Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-08 19:42:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1650: Updates and corrections to tutorial sample to fit better with new tutorial.

Browse Source
This commit is contained in:
Luke Taylor 2011-05-03 22:23:55 +01:00
parent 685f12c5a0
commit 80fd96df6d
5 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
samples/tutorial/src/main/java/bigbank/BankService.java
View File

@ -10,7 +10,7 @@ public interface BankService {
public Account[] findAccounts(); public Account[] findAccounts();
@PreAuthorize( @PreAuthorize(
"hasRole('ROLE_SUPERVISOR') or " + "hasRole('supervisor') or " +
"hasRole('ROLE_TELLER') and (#account.balance + #amount >= -#account.overdraft)" ) "hasRole('teller') and (#account.balance + #amount >= -#account.overdraft)" )
public Account post(Account account, double amount); public Account post(Account account, double amount);
} }

4
samples/tutorial/src/main/java/bigbank/BankServiceImpl.java
View File

@ -17,9 +17,9 @@ public class BankServiceImpl implements BankService {
public Account post(Account account, double amount) { public Account post(Account account, double amount) {
Assert.notNull(account); Assert.notNull(account);
// We read account bank from DAO so it reflects the latest balance // We read account back from DAO so it reflects the latest balance
Account a = bankDao.readAccount(account.getId()); Account a = bankDao.readAccount(account.getId());
if (account == null) { if (a == null) {
throw new IllegalArgumentException("Couldn't find requested account"); throw new IllegalArgumentException("Couldn't find requested account");
} }

14
samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml
View File

@ -18,7 +18,7 @@
<http pattern="/loggedout.jsp" security="none"/> <http pattern="/loggedout.jsp" security="none"/>
<http use-expressions="true"> <http use-expressions="true">
<intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_SUPERVISOR')"/> <intercept-url pattern="/secure/extreme/**" access="hasRole('supervisor')"/>
<intercept-url pattern="/secure/**" access="isAuthenticated()" /> <intercept-url pattern="/secure/**" access="isAuthenticated()" />
<!-- <!--
Allow all other requests. In a real application you should Allow all other requests. In a real application you should
@ -46,14 +46,16 @@
scott/wombat scott/wombat
peter/opal peter/opal
--> -->
<beans:bean id="encoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder"/>
<authentication-manager> <authentication-manager>
<authentication-provider> <authentication-provider>
<password-encoder hash="md5"/> <password-encoder ref="encoder"/>
<user-service> <user-service>
<user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" /> <user name="rod" password="4efe081594ce25ee4efd9f7067f7f678a347bccf2de201f3adf2a3eb544850b465b4e51cdc3fcdde" authorities="supervisor, user, teller" />
<user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" /> <user name="dianne" password="957ea522524a41cbfb649a3e293d56268f840fd5b661b499b07858bc020d6d223f912e3ab303b00f" authorities="user,teller" />
<user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" /> <user name="scott" password="fb1f9e48058d30dc21c35ab4cf895e2a80f2f03fac549b51be637196dfb6b2b7276a89c65e38b7a1" authorities="user" />
<user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" /> <user name="peter" password="e175750688deee19d7179d444bfaf92129f4eea8b4503d83eb8f92a7dd9cda5fbae73638c913e420" authorities="user" />
</user-service> </user-service>
</authentication-provider> </authentication-provider>
</authentication-manager> </authentication-manager>

4
samples/tutorial/src/main/webapp/WEB-INF/web.xml
View File

@ -39,8 +39,6 @@
<!-- <!--
- Loads the root application context of this web app at startup. - Loads the root application context of this web app at startup.
- The application context is then available via
- WebApplicationContextUtils.getWebApplicationContext(servletContext).
--> -->
<listener> <listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
@ -55,7 +53,7 @@
</listener> </listener>
<!-- <!--
- Provides core MVC application controller. See contacts-servlet.xml. - Provides core MVC application controller. See bank-servlet.xml.
--> -->
<servlet> <servlet>
<servlet-name>bank</servlet-name> <servlet-name>bank</servlet-name>

2
samples/tutorial/src/main/webapp/secure/index.jsp
View File

@ -28,6 +28,7 @@ or if you've authenticated this session.
<tr> <tr>
<td>&lt;sec:authentication property='name' /&gt;</td><td><sec:authentication property="name"/></td> <td>&lt;sec:authentication property='name' /&gt;</td><td><sec:authentication property="name"/></td>
</tr> </tr>
<sec:authorize access="isAuthenticated()">
<tr> <tr>
<td>&lt;sec:authentication property='principal.username' /&gt;</td><td><sec:authentication property="principal.username"/></td> <td>&lt;sec:authentication property='principal.username' /&gt;</td><td><sec:authentication property="principal.username"/></td>
</tr> </tr>
@ -37,6 +38,7 @@ or if you've authenticated this session.
<tr> <tr>
<td>&lt;sec:authentication property='principal.accountNonLocked' /&gt;</td><td><sec:authentication property="principal.accountNonLocked"/></td> <td>&lt;sec:authentication property='principal.accountNonLocked' /&gt;</td><td><sec:authentication property="principal.accountNonLocked"/></td>
</tr> </tr>
</sec:authorize>
</table> </table>