Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-30 00:32:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added 'heavyduty' sample to sandbox for testing

Browse Source
This commit is contained in:
Luke Taylor 2008-04-23 13:11:26 +00:00
parent 01185475a1
commit c184d2d8c5
41 changed files with 1592 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sandbox/heavyduty/certificates/Readme.txt Executable file
View File

@ -0,0 +1,10 @@
This directory contains certificates and keys for use with SSL in the sample applications. Certificates are issued by
our "Spring Security Test CA" certificate authority.
ca.pem - the certificate authority's certificate.
server.jks - Java keystore containing the server certificate and privatekey. It Also contains the certificate authority
file and this is used as both keystore and truststore for they jetty server when running the samples with
the maven jetty plugin ("mvn jetty:run").
rod.p12, dianne.p12, scott.p12 are all certificate/key combinations for client authentication and can be installed in
your browser if you want to try out support for X.509 authentication.

22
sandbox/heavyduty/certificates/ca.pem Executable file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIEMKX1dzANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMC
R0IxETAPBgNVBAgTCFNjb3RsYW5kMRAwDgYDVQQHEwdHbGFzZ293MRkwFwYDVQQK
ExBTcHJpbmcgRnJhbWV3b3JrMRgwFgYDVQQLEw9TcHJpbmcgU2VjdXJpdHkxIDAe
BgNVBAMTF1NwcmluZyBTZWN1cml0eSBUZXN0IENBMB4XDTA4MDEyNTExMTIyMVoX
DTE4MDIyNTAwMDAwMFowgYkxCzAJBgNVBAYTAkdCMREwDwYDVQQIEwhTY290bGFu
ZDEQMA4GA1UEBxMHR2xhc2dvdzEZMBcGA1UEChMQU3ByaW5nIEZyYW1ld29yazEY
MBYGA1UECxMPU3ByaW5nIFNlY3VyaXR5MSAwHgYDVQQDExdTcHJpbmcgU2VjdXJp
dHkgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzl/wEe
snYrwqaGZuB8hmwACtptazh1+eXCfd66FkioxlLF7yTnjCC7DT+vmMgSuThIEIsN
xlxLpEgyU3bU8GIuR8wyYIyvuSMcptdFJLV7NKYuRycxpDuqimTM7Br0nfNgKVEv
1QwguGWr6YN3aZ68/xe/D5xyPhakKu++7VFXIXw9f0+nqojdrFTqQ6l9GAVRgfX6
h4JOaV1VFx83y2pnFj0iFneVxRcvXyWnyXlcOvJDIyVuyS/hYxb+E5rtBvp5XQ0o
5CP4OMwCZGx/jEqlL8oO7BwEgu9aEBxKvoIKJmHDTHgWIxgawTrKabmong4utnMI
yNrhsI77bmh2U7UCAwEAAaMQMA4wDAYDVR0PBAUDAwcGADANBgkqhkiG9w0BAQUF
AAOCAQEAuD8W9Ukkfyi0y65mwguFVAqBC3RSTMRXcjbLQV4rMDM/Q9kjA6acY4Ta
WgxGTwNCydqaqwDVsmn+6Je8Lp2xm9KLDLypVdNopGs+Mlfo55dhwqymXkQw1oJI
CPhR3nBmGEnSWW0UY9bPlpxRF2D5GDVwpuxDtXvWa4baPwRRI9MxwPWHA3ITl+fc
s9QVKy+pRAnuP9MSIp755cJ1CODOn2ElNCqnxxsZmcWcmI3LkHAwTmegl3PVvhrk
MKMEA/neshh/M/hWGNTFt77Hoa7pU9dv5RCWFvZPqsUgPrwGrmUvcmSDir3lSWQm
SuSED2LKVo+BFqwWS+jp49AR9b8B/Q==
-----END CERTIFICATE-----

BIN
sandbox/heavyduty/certificates/dianne.p12 Executable file
View File

Binary file not shown.

BIN
sandbox/heavyduty/certificates/rod.p12 Executable file
View File

Binary file not shown.

BIN
sandbox/heavyduty/certificates/scott.p12 Executable file
View File

Binary file not shown.

BIN
sandbox/heavyduty/certificates/server.jks Executable file
View File

Binary file not shown.

166
sandbox/heavyduty/pom.xml Executable file
View File

@ -0,0 +1,166 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-heavyduty</artifactId>
<name>Spring Security - Heavy Duty Sample</name>
<packaging>war</packaging>
<version>2.0.0</version>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core-tiger</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<scope>runtime</scope>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<scope>runtime</scope>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>1.8.0.7</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>3.3.2.GA</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>1.3.0</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<optional>true</optional>
<version>1.5.4</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>1.5.4</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<scope>provided</scope>
<version>2.4</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<scope>runtime</scope>
<version>1.1.2</version>
</dependency>
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<scope>runtime</scope>
<version>1.1.2</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<scope>runtime</scope>
<version>1.2.14</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.5</source>
<target>1.5</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-eclipse-plugin</artifactId>
<version>2.5.1</version>
<configuration>
<downloadSources>true</downloadSources>
<wtpversion>2.0</wtpversion>
</configuration>
</plugin>
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty-plugin</artifactId>
<version>6.1.7</version>
<configuration>
<contextPath>/tutorial</contextPath>
<connectors>
<connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
<port>8080</port>
<confidentialPort>8443</confidentialPort>
</connector>
<connector implementation="org.mortbay.jetty.security.SslSocketConnector">
<port>8443</port>
<keystore>certificates/server.jks</keystore>
<password>password</password>
<keyPassword>password</keyPassword>
<truststore>certificates/server.jks</truststore>
<trustPassword>password</trustPassword>
<wantClientAuth>true</wantClientAuth>
<needClientAuth>false</needClientAuth>
</connector>
</connectors>
</configuration>
</plugin>
</plugins>
</build>
<properties>
<spring.version>2.5.3</spring.version>
<spring.security.version>2.0.1-SNAPSHOT</spring.security.version>
</properties>
</project>

51
sandbox/heavyduty/src/main/java/bigbank/Account.java Executable file
View File

@ -0,0 +1,51 @@
package bigbank;
/**
* Note this class does not represent best practice, as we are failing to
* encapsulate business logic (methods) and state in the domain object.
* Nevertheless, this demo is intended to reflect what people usually do,
* as opposed to what they ideally would be doing.
*
* @author Ben Alex
* @version $Id$
*/
public class Account {
private long id = -1;
private String holder;
private double balance;
public Account(String holder) {
super();
this.holder = holder;
}
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public String getHolder() {
return holder;
}
public void setHolder(String holder) {
this.holder = holder;
}
public double getBalance() {
return balance;
}
public void setBalance(double balance) {
this.balance = balance;
}
public String toString() {
return "Account[id=" + id + ",balance=" + balance +",holder=" + holder + "]";
}
}

7
sandbox/heavyduty/src/main/java/bigbank/BankDao.java Executable file
View File

@ -0,0 +1,7 @@
package bigbank;
public interface BankDao {
public Account readAccount(Long id);
public void createOrUpdateAccount(Account account);
public Account[] findAccounts();
}

32
sandbox/heavyduty/src/main/java/bigbank/BankDaoStub.java Executable file
View File

@ -0,0 +1,32 @@
package bigbank;
import java.util.HashMap;
import java.util.Map;
public class BankDaoStub implements BankDao {
private long id = 0;
private Map accounts = new HashMap();
public void createOrUpdateAccount(Account account) {
if (account.getId() == -1) {
id++;
account.setId(id);
}
accounts.put(new Long(account.getId()), account);
System.out.println("SAVE: " + account);
}
public Account[] findAccounts() {
Account[] a = (Account[]) accounts.values().toArray(new Account[] {});
System.out.println("Returning " + a.length + " account(s):");
for (int i = 0; i < a.length; i++) {
System.out.println(" > " + a[i]);
}
return a;
}
public Account readAccount(Long id) {
return (Account) accounts.get(id);
}
}

15
sandbox/heavyduty/src/main/java/bigbank/BankService.java Executable file
View File

@ -0,0 +1,15 @@
package bigbank;
import org.springframework.security.annotation.Secured;
public interface BankService {
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
public Account readAccount(Long id);
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
public Account[] findAccounts();
@Secured("ROLE_TELLER")
public Account post(Account account, double amount);
}

40
sandbox/heavyduty/src/main/java/bigbank/BankServiceImpl.java Executable file
View File

@ -0,0 +1,40 @@
package bigbank;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.util.Assert;
public class BankServiceImpl implements BankService {
private BankDao bankDao;
// Not used unless you declare a <protect-pointcut>
@Pointcut("execution(* bigbank.BankServiceImpl.*(..))")
public void myPointcut() {}
public BankServiceImpl(BankDao bankDao) {
Assert.notNull(bankDao);
this.bankDao = bankDao;
}
public Account[] findAccounts() {
return this.bankDao.findAccounts();
}
public Account post(Account account, double amount) {
Assert.notNull(account);
Assert.notNull(account.getId());
// We read account bank from DAO so it reflects the latest balance
Account a = bankDao.readAccount(account.getId());
if (account == null) {
throw new IllegalArgumentException("Couldn't find requested account");
}
a.setBalance(a.getBalance() + amount);
bankDao.createOrUpdateAccount(a);
return a;
}
public Account readAccount(Long id) {
return bankDao.readAccount(id);
}
}

21
sandbox/heavyduty/src/main/java/bigbank/SeedData.java Executable file
View File

@ -0,0 +1,21 @@
package bigbank;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
public class SeedData implements InitializingBean{
private BankDao bankDao;
public void afterPropertiesSet() throws Exception {
Assert.notNull(bankDao);
bankDao.createOrUpdateAccount(new Account("rod"));
bankDao.createOrUpdateAccount(new Account("dianne"));
bankDao.createOrUpdateAccount(new Account("scott"));
bankDao.createOrUpdateAccount(new Account("peter"));
}
public void setBankDao(BankDao bankDao) {
this.bankDao = bankDao;
}
}

34
sandbox/heavyduty/src/main/java/bigbank/web/ListAccounts.java Executable file
View File

@ -0,0 +1,34 @@
package bigbank.web;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.util.Assert;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;
import bigbank.BankService;
public class ListAccounts implements Controller {
private BankService bankService;
public ListAccounts(BankService bankService) {
Assert.notNull(bankService);
this.bankService = bankService;
}
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
// Security check (this is unnecessary if Spring Security is performing the authorization)
// if (request.getUserPrincipal() == null) {
// throw new AuthenticationCredentialsNotFoundException("You must login to view the account list (Spring Security message)"); // only for Spring Security managed authentication
// }
// Actual business logic
ModelAndView mav = new ModelAndView("listAccounts");
mav.addObject("accounts", bankService.findAccounts());
return mav;
}
}

39
sandbox/heavyduty/src/main/java/bigbank/web/PostAccounts.java Executable file
View File

@ -0,0 +1,39 @@
package bigbank.web;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.AccessDeniedException;
import org.springframework.util.Assert;
import org.springframework.web.bind.ServletRequestUtils;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;
import bigbank.Account;
import bigbank.BankService;
public class PostAccounts implements Controller {
private BankService bankService;
public PostAccounts(BankService bankService) {
Assert.notNull(bankService);
this.bankService = bankService;
}
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
// Security check (this is unnecessary if Spring Security is performing the authorization)
// if (!request.isUserInRole("ROLE_TELLER")) {
// throw new AccessDeniedException("You must be a teller to post transactions (Spring Security message)"); // only for Spring Security managed authentication
// }
// Actual business logic
Long id = ServletRequestUtils.getRequiredLongParameter(request, "id");
Double amount = ServletRequestUtils.getRequiredDoubleParameter(request, "amount");
Account a = bankService.readAccount(id);
bankService.post(a, amount);
return new ModelAndView("redirect:listAccounts.html");
}
}

11
sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyAuthenticationProcessingFilter.java Executable file
View File

@ -0,0 +1,11 @@
package heavyduty.security.ui;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
public class HeavyDutyAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
}

9
sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyEntryPoint.java Executable file
View File

@ -0,0 +1,9 @@
package heavyduty.security.ui;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
public class HeavyDutyEntryPoint extends AuthenticationProcessingFilterEntryPoint {
}

46
sandbox/heavyduty/src/main/java/sample/dao/GenericDAO.java Executable file
View File

@ -0,0 +1,46 @@
package sample.dao;
import java.io.Serializable;
/**
* The Interface GenericDAO.
*/
public interface GenericDAO<T extends Serializable, PK extends Serializable>
{
/**
* persist
* @param transientInstance objet to persist
*/
void persist(T transientInstance);
/**
* refresh
* @param instance objet to refresh
*/
void refresh(T instance);
/**
* delete
* @param persistentInstance objet to delete
*/
void delete(T persistentInstance);
/**
* merge
* @param detachedInstance objet to merge
* @return merged object
*/
T merge(T detachedInstance);
/**
* read
* @param id of object to read
* @return read object
*/
T read(PK id);
}

13
sandbox/heavyduty/src/main/java/sample/dao/UserDAO.java Executable file
View File

@ -0,0 +1,13 @@
package sample.dao;
import sample.domain.User;
/**
* The Interface PatientDAO.
*/
public interface UserDAO extends GenericDAO<User,Long> {
public User findByUsername(String username);
}

126
sandbox/heavyduty/src/main/java/sample/dao/impl/GenericDAOImpl.java Executable file
View File

@ -0,0 +1,126 @@
package sample.dao.impl;
import java.io.Serializable;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import sample.dao.GenericDAO;
public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
implements GenericDAO<T, PK> {
/** type */
private Class<T> type;
/** the logger */
private static final Log LOG = LogFactory.getLog(GenericDAOImpl.class);
@PersistenceContext
private EntityManager entityManager;
/**
* Minimal constructor
*
* @param t
* type POJO hibernate
*/
public GenericDAOImpl(Class<T> t) {
this.type = t;
}
/**
* read data
*
* @param id
* data id
* @return data
*/
@SuppressWarnings("unchecked")
public T read(PK id) {
if (id == null) {
throw new IllegalArgumentException("Id cannot be null or empty");
}
// find() au lieu de getReference() pour forcer l'initialisation de
// l'objet, sinon on ne recupère
// qu'un proxy non-initialisé !
return entityManager.find(type, id);
}
/**
* persist data
*
* @param transientInstance
* data to persist
* @see sido.common.dao.GenericDAO#persist(T)
*/
public void persist(T transientInstance) {
if (LOG.isDebugEnabled()) {
LOG.debug("Persisting instance of "
+ transientInstance.getClass().getSimpleName());
}
entityManager.persist(transientInstance);
}
/**
*
* attach clean
*
* @param instance
* data to attach
* @see sido.common.dao.GenericDAO#refresh(T)
*/
public void refresh(T instance) {
if (LOG.isDebugEnabled()) {
LOG.debug("refreshing instance of "
+ instance.getClass().getSimpleName());
}
entityManager.refresh(instance);
}
/**
* delete
*
* @param persistentInstance
* data to delete
* @see sido.common.dao.GenericDAO#delete(T)
*/
public void delete(T persistentInstance) {
if (LOG.isDebugEnabled()) {
LOG.debug("deleting instance of "
+ persistentInstance.getClass().getSimpleName());
}
entityManager.remove(persistentInstance);
}
/**
* merge
*
* @param detachedInstance
* data to merge
* @return the merged data
* @see sido.common.dao.GenericDAO#merge(T)
*/
@SuppressWarnings("unchecked")
public T merge(T detachedInstance) {
if (LOG.isDebugEnabled()) {
LOG.debug("merging instance of "
+ detachedInstance.getClass().getSimpleName());
}
return entityManager.merge(detachedInstance);
}
/**
* @return the entityManager
*/
public EntityManager getEntityManager() {
return entityManager;
}
}

27
sandbox/heavyduty/src/main/java/sample/dao/impl/UserDAOImpl.java Executable file
View File

@ -0,0 +1,27 @@
package sample.dao.impl;
import org.springframework.stereotype.Repository;
import sample.domain.User;
/**
* UserDAOImpl
*/
@Repository
public class UserDAOImpl extends GenericDAOImpl<User, Long> implements
sample.dao.UserDAO {
/**
* Required constructor
*/
public UserDAOImpl() {
super(User.class);
}
public User findByUsername(String username) {
return (User) getEntityManager().createNamedQuery("User.findByUsername")
.setParameter("username", username).getSingleResult();
}
}

106
sandbox/heavyduty/src/main/java/sample/domain/User.java Executable file
View File

@ -0,0 +1,106 @@
package sample.domain;
import java.io.Serializable;
import java.util.Date;
import javax.persistence.Basic;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.NamedQuery;
/**
* The Class Patient.
*/
@Entity
@NamedQuery(name = "User.findByUsername", query = "from User where username= :username")
public class User implements Serializable {
/** serialVersionUID */
private static final long serialVersionUID = 7073017148588882593L;
/** The id. */
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
private Long id;
/** The username. */
@Basic(optional = false)
private String username;
/** The username. */
@Basic(optional = false)
private String password;
/**
* Default constructor
*/
public User() {
super();
}
/**
* @param username
* @param password
*/
public User(String username, String password) {
super();
this.username = username;
this.password = password;
}
/**
* @return the id
*/
public Long getId() {
return id;
}
/**
* @param id the id to set
*/
public void setId(Long id) {
this.id = id;
}
/**
* @return the username
*/
public String getUsername() {
return username;
}
/**
* @param username the username to set
*/
public void setUsername(String username) {
this.username = username;
}
/**
* Full constructor
* @param username
*/
public User(String username, String password, Date derniereConnexion,
String key) {
super();
this.username = username;
}
/**
* @return the password
*/
public String getPassword() {
return password;
}
/**
* @param password the password to set
*/
public void setPassword(String password) {
this.password = password;
}
}

16
sandbox/heavyduty/src/main/java/sample/service/UserService.java Executable file
View File

@ -0,0 +1,16 @@
package sample.service;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
public interface UserService extends UserDetailsService {
/**
* Register a new User in database
* @param username
*/
public UserDetails register(String username, String password);
}

68
sandbox/heavyduty/src/main/java/sample/service/impl/UserServiceImpl.java Executable file
View File

@ -0,0 +1,68 @@
/**
*
*/
package sample.service.impl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.AuthenticationException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import sample.dao.UserDAO;
import sample.domain.User;
import sample.service.UserService;
/**
* @author A207119
*
*/
@Component
@Transactional
public class UserServiceImpl implements UserService {
/** The logger */
private static final Log LOG = LogFactory.getLog(UserServiceImpl.class);
/** The User DAO */
@Autowired
private UserDAO userDAO = null;
public UserDetails loadUserByUsername(String username)
throws AuthenticationException {
try {
User user = userDAO.findByUsername(username);
return new org.springframework.security.userdetails.User(user
.getUsername(), user.getPassword(), true, true, true, true,
new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_USER") });
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throw new UsernameNotFoundException("No matching account", e);
}
}
public UserDetails register(String username, String password) {
User user = new User(username, password);
userDAO.persist(user);
return new org.springframework.security.userdetails.User(user
.getUsername(), user.getPassword(), true, true, true, true,
new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_USER") });
}
/**
* @param userDAO
* the userDAO to set
*/
public void setUserDAO(UserDAO userDAO) {
this.userDAO = userDAO;
}
}

24
sandbox/heavyduty/src/main/resources/applicationContext-business.xml Executable file
View File

@ -0,0 +1,24 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<bean id="bankDao" class="bigbank.BankDaoStub"/>
<bean id="seedData" class="bigbank.SeedData">
<property name="bankDao" ref="bankDao"/>
</bean>
<bean id="bankService" class="bigbank.BankServiceImpl">
<constructor-arg ref="bankDao"/>
<!-- This will add a security interceptor to the bean
<security:intercept-methods>
<security:protect method="bigbank.BankService.*" access="IS_AUTHENTICATED_REMEMBERED" />
<security:protect method="bigbank.BankService.post" access="ROLE_TELLER" />
</security:intercept-methods> -->
</bean>
</beans>

2
sandbox/heavyduty/src/main/webapp/META-INF/MANIFEST.MF Executable file
View File

@ -0,0 +1,2 @@
Manifest-Version: 1.0

51
sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-misc.xml Executable file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
|
| Miscellaneous beans added just to test configuration options
|
| $Id$
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.vote.RoleVoter"/>
<bean class="org.springframework.security.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value><![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secure/extreme/**=ROLE_SUPERVISOR
/secure/**=IS_AUTHENTICATED_REMEMBERED
/**=IS_AUTHENTICATED_ANONYMOUSLY
]]></value>
</property>
</bean>
<bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationEntryPoint" ref="basicProcessingFilterEntryPoint"/>
</bean>
<bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName"><value>My Realm</value></property>
</bean>
</beans>

59
sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-persistence.xml Executable file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:config="http://www.springframework.org/schema/config"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
http://www.springframework.org/schema/config http://www.springframework.org/schema/config/spring-config-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd">
<bean id="AllPropertiesConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location">
<value>classpath:jdbc.properties</value>
</property>
</bean>
<tx:annotation-driven transaction-manager="transactionManager" />
<bean id="userDAO" class="sample.dao.impl.UserDAOImpl"/>
<bean id="daoUserService" class="sample.service.impl.UserServiceImpl">
<property name="userDAO" ref="userDAO"/>
</bean>
<bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor">
<!-- property name="order" value="0"/ -->
</bean>
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory" />
<property name="dataSource" ref="dataSource" />
</bean>
<bean id="entityManagerFactory"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="jpaVendorAdapter">
<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
<property name="generateDdl" value="${jpa.generateDdl}" />
<property name="showSql" value="${jpa.showSql}" />
<property name="databasePlatform" value="${jpa.dialect}" />
</bean>
</property>
</bean>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${jdbc.driver}" />
<property name="url" value="${jdbc.url}" />
<property name="username" value="${jdbc.username}" />
<property name="password" value="${jdbc.password}" />
</bean>
</beans>

82
sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml Executable file
View File

@ -0,0 +1,82 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Sample namespace-based configuration
-
- $Id: applicationContext-security-ns.xml 2923 2008-04-12 17:17:46Z luke_t $
-->
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<b:import resource="appContext-misc.xml"/>
<global-method-security secured-annotations="enabled"/>
<http entry-point-ref='customEntryPoint'>
<intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
<intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
<!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
<intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />
<intercept-url pattern="/post.html" access="ROLE_TELLER" />
-->
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!--
Uncomment to enable X509 client authentication support -->
<x509 user-service-ref="daoUserService"/>
<!-- All of this is unnecessary if auto-config="true" -->
<form-login />
<anonymous />
<!-- http-basic / -->
<logout />
<!-- <remember-me user-service-ref="daoUserService"/> -->
<!-- Uncomment to limit the number of sessions a user can have -->
<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
</http>
<authentication-manager alias="authenticationManager"/>
<b:bean id="customAuthFilter" class="heavyduty.security.ui.HeavyDutyAuthenticationProcessingFilter">
<custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/>
<b:property name="defaultTargetUrl" value="/"/>
<b:property name="authenticationManager" ref="authenticationManager"/>
</b:bean>
<b:bean id="customEntryPoint" class="heavyduty.security.ui.HeavyDutyEntryPoint">
<b:property name="loginFormUrl" value="/login.jsp"/>
</b:bean>
<!--
<b:bean id="loginPageGenerator" class="org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter">
<custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/>
<b:constructor-arg ref="customAuthFilter"/>
</b:bean>
-->
<!--
Usernames/Passwords are
rod/koala
dianne/emu
scott/wombat
peter/opal
-->
<authentication-provider user-service-ref="daoUserService">
<password-encoder hash="md5" />
</authentication-provider>
<authentication-provider>
<password-encoder hash="md5"/>
<user-service>
<user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
<user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
<user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
<user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</b:beans>

161
sandbox/heavyduty/src/main/webapp/WEB-INF/applicationContext-acegi-security.xml Executable file
View File

@ -0,0 +1,161 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
- A simple "base bones" Acegi Security configuration.
-
- The sample includes the "popular" features that people tend to use.
- Specifically, form authentication, remember-me, and anonymous processing.
- Other features aren't setup, as these can be added later by inserting
- the relevant XML fragments as specified in the Reference Guide.
-
- To assist new users, the filters specified in the FilterChainProxy are
- declared in the application context in the same order. Collaborators
- required by those filters are placed at the end of the file.
-
- $Id: applicationContext-acegi-security.xml 2366 2007-12-11 19:18:44Z benalex $
-->
<beans>
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value><![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
]]></value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
<constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
<constructor-arg>
<list>
<ref bean="rememberMeServices"/>
<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>
<bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>
<property name="defaultTargetUrl" value="/"/>
<property name="filterProcessesUrl" value="/j_spring_security_check"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>
<bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
</bean>
<bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName"><value>My Realm</value></property>
</bean>
<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
<bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>
<bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="changeThis"/>
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
</bean>
<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/acegilogin.jsp"/>
<property name="forceHttps" value="false"/>
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp"/>
</bean>
</property>
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.vote.RoleVoter"/>
<bean class="org.springframework.security.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value><![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secure/extreme/**=ROLE_SUPERVISOR
/secure/**=IS_AUTHENTICATED_REMEMBERED
/**=IS_AUTHENTICATED_ANONYMOUSLY
]]></value>
</property>
</bean>
<bean id="rememberMeServices" class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="userDetailsService"/>
<property name="key" value="changeThis"/>
</bean>
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<bean class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
<bean class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
<bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
<property name="userProperties">
<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location" value="/WEB-INF/users.properties"/>
</bean>
</property>
</bean>
<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
<bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>
<bean id="daacc" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>
<bean id="attributes" class="org.springframework.security.annotation.SecurityAnnotationAttributes"/>
<bean id="objectDefinitionSource" class="org.springframework.security.intercept.method.MethodDefinitionAttributes">
<property name="attributes"><ref local="attributes"/></property>
</bean>
<bean id="securityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
<property name="objectDefinitionSource">
<ref local="objectDefinitionSource"/>
</property>
</bean>
</beans>

20
sandbox/heavyduty/src/main/webapp/WEB-INF/bank-servlet.xml Executable file
View File

@ -0,0 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<bean name="/listAccounts.html" class="bigbank.web.ListAccounts">
<constructor-arg ref="bankService"/>
</bean>
<bean name="/post.html" class="bigbank.web.PostAccounts">
<constructor-arg ref="bankService"/>
</bean>
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>
</beans>

24
sandbox/heavyduty/src/main/webapp/WEB-INF/classes/META-INF/persistence.xml Executable file
View File

@ -0,0 +1,24 @@
<persistence xmlns="http://java.sun.com/xml/ns/persistence"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence
http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd"
version="1.0">
<persistence-unit name="SAMPLE" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider>
<class>sample.domain.User</class>
<properties>
<property name="hibernate.archive.autodetection" value="class" />
<property name="hibernate.format_sql" value="true" />
<property name="hibernate.dialect" value="org.hibernate.dialect.HSQLDialect" />
<!-- property name="hibernate.cache.provider_class"
value="org.hibernate.cache.EHCacheProvider" />
<property name="hibernate.cache.use_second_level_cache" value="true" />
<property name="hibernate.cache.use_query_cache" value="true" / -->
<property name="hibernate.max_fetch_depth" value="3" />
<property name="hibernate.default_batch_fetch_size" value="8" />
<property name="hibernate.generate_statistics" value="true" />
</properties>
</persistence-unit>
</persistence>

8
sandbox/heavyduty/src/main/webapp/WEB-INF/classes/jdbc.properties Executable file
View File

@ -0,0 +1,8 @@
jpa.dialect=org.hibernate.dialect.HSQLDialect
jpa.generateDdl=true
jpa.showSql=true
jdbc.driver=org.hsqldb.jdbcDriver
jdbc.url=jdbc:hsqldb:mem:.
jdbc.username=sa
jdbc.password=

18
sandbox/heavyduty/src/main/webapp/WEB-INF/classes/log4j.properties Executable file
View File

@ -0,0 +1,18 @@
# Global logging configuration
log4j.rootLogger=DEBUG, stdout
log4j.logger.org.springframework.security=DEBUG, stdout
# Console output...
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.conversionPattern=[%p,%c{1},%L] - %m%n
# Rolling log file output...
#log4j.appender.fileout=org.apache.log4j.RollingFileAppender
#log4j.appender.fileout.File=spring-security-tutorial.log
#log4j.appender.fileout.File=${webapp.root}/WEB-INF/log4j.log
#log4j.appender.fileout.MaxFileSize=1024KB
#log4j.appender.fileout.MaxBackupIndex=1
#log4j.appender.fileout.layout=org.apache.log4j.PatternLayout
#log4j.appender.fileout.layout.conversionPattern=%d{ABSOLUTE} %5p %c{1},%t:%L - %m%n

60
sandbox/heavyduty/src/main/webapp/WEB-INF/classes/users.ldif Executable file
View File

@ -0,0 +1,60 @@
dn: ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups
dn: ou=people,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people
dn: uid=rod,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Rod Johnson
sn: Johnson
uid: rod
userPassword: koala
dn: uid=dianne,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Dianne Emu
sn: Emu
uid: dianne
userPassword: emu
dn: uid=scott,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Scott
sn: Wombat
uid: scott
userPassword: wombat
dn: cn=user,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfNames
cn: user
member: uid=rod,ou=people,dc=springframework,dc=org
member: uid=dianne,ou=people,dc=springframework,dc=org
member: uid=scott,ou=people,dc=springframework,dc=org
dn: cn=teller,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfNames
cn: teller
member: uid=rod,ou=people,dc=springframework,dc=org
member: dianne=rod,ou=people,dc=springframework,dc=org
dn: cn=supervisor,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfNames
cn: supervisor
member: uid=rod,ou=people,dc=springframework,dc=org

27
sandbox/heavyduty/src/main/webapp/WEB-INF/jsp/listAccounts.jsp Executable file
View File

@ -0,0 +1,27 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core_rt"%>
<h1>Accounts</h1>
<a href="index.jsp">Home3</a><br><br>
<table>
<c:forEach var="account" items="${accounts}">
<tr>
<td>
<c:out value="${account.id}"/>
</td>
<td>
<c:out value="${account.holder}"/>
</td>
<td>
<c:out value="${account.balance}"/>
</td>
<td>
<a href="post.html?id=<c:out value="${account.id}"/>&amount=-20.00">-$20</a>
<a href="post.html?id=<c:out value="${account.id}"/>&amount=-5.00">-$5</a>
<a href="post.html?id=<c:out value="${account.id}"/>&amount=5.00">+$5</a>
<a href="post.html?id=<c:out value="${account.id}"/>&amount=20.00">+$20</a>
</td>
</tr>
</c:forEach>
</table>

81
sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml Executable file
View File

@ -0,0 +1,81 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Tutorial web application
-
- $Id: web.xml 2809 2008-03-26 15:27:09Z luke_t $
-->
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
<display-name>Spring Security Tutorial Application</display-name>
<!--
- Location of the XML file that defines the root application context
- Applied by ContextLoaderListener.
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext-business.xml
/WEB-INF/appContext-persistence.xml
/WEB-INF/appContext-security.xml
</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/classes/log4j.properties</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!--
- Loads the root application context of this web app at startup.
- The application context is then available via
- WebApplicationContextUtils.getWebApplicationContext(servletContext).
-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!--
- Publishes events for session creation and destruction through the application
- context. Optional unless concurrent session control is being used.
-->
<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
<!--
- Provides core MVC application controller.
-->
<servlet>
<servlet-name>bank</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>bank</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>

18
sandbox/heavyduty/src/main/webapp/index.jsp Executable file
View File

@ -0,0 +1,18 @@
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<html>
<body>
<h1>Home Page</h1>
<p>
Anyone can view this page.
</p>
<p>
If you're logged in, you can <a href="listAccounts.html">list accounts</a>.
</p>
<p>
Your principal object is....: <%= request.getUserPrincipal() %>
</p>
<p><a href="secure/index.jsp">Secure page</a></p>
<p><a href="secure/extreme/index.jsp">Extremely secure page</a></p>
</body>
</html>

47
sandbox/heavyduty/src/main/webapp/login.jsp Executable file
View File

@ -0,0 +1,47 @@
<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core_rt' %>
<%@ page import="org.springframework.security.ui.AbstractProcessingFilter" %>
<%@ page import="org.springframework.security.ui.webapp.AuthenticationProcessingFilter" %>
<%@ page import="org.springframework.security.AuthenticationException" %>
<!-- Not used unless you declare a <form-login login-page="/login.jsp"/> element -->
<html>
<head>
<title>CUSTOM SPRING SECURITY LOGIN</title>
</head>
<body onload="document.f.j_username.focus();">
<h1>CUSTOM SPRING SECURITY LOGIN</h1>
<P>Valid users:
<P>
<P>username <b>rod</b>, password <b>koala</b>
<br>username <b>dianne</b>, password <b>emu</b>
<br>username <b>scott</b>, password <b>wombat</b>
<br>username <b>peter</b>, password <b>opal</b>
<p>
<%-- this form-login-page form is also used as the
form-error-page to ask for a login again.
--%>
<% if (session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY) != null) { %>
<font color="red">
Your login attempt was not successful, try again.<BR><BR>
Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
</font>
<% } %>
<form name="f" action="<c:url value='j_spring_security_check'/>" method="POST">
<table>
<tr><td>User:</td><td><input type='text' name='j_username' <% if (session.getAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY) != null) { %>value='<%= session.getAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY) %>'<% } %>></td></tr>
<tr><td>Password:</td><td><input type='password' name='j_password'></td></tr>
<tr><td><input type="checkbox" name="_spring_security_remember_me"></td><td>Don't ask for my password for two weeks</td></tr>
<tr><td colspan='2'><input name="submit" type="submit"></td></tr>
<tr><td colspan='2'><input name="reset" type="reset"></td></tr>
</table>
</form>
</body>
</html>

15
sandbox/heavyduty/src/main/webapp/secure/extreme/index.jsp Executable file
View File

@ -0,0 +1,15 @@
<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags" %>
<html>
<body>
<h1>VERY Secure Page</h1>
This is a protected page. You can only see me if you are a supervisor.
<authz:authorize ifAllGranted="ROLE_SUPERVISOR">
You have "ROLE_SUPERVISOR" (this text is surrounded by &lt;authz:authorize&gt; tags).
</authz:authorize>
<p><a href="../../">Home</a>
<p><a href="../../j_spring_security_logout">Logout</a>
</body>
</html>

36
sandbox/heavyduty/src/main/webapp/secure/index.jsp Executable file
View File

@ -0,0 +1,36 @@
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<html>
<body>
<h1>Secure Page</h1>
<p>
This is a protected page. You can get to me if you've been remembered,
or if you've authenticated this session.
</p>
<sec:authorize ifAllGranted="ROLE_SUPERVISOR">
You are a supervisor! You can therefore see the <a href="extreme/index.jsp">extremely secure page</a>.<br/><br/>
</sec:authorize>
<h3>Properties obtained using &lt;sec:authentication /&gt; tag</h3>
<table border="1">
<tr><th>Tag</th><th>Value</th></tr>
<tr>
<td>&lt;sec:authentication property='name' /&gt;</td><td><sec:authentication property="name"/></td>
</tr>
<tr>
<td>&lt;sec:authentication property='principal.username' /&gt;</td><td><sec:authentication property="principal.username"/></td>
</tr>
<tr>
<td>&lt;sec:authentication property='principal.enabled' /&gt;</td><td><sec:authentication property="principal.enabled"/></td>
</tr>
<tr>
<td>&lt;sec:authentication property='principal.accountNonLocked' /&gt;</td><td><sec:authentication property="principal.accountNonLocked"/></td>
</tr>
</table>
<p><a href="../">Home</a>
<p><a href="../j_spring_security_logout">Logout</a>
</body>
</html>