.AfterInvocationProviderManager">
<property name="providers">
<list>
<ref local="afterAclRead"/>
<ref local="afterAclCollectionRead"/>
</list>
</property>
</bean>
<!-- Processes AFTER_ACL_COLLECTION_READ configuration settings -->
<bean id="afterAclCollectionRead" class="org.acegisecurity.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider">
<constructor-arg>
<ref bean="aclService"/>
</constructor-arg>
<constructor-arg>
<list>
<ref local="org.acegisecurity.acls.domain.BasePermission.ADMINISTRATION"/>
<ref local="org.acegisecurity.acls.domain.BasePermission.READ"/>
</list>
</constructor-arg>
</bean>
<!-- Processes AFTER_ACL_READ configuration settings -->
<bean id="afterAclRead" class="org.acegisecurity.afterinvocation.AclEntryAfterInvocationProvider">
<constructor-arg>
<ref bean="aclService"/>
</constructor-arg>
<constructor-arg>
<list>
<ref local="org.acegisecurity.acls.domain.BasePermission.ADMINISTRATION"/>
<ref local="org.acegisecurity.acls.domain.BasePermission.READ"/>
</list>
</constructor-arg>
</bean>
<!-- ================= METHOD INVOCATION AUTHORIZATION ==================== -->
<bean id="attributes" class="org.acegisecurity.annotation.SecurityAnnotationAttributes"/>
<bean id="objectDefinitionSource" class="org.acegisecurity.intercept.method.MethodDefinitionAttributes">
<property name="attributes"><ref local="attributes"/></property>
</bean>
<!-- We don't validate config attributes, as it's unsupported by MethodDefinitionAttributes -->
<bean id="securityInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="validateConfigAttributes"><value>false</value></property>
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
<property name="afterInvocationManager"><ref bean="afterInvocationManager"/></property>
<property name="objectDefinitionSource"><ref bean="objectDefinitionSource"/></property>
</bean>
<!--
This bean is a postprocessor that will automatically apply relevant advisors
to any bean in child factories.
-->
<bean id="autoproxy"
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator">
</bean>
<!--
AOP advisor that will automatically wire the MethodSecurityInterceptor (above)
The configuration attributes used are obtained from the securityInterceptor.objectDefinitionSouce,
which in the above configuration is a JDK 5 Annotations Attributes-based source.
-->
<bean id="methodSecurityAdvisor"
class="org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor"
autowire="constructor" >
</bean>
<!--
AOP advisor used for declarative transaction management
-->
<bean class="org.springframework.transaction.interceptor.TransactionAttributeSourceAdvisor">
<property name="transactionInterceptor" ref="transactionInterceptor"/>
</bean>
<!--
Transaction interceptor to use for auto-proxy creation
-->
<bean id="transactionInterceptor" class="org.springframework.transaction.interceptor.TransactionInterceptor">
<property name="transactionManager" ref="transactionManager"/>
<property name="transactionAttributeSource">
<bean class="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource"/>
</property>
</bean>
</beans>

50
samples/contacts-tiger/src/main/webapp/filter/WEB-INF/applicationContext-business.xml
View File

@ -1,50 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
- Application context containing business beans.
-
- Used by all artifacts.
-
- $Id$
-->
<beans>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:mem:contacts</value>
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource"><ref local="dataSource"/></property>
</bean>
<bean id="dataSourcePopulator" class="sample.contact.DataSourcePopulator">
<property name="dataSource" ref="dataSource"/>
<property name="mutableAclService" ref="aclService"/>
<property name="platformTransactionManager" ref="transactionManager"/>
</bean>
<bean id="contactDao" class="sample.contact.ContactDaoSpring">
<property name="dataSource"><ref local="dataSource"/></property>
</bean>
<!-- Advised Contact Manager using Java 5 Annotations -->
<bean id="contactManager" class="sample.contact.annotation.ContactManagerBackend">
<property name="contactDao"><ref local="contactDao"/></property>
<property name="mutableAclService"><ref bean="aclService"/></property>
</bean>
</beans>

107
samples/contacts-tiger/src/main/webapp/filter/WEB-INF/web.xml
View File

@ -1,107 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
<!--
- Contacts web application using Java 5 Annotations
-
- web.xml for "filter" artifact only.
-
- $Id$
-->
<web-app>
<display-name>Contacts Sample Application</display-name>
<!--
- Location of the XML file that defines the root application context
- Applied by ContextLoaderListener.
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-acegi-security.xml
/WEB-INF/applicationContext-business.xml
/WEB-INF/applicationContext-annotations.xml
</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/classes/log4j.properties</param-value>
</context-param>
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.acegisecurity.util.FilterChainProxy</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
- Loads the root application context of this web app at startup.
- The application context is then available via
- WebApplicationContextUtils.getWebApplicationContext(servletContext).
-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!--
The HttpSessionEventPublisher will publish
HttpSessionCreatedEvent and HttpSessionDestroyedEvent
to the WebApplicationContext
-->
<listener>
<listener-class>org.acegisecurity.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
<!--
- Provides core MVC application controller. See contacts-servlet.xml.
-->
<servlet>
<servlet-name>contacts</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!--
- Provides web services endpoint. See remoting-servlet.xml.
-->
<servlet>
<servlet-name>remoting</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>contacts</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>remoting</servlet-name>
<url-pattern>/remoting/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<taglib>
<taglib-uri>/spring</taglib-uri>
<taglib-location>/WEB-INF/spring.tld</taglib-location>
</taglib>
</web-app>

16
samples/contacts-tiger/src/main/webapp/filter/accessDenied.jsp
View File

@ -1,16 +0,0 @@
<%@ page import="org.acegisecurity.context.SecurityContextHolder" %>
<%@ page import="org.acegisecurity.Authentication" %>
<%@ page import="org.acegisecurity.ui.AccessDeniedHandlerImpl" %>
<h1>Sorry, access is denied</h1>
<p>
<%= request.getAttribute(AccessDeniedHandlerImpl.ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY)%>
<p>
<% Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) { %>
Authentication object as a String: <%= auth.toString() %><BR><BR>
<% } %>

48
samples/contacts-tiger/src/main/webapp/filter/acegilogin.jsp
View File

@ -1,48 +0,0 @@
<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core' %>
<%@ page import="org.acegisecurity.ui.AbstractProcessingFilter" %>
<%@ page import="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter" %>
<%@ page import="org.acegisecurity.AuthenticationException" %>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1>Login</h1>
<P>Valid users:
<P>
<P>username <b>marissa</b>, password <b>koala</b>
<P>username <b>dianne</b>, password <b>emu</b>
<p>username <b>scott</b>, password <b>wombat</b>
<p>username <b>peter</b>, password <b>opal</b> (user disabled)
<p>username <b>bill</b>, password <b>wombat</b>
<p>username <b>bob</b>, password <b>wombat</b>
<p>username <b>jane</b>, password <b>wombat</b>
<p>
<%-- this form-login-page form is also used as the
form-error-page to ask for a login again.
--%>
<c:if test="${not empty param.login_error}">
<font color="red">
Your login attempt was not successful, try again.<BR><BR>
Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
</font>
</c:if>
<form action="<c:url value='j_acegi_security_check'/>" method="POST">
<table>
<tr><td>User:</td><td><input type='text' name='j_username' <c:if test="${not empty param.login_error}">value='<%= session.getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_USERNAME_KEY) %>'</c:if>></td></tr>
<tr><td>Password:</td><td><input type='password' name='j_password'></td></tr>
<tr><td><input type="checkbox" name="_acegi_security_remember_me"></td><td>Don't ask for my password for two weeks</td></tr>
<tr><td colspan='2'><input name="submit" type="submit"></td></tr>
<tr><td colspan='2'><input name="reset" type="reset"></td></tr>
</table>
</form>
</body>
</html>

45
samples/contacts-tiger/src/main/webapp/filter/exitUser.jsp
View File

@ -1,45 +0,0 @@
<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core' %>
<%@ page import="org.acegisecurity.context.SecurityContextHolder" %>
<%@ page import="org.acegisecurity.Authentication" %>
<%@ page import="org.acegisecurity.ui.AbstractProcessingFilter" %>
<%@ page import="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter" %>
<%@ page import="org.acegisecurity.AuthenticationException" %>
<html>
<head>
<title>Exit User</title>
</head>
<body>
<h1>Exit User</h1>
<c:if test="${not empty param.login_error}">
<font color="red">
Your 'Exit User' attempt was not successful, try again.<BR><BR>
Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
</font>
</c:if>
<form action="<c:url value='j_acegi_exit_user'/>" method="POST">
<table>
<tr><td>Current User:</td><td>
<%
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) { %>
<%= auth.getPrincipal().toString() %>
<% } %>
</td></tr>
<tr><td colspan='2'><input name="exit" type="submit" value="Exit"></td></tr>
</table>
</form>
</body>
</html>

43
samples/contacts-tiger/src/main/webapp/filter/switchUser.jsp
View File

@ -1,43 +0,0 @@
<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core' %>
<%@ page import="org.acegisecurity.ui.AbstractProcessingFilter" %>
<%@ page import="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter" %>
<%@ page import="org.acegisecurity.AuthenticationException" %>
<html>
<head>
<title>Switch User</title>
</head>
<body>
<h1>Switch to User</h1>
<P>Valid users:
<P>
<P>username <b>marissa</b>, password <b>koala</b>
<P>username <b>dianne</b>, password <b>emu</b>
<p>username <b>scott</b>, password <b>wombat</b>
<p>username <b>bill</b>, password <b>wombat</b>
<p>username <b>bob</b>, password <b>wombat</b>
<p>username <b>jane</b>, password <b>wombat</b>
<p>
<%-- this form-login-page form is also used as the
form-error-page to ask for a login again.
--%>
<c:if test="${not empty param.login_error}">
<font color="red">
Your 'su' attempt was not successful, try again.<BR><BR>
Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
</font>
</c:if>
<form action="<c:url value='j_acegi_switch_user'/>" method="POST">
<table>
<tr><td>User:</td><td><input type='text' name='j_username'></td></tr>
<tr><td colspan='2'><input name="switch" type="submit" value="Switch to User"></td></tr>
</table>
</form>
</body>
</html>