Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-30 16:52:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove unused sandbox projects

Browse Source 
Fixes gh-4302
This commit is contained in:
Rob Winch 2017-04-19 08:36:34 -05:00
parent d59f128210
commit c5fedb6f8d
59 changed files with 0 additions and 2298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
sandbox/heavyduty/build.gradle
View File

@ -1,43 +0,0 @@
apply: 'war'
apply: 'jetty'
//apply: 'project-reports'
version = '3.1.0.CI-SNAPSHOT'
springVersion = '3.0.1.RELEASE'
targetCompatibility = '1.5'
sourceCompatibility = '1.5'
repositories {
mavenRepo name:'Local', urls: "file://" + System.properties['user.home'] + "/.m2/repository"
}
dependencies {
compile 'aopalliance:aopalliance:1.0',
"org.springframework.security:spring-security-core:$version",
"org.springframework.security:spring-security-web:$version",
"org.springframework:spring-beans:$springVersion",
"org.springframework:spring-core:$springVersion",
"org.springframework:spring-context:$springVersion",
"org.springframework:spring-tx:$springVersion",
"org.springframework:spring-web:$springVersion",
"org.springframework:spring-webmvc:$springVersion",
'org.aspectj:aspectjrt:1.6.8',
'org.hibernate:ejb3-persistence:1.0.2.GA',
"org.eclipse.persistence:javax.persistence:$javaPersistenceVersion",
'org.slf4j:jcl-over-slf4j:1.5.11'
providedCompile "javax.servlet:javax.servlet-api:$servletApiVersion"
runtime 'org.hibernate:hibernate-entitymanager:3.4.0.GA',
"org.springframework:spring-context-support:$springVersion",
"org.springframework.security:spring-security-ldap:$version",
"org.springframework.security:spring-security-config:$version",
"org.springframework.security:spring-security-taglibs:$version",
"org.springframework:spring-orm:$springVersion",
'org.apache.directory.server:apacheds-core:1.5.5',
'org.apache.directory.server:apacheds-server-jndi:1.5.5',
'org.freemarker:freemarker:2.3.16',
"org.hsqldb:hsqldb:$hsqlVersion",
'org.slf4j:slf4j-log4j12:1.5.11',
'log4j:log4j:1.2.14'
}

10
sandbox/heavyduty/certificates/Readme.txt
View File

@ -1,10 +0,0 @@
This directory contains certificates and keys for use with SSL in the sample applications. Certificates are issued by
our "Spring Security Test CA" certificate authority.
ca.pem - the certificate authority's certificate.
server.jks - Java keystore containing the server certificate and privatekey. It Also contains the certificate authority
file and this is used as both keystore and truststore for they jetty server when running the samples with
the maven jetty plugin ("mvn jetty:run").
rod.p12, dianne.p12, scott.p12 are all certificate/key combinations for client authentication and can be installed in
your browser if you want to try out support for X.509 authentication.

22
sandbox/heavyduty/certificates/ca.pem
View File

@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIEMKX1dzANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMC
R0IxETAPBgNVBAgTCFNjb3RsYW5kMRAwDgYDVQQHEwdHbGFzZ293MRkwFwYDVQQK
ExBTcHJpbmcgRnJhbWV3b3JrMRgwFgYDVQQLEw9TcHJpbmcgU2VjdXJpdHkxIDAe
BgNVBAMTF1NwcmluZyBTZWN1cml0eSBUZXN0IENBMB4XDTA4MDEyNTExMTIyMVoX
DTE4MDIyNTAwMDAwMFowgYkxCzAJBgNVBAYTAkdCMREwDwYDVQQIEwhTY290bGFu
ZDEQMA4GA1UEBxMHR2xhc2dvdzEZMBcGA1UEChMQU3ByaW5nIEZyYW1ld29yazEY
MBYGA1UECxMPU3ByaW5nIFNlY3VyaXR5MSAwHgYDVQQDExdTcHJpbmcgU2VjdXJp
dHkgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzl/wEe
snYrwqaGZuB8hmwACtptazh1+eXCfd66FkioxlLF7yTnjCC7DT+vmMgSuThIEIsN
xlxLpEgyU3bU8GIuR8wyYIyvuSMcptdFJLV7NKYuRycxpDuqimTM7Br0nfNgKVEv
1QwguGWr6YN3aZ68/xe/D5xyPhakKu++7VFXIXw9f0+nqojdrFTqQ6l9GAVRgfX6
h4JOaV1VFx83y2pnFj0iFneVxRcvXyWnyXlcOvJDIyVuyS/hYxb+E5rtBvp5XQ0o
5CP4OMwCZGx/jEqlL8oO7BwEgu9aEBxKvoIKJmHDTHgWIxgawTrKabmong4utnMI
yNrhsI77bmh2U7UCAwEAAaMQMA4wDAYDVR0PBAUDAwcGADANBgkqhkiG9w0BAQUF
AAOCAQEAuD8W9Ukkfyi0y65mwguFVAqBC3RSTMRXcjbLQV4rMDM/Q9kjA6acY4Ta
WgxGTwNCydqaqwDVsmn+6Je8Lp2xm9KLDLypVdNopGs+Mlfo55dhwqymXkQw1oJI
CPhR3nBmGEnSWW0UY9bPlpxRF2D5GDVwpuxDtXvWa4baPwRRI9MxwPWHA3ITl+fc
s9QVKy+pRAnuP9MSIp755cJ1CODOn2ElNCqnxxsZmcWcmI3LkHAwTmegl3PVvhrk
MKMEA/neshh/M/hWGNTFt77Hoa7pU9dv5RCWFvZPqsUgPrwGrmUvcmSDir3lSWQm
SuSED2LKVo+BFqwWS+jp49AR9b8B/Q==
-----END CERTIFICATE-----

BIN
sandbox/heavyduty/certificates/dianne.p12
View File

Binary file not shown.

BIN
sandbox/heavyduty/certificates/rod.p12
View File

Binary file not shown.

BIN
sandbox/heavyduty/certificates/scott.p12
View File

Binary file not shown.

BIN
sandbox/heavyduty/certificates/server.jks
View File

Binary file not shown.

54
sandbox/heavyduty/jetty-jmx.xml
View File

@ -1,54 +0,0 @@
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd">
<!-- =============================================================== -->
<!-- Configure the JVM JMX Server -->
<!-- this configuration file should be used in combination with -->
<!-- other configuration files. e.g. -->
<!-- java -jar start.jar etc/jetty-jmx.xml etc/jetty.xml -->
<!-- See jetty-jmx-mx4j.xml for a non JVM server solution -->
<!-- =============================================================== -->
<Configure id="Server" class="org.mortbay.jetty.Server">
<!-- =========================================================== -->
<!-- Initialize platform mbean server -->
<!-- =========================================================== -->
<!-- Create an MBeanServer or use the jdk 1.5 platformMBeanServer -->
<Call id="MBeanServer" class="java.lang.management.ManagementFactory" name="getPlatformMBeanServer"/>
<!-- =========================================================== -->
<!-- Initialize mx4j mbean server -->
<!-- =========================================================== -->
<!-- replace platform config with
<Call id="MBeanServer" class="javax.management.MBeanServerFactory" name="createMBeanServer"/>
-->
<!-- initialize the Jetty MBean container -->
<Get id="Container" name="container">
<Call name="addEventListener">
<Arg>
<New class="org.mortbay.management.MBeanContainer">
<Arg><Ref id="MBeanServer"/></Arg>
<!-- Set name="managementPort">8082</Set -->
<Call name="start" />
</New>
</Arg>
</Call>
</Get>
<!-- optionally add a remote JMX connector
<Call id="jmxConnector" class="javax.management.remote.JMXConnectorServerFactory" name="newJMXConnectorServer">
<Arg>
<New class="javax.management.remote.JMXServiceURL">
<Arg>service:jmx:rmi:///jndi/rmi:///jettymbeanserver</Arg>
</New>
</Arg>
<Arg/>
<Arg><Ref id="MBeanServer"/></Arg>
<Call name="start"/>
</Call>
-->
</Configure>

65
sandbox/heavyduty/src/main/java/bigbank/Account.java
View File

@ -1,65 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package bigbank;
/**
* Note this class does not represent best practice, as we are failing to
* encapsulate business logic (methods) and state in the domain object.
* Nevertheless, this demo is intended to reflect what people usually do,
* as opposed to what they ideally would be doing.
*
* @author Ben Alex
*/
public class Account {
private long id = -1;
private String holder;
private double balance;
public Account(String holder) {
super();
this.holder = holder;
}
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public String getHolder() {
return holder;
}
public void setHolder(String holder) {
this.holder = holder;
}
public double getBalance() {
return balance;
}
public void setBalance(double balance) {
this.balance = balance;
}
public String toString() {
return "Account[id=" + id + ",balance=" + balance +",holder=" + holder + "]";
}
}

22
sandbox/heavyduty/src/main/java/bigbank/BankDao.java
View File

@ -1,22 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package bigbank;
public interface BankDao {
public Account readAccount(Long id);
public void createOrUpdateAccount(Account account);
public Account[] findAccounts();
}

47
sandbox/heavyduty/src/main/java/bigbank/BankDaoStub.java
View File

@ -1,47 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package bigbank;
import java.util.HashMap;
import java.util.Map;
public class BankDaoStub implements BankDao {
private long id = 0;
private Map<Long, Account> accounts = new HashMap<Long, Account>();
public void createOrUpdateAccount(Account account) {
if (account.getId() == -1) {
id++;
account.setId(id);
}
accounts.put(new Long(account.getId()), account);
System.out.println("SAVE: " + account);
}
public Account[] findAccounts() {
Account[] a = (Account[]) accounts.values().toArray(new Account[] {});
System.out.println("Returning " + a.length + " account(s):");
for (int i = 0; i < a.length; i++) {
System.out.println(" > " + a[i]);
}
return a;
}
public Account readAccount(Long id) {
return (Account) accounts.get(id);
}
}

30
sandbox/heavyduty/src/main/java/bigbank/BankService.java
View File

@ -1,30 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package bigbank;
import org.springframework.security.access.annotation.Secured;
public interface BankService {
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
public Account readAccount(Long id);
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
public Account[] findAccounts();
@Secured("ROLE_TELLER")
public Account post(Account account, double amount);
}

55
sandbox/heavyduty/src/main/java/bigbank/BankServiceImpl.java
View File

@ -1,55 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package bigbank;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.util.Assert;
public class BankServiceImpl implements BankService {
private BankDao bankDao;
// Not used unless you declare a <protect-pointcut>
@Pointcut("execution(* bigbank.BankServiceImpl.*(..))")
public void myPointcut() {}
public BankServiceImpl(BankDao bankDao) {
Assert.notNull(bankDao);
this.bankDao = bankDao;
}
public Account[] findAccounts() {
return this.bankDao.findAccounts();
}
public Account post(Account account, double amount) {
Assert.notNull(account);
Assert.notNull(account.getId());
// We read account bank from DAO so it reflects the latest balance
Account a = bankDao.readAccount(account.getId());
if (account == null) {
throw new IllegalArgumentException("Couldn't find requested account");
}
a.setBalance(a.getBalance() + amount);
bankDao.createOrUpdateAccount(a);
return a;
}
public Account readAccount(Long id) {
return bankDao.readAccount(id);
}
}

36
sandbox/heavyduty/src/main/java/bigbank/SeedData.java
View File

@ -1,36 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package bigbank;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
public class SeedData implements InitializingBean{
private BankDao bankDao;
public void afterPropertiesSet() throws Exception {
Assert.notNull(bankDao);
bankDao.createOrUpdateAccount(new Account("rod"));
bankDao.createOrUpdateAccount(new Account("dianne"));
bankDao.createOrUpdateAccount(new Account("scott"));
bankDao.createOrUpdateAccount(new Account("peter"));
}
public void setBankDao(BankDao bankDao) {
this.bankDao = bankDao;
}
}

43
sandbox/heavyduty/src/main/java/bigbank/web/ListAccounts.java
View File

@ -1,43 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package bigbank.web;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.util.Assert;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;
import bigbank.BankService;
public class ListAccounts implements Controller {
private BankService bankService;
public ListAccounts(BankService bankService) {
Assert.notNull(bankService);
this.bankService = bankService;
}
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
// Actual business logic
ModelAndView mav = new ModelAndView("listAccounts");
mav.addObject("accounts", bankService.findAccounts());
return mav;
}
}

53
sandbox/heavyduty/src/main/java/bigbank/web/PostAccounts.java
View File

@ -1,53 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package bigbank.web;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.util.Assert;
import org.springframework.web.bind.ServletRequestUtils;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;
import bigbank.Account;
import bigbank.BankService;
public class PostAccounts implements Controller {
private BankService bankService;
public PostAccounts(BankService bankService) {
Assert.notNull(bankService);
this.bankService = bankService;
}
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
// Security check (this is unnecessary if Spring Security is performing the authorization)
// if (!request.isUserInRole("ROLE_TELLER")) {
// throw new AccessDeniedException("You must be a teller to post transactions (Spring Security message)"); // only for Spring Security managed authentication
// }
// Actual business logic
Long id = ServletRequestUtils.getRequiredLongParameter(request, "id");
Double amount = ServletRequestUtils.getRequiredDoubleParameter(request, "amount");
Account a = bankService.readAccount(id);
bankService.post(a, amount);
return new ModelAndView("redirect:listAccounts.html");
}
}

23
sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyAuthenticationProcessingFilter.java
View File

@ -1,23 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package heavyduty.security.ui;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
public class HeavyDutyAuthenticationProcessingFilter extends UsernamePasswordAuthenticationFilter {
}

24
sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyEntryPoint.java
View File

@ -1,24 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package heavyduty.security.ui;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
public class HeavyDutyEntryPoint extends LoginUrlAuthenticationEntryPoint {
}

65
sandbox/heavyduty/src/main/java/heavyduty/web/TestMultiActionController.java
View File

@ -1,65 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package heavyduty.web;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.bind.ServletRequestBindingException;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.multiaction.MultiActionController;
/**
* Reproduces SEC-830.
*/
public class TestMultiActionController extends MultiActionController {
public static final String VIEW_NAME = "multi-action-test";
public String login(HttpServletRequest request, HttpServletResponse response) {
return "login";
}
public void step1(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String[] x = request.getParameterValues("x");
logger.info("x= " + (x == null ? "null" : Arrays.asList(x)));
String[] y = request.getParameterValues("y");
logger.info("y = " + (y == null ? "null" : Arrays.asList(y)));
request.getRequestDispatcher("/testMulti.htm?action=step1xtra&x=5&x=5").forward(request, response);
}
public ModelAndView step1xtra(HttpServletRequest request, HttpServletResponse response) throws ServletRequestBindingException {
logger.info("x = " + Arrays.asList(request.getParameterValues("x")));
return createView("step2");
}
public ModelAndView step2(HttpServletRequest request, HttpServletResponse response) throws ServletRequestBindingException {
return createView("step1");
}
private ModelAndView createView(String name) {
Map<String, String> model = new HashMap<String, String>();
model.put("nextAction", name);
return new ModelAndView(VIEW_NAME, model);
}
}

44
sandbox/heavyduty/src/main/java/sample/TestVoter.java
View File

@ -1,44 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample;
import java.util.Collection;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.core.Authentication;
public class TestVoter implements AccessDecisionVoter {
public boolean supports(ConfigAttribute attribute) {
return true;
}
public boolean supports(Class<?> clazz) {
return MethodInvocation.class.isAssignableFrom(clazz);
}
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> config) {
MethodInvocation mi = (MethodInvocation) object;
mi.getMethod().getParameterAnnotations();
return ACCESS_GRANTED;
}
}

61
sandbox/heavyduty/src/main/java/sample/dao/GenericDAO.java
View File

@ -1,61 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample.dao;
import java.io.Serializable;
/**
* The Interface GenericDAO.
*/
public interface GenericDAO<T extends Serializable, PK extends Serializable>
{
/**
* persist
* @param transientInstance objet to persist
*/
void persist(T transientInstance);
/**
* refresh
* @param instance objet to refresh
*/
void refresh(T instance);
/**
* delete
* @param persistentInstance objet to delete
*/
void delete(T persistentInstance);
/**
* merge
* @param detachedInstance objet to merge
* @return merged object
*/
T merge(T detachedInstance);
/**
* read
* @param id of object to read
* @return read object
*/
T read(PK id);
}

27
sandbox/heavyduty/src/main/java/sample/dao/UserDAO.java
View File

@ -1,27 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample.dao;
import sample.domain.User;
/**
* The Interface PatientDAO.
*/
public interface UserDAO extends GenericDAO<User,Long> {
public User findByUsername(String username);
}

139
sandbox/heavyduty/src/main/java/sample/dao/impl/GenericDAOImpl.java
View File

@ -1,139 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample.dao.impl;
import java.io.Serializable;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import sample.dao.GenericDAO;
public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
implements GenericDAO<T, PK> {
/** type */
private Class<T> type;
/** the logger */
private static final Log LOG = LogFactory.getLog(GenericDAOImpl.class);
@PersistenceContext
private EntityManager entityManager;
/**
* Minimal constructor
*
* @param t
* type POJO hibernate
*/
public GenericDAOImpl(Class<T> t) {
this.type = t;
}
/**
* read data
*
* @param id
* data id
* @return data
*/
public T read(PK id) {
if (id == null) {
throw new IllegalArgumentException("Id cannot be null or empty");
}
// find() au lieu de getReference() pour forcer l'initialisation de
// l'objet, sinon on ne recupère
// qu'un proxy non-initialisé !
return entityManager.find(type, id);
}
/**
* persist data
*
* @param transientInstance
* data to persist
* @see sido.common.dao.GenericDAO#persist(T)
*/
public void persist(T transientInstance) {
if (LOG.isDebugEnabled()) {
LOG.debug("Persisting instance of "
+ transientInstance.getClass().getSimpleName());
}
entityManager.persist(transientInstance);
}
/**
*
* attach clean
*
* @param instance
* data to attach
* @see sido.common.dao.GenericDAO#refresh(T)
*/
public void refresh(T instance) {
if (LOG.isDebugEnabled()) {
LOG.debug("refreshing instance of "
+ instance.getClass().getSimpleName());
}
entityManager.refresh(instance);
}
/**
* delete
*
* @param persistentInstance
* data to delete
* @see sido.common.dao.GenericDAO#delete(T)
*/
public void delete(T persistentInstance) {
if (LOG.isDebugEnabled()) {
LOG.debug("deleting instance of "
+ persistentInstance.getClass().getSimpleName());
}
entityManager.remove(persistentInstance);
}
/**
* merge
*
* @param detachedInstance
* data to merge
* @return the merged data
* @see sido.common.dao.GenericDAO#merge(T)
*/
public T merge(T detachedInstance) {
if (LOG.isDebugEnabled()) {
LOG.debug("merging instance of "
+ detachedInstance.getClass().getSimpleName());
}
return entityManager.merge(detachedInstance);
}
/**
* @return the entityManager
*/
public EntityManager getEntityManager() {
return entityManager;
}
}

42
sandbox/heavyduty/src/main/java/sample/dao/impl/UserDAOImpl.java
View File

@ -1,42 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample.dao.impl;
import org.springframework.stereotype.Repository;
import sample.domain.User;
/**
* UserDAOImpl
*/
@Repository
public class UserDAOImpl extends GenericDAOImpl<User, Long> implements
sample.dao.UserDAO {
/**
* Required constructor
*/
public UserDAOImpl() {
super(User.class);
}
public User findByUsername(String username) {
return (User) getEntityManager().createNamedQuery("User.findByUsername")
.setParameter("username", username).getSingleResult();
}
}

120
sandbox/heavyduty/src/main/java/sample/domain/User.java
View File

@ -1,120 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample.domain;
import java.io.Serializable;
import java.util.Date;
import javax.persistence.Basic;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.NamedQuery;
/**
* The Class Patient.
*/
@Entity
@NamedQuery(name = "User.findByUsername", query = "from User where username= :username")
public class User implements Serializable {
/** serialVersionUID */
private static final long serialVersionUID = 7073017148588882593L;
/** The id. */
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
private Long id;
/** The username. */
@Basic(optional = false)
private String username;
/** The username. */
@Basic(optional = false)
private String password;
/**
* Default constructor
*/
public User() {
super();
}
/**
* @param username
* @param password
*/
public User(String username, String password) {
super();
this.username = username;
this.password = password;
}
/**
* @return the id
*/
public Long getId() {
return id;
}
/**
* @param id the id to set
*/
public void setId(Long id) {
this.id = id;
}
/**
* @return the username
*/
public String getUsername() {
return username;
}
/**
* @param username the username to set
*/
public void setUsername(String username) {
this.username = username;
}
/**
* Full constructor
* @param username
*/
public User(String username, String password, Date derniereConnexion,
String key) {
super();
this.username = username;
}
/**
* @return the password
*/
public String getPassword() {
return password;
}
/**
* @param password the password to set
*/
public void setPassword(String password) {
this.password = password;
}
}

31
sandbox/heavyduty/src/main/java/sample/service/UserService.java
View File

@ -1,31 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample.service;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
public interface UserService extends UserDetailsService {
/**
* Register a new User in database
* @param username
*/
public UserDetails register(String username, String password);
}

81
sandbox/heavyduty/src/main/java/sample/service/impl/UserServiceImpl.java
View File

@ -1,81 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
*
*/
package sample.service.impl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;
import sample.dao.UserDAO;
import sample.domain.User;
import sample.service.UserService;
/**
* @author A207119
*
*/
@Component
@Transactional
public class UserServiceImpl implements UserService {
/** The logger */
private static final Log LOG = LogFactory.getLog(UserServiceImpl.class);
/** The User DAO */
@Autowired
private UserDAO userDAO = null;
public UserDetails loadUserByUsername(String username)
throws AuthenticationException {
try {
User user = userDAO.findByUsername(username);
return new org.springframework.security.core.userdetails.User(user
.getUsername(), user.getPassword(), true, true, true, true,
AuthorityUtils.createAuthorityList("ROLE_USER"));
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throw new UsernameNotFoundException("No matching account", e);
}
}
public UserDetails register(String username, String password) {
User user = new User(username, password);
userDAO.persist(user);
return new org.springframework.security.core.userdetails.User(user
.getUsername(), user.getPassword(), true, true, true, true,
AuthorityUtils.createAuthorityList("ROLE_USER"));
}
/**
* @param userDAO
* the userDAO to set
*/
public void setUserDAO(UserDAO userDAO) {
this.userDAO = userDAO;
}
}

24
sandbox/heavyduty/src/main/resources/applicationContext-business.xml
View File

@ -1,24 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<bean id="bankDao" class="bigbank.BankDaoStub"/>
<bean id="seedData" class="bigbank.SeedData">
<property name="bankDao" ref="bankDao"/>
</bean>
<bean id="bankService" class="bigbank.BankServiceImpl">
<constructor-arg ref="bankDao"/>
<!-- This will add a security interceptor to the bean
<security:intercept-methods>
<security:protect method="bigbank.BankService.*" access="IS_AUTHENTICATED_REMEMBERED" />
<security:protect method="bigbank.BankService.post" access="ROLE_TELLER" />
</security:intercept-methods> -->
</bean>
</beans>

2
sandbox/heavyduty/src/main/webapp/META-INF/MANIFEST.MF
View File

@ -1,2 +0,0 @@
Manifest-Version: 1.0

65
sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-misc.xml
View File

@ -1,65 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
|
| Miscellaneous beans added just to test configuration options
|
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.5.xsd">
<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.vote.RoleVoter"/>
<bean class="org.springframework.security.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value><![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secure/extreme/**=ROLE_SUPERVISOR
/secure/**=IS_AUTHENTICATED_REMEMBERED
/**=IS_AUTHENTICATED_ANONYMOUSLY
]]></value>
</property>
</bean>
<bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationEntryPoint" ref="basicProcessingFilterEntryPoint"/>
</bean>
<bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName"><value>My Realm</value></property>
</bean>
<bean id="bankServiceSecurityInterceptor"
class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<!-- property name="afterInvocationManager" ref="afterInvocationManager"/ -->
<property name="objectDefinitionSource">
<value>
bigbank.BankService.post*=ROLE_SUPERVISOR
bigbank.BankService.find*=ROLE_SUPERVISOR
</value>
</property>
</bean>
</beans>

55
sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-persistence.xml
View File

@ -1,55 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:config="http://www.springframework.org/schema/config"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/config http://www.springframework.org/schema/config/spring-config-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<bean id="AllPropertiesConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location" value="classpath:jdbc.properties"/>
</bean>
<tx:annotation-driven transaction-manager="transactionManager" />
<bean id="userDAO" class="sample.dao.impl.UserDAOImpl"/>
<bean id="daoUserService" class="sample.service.impl.UserServiceImpl"/>
<bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor">
<!-- property name="order" value="0"/ -->
</bean>
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory" />
<property name="dataSource" ref="dataSource" />
</bean>
<bean id="entityManagerFactory"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="jpaVendorAdapter">
<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
<property name="generateDdl" value="${jpa.generateDdl}" />
<property name="showSql" value="${jpa.showSql}" />
<property name="databasePlatform" value="${jpa.dialect}" />
</bean>
</property>
</bean>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${jdbc.driver}" />
<property name="url" value="${jdbc.url}" />
<property name="username" value="${jdbc.username}" />
<property name="password" value="${jdbc.password}" />
</bean>
</beans>

127
sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml
View File

@ -1,127 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Sample namespace-based configuration
-
-->
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!--b:import resource="appContext-misc.xml"/-->
<context:component-scan base-package='sample'/>
<global-method-security secured-annotations="enabled" access-decision-manager-ref="methodAccessMgr">
<protect-pointcut expression="execution(* sample.service.UserService+.*(..))"
access="ROLE_LOGGEDIN" />
</global-method-security>
<aop:aspectj-autoproxy/>
<b:bean id="methodAccessMgr" class="org.springframework.security.access.vote.AffirmativeBased">
<b:property name="decisionVoters">
<b:list>
<b:bean class="sample.TestVoter"/>
</b:list>
</b:property>
</b:bean>
<http use-expressions="false">
<intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
<intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
<intercept-url pattern="/testMulti.htm*" access="IS_AUTHENTICATED_FULLY" />
<!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
<intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />
<intercept-url pattern="/post.html" access="ROLE_TELLER" />
-->
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!--
Uncomment to enable X509 client authentication support
<x509 user-service-ref="daoUserService"/>
-->
<form-login default-target-url="/secure/index.jsp" login-page="/login.jsp" authentication-failure-url="/login.jsp?login-error=1" always-use-default-target="false"/>
<!-- http-basic / -->
<logout />
<remember-me key='doesntmatter' token-repository-ref='tokenRepo' user-service-ref='daoUserService'/>
<!-- <remember-me user-service-ref="daoUserService"/> -->
<!-- Uncomment to limit the number of sessions a user can have -->
<session-management>
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" session-registry-ref='sessionRegistry'/>
</session-management>
<!-- custom-filter position="AUTHENTICATION_PROCESSING_FILTER" ref="customAuthFilter" / -->
</http>
<b:bean id='tokenRepo' class='org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl'/>
<!-- Traditional Session Control Beans -->
<!--
<b:bean id='sessionControlFilter' class="org.springframework.security.concurrent.ConcurrentSessionFilter">
<custom-filter position="CONCURRENT_SESSION_FILTER"/>
<b:property name="sessionRegistry" ref='sessionRegistry'/>
</b:bean>
-->
<b:bean id='sessionRegistry' class="org.springframework.security.core.session.SessionRegistryImpl"/>
<!--
<b:bean id="customAuthFilter" class="heavyduty.security.ui.HeavyDutyAuthenticationProcessingFilter">
<b:property name="defaultTargetUrl" value="/"/>
<b:property name="authenticationManager" ref="authenticationManager"/>
</b:bean>
<b:bean id="customEntryPoint" class="heavyduty.security.ui.HeavyDutyEntryPoint">
<b:property name="loginFormUrl" value="/login.jsp"/>
</b:bean>
-->
<!--
<b:bean id="loginPageGenerator" class="org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter">
<custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/>
<b:constructor-arg ref="customAuthFilter"/>
</b:bean>
-->
<authentication-manager alias="authenticationManager" >
<authentication-provider user-service-ref="daoUserService">
<password-encoder hash="md5" />
</authentication-provider>
<authentication-provider>
<password-encoder hash="md5"/>
<user-service>
<user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
<user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
<user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
<user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
<ldap-server id="ldapServer"/>
<!-- b:bean id="mbeanServer" class="org.springframework.jmx.support.MBeanServerFactoryBean"/ -->
<b:bean id="exporter" class="org.springframework.jmx.export.MBeanExporter">
<b:property name="beans">
<b:map>
<b:entry key="bean:name=ldapContextSource" value-ref="ldapServer"/>
</b:map>
</b:property>
<b:property name="assembler">
<b:bean class="org.springframework.jmx.export.assembler.MethodNameBasedMBeanInfoAssembler">
<b:property name="managedMethods" value="setPassword,setUserDn,getUrls,setUrl,setUrls,setPooled,isPooled,setBase,getBaseLdapPathAsString"/>
</b:bean>
</b:property>
<!-- b:property name="server" ref="mbeanServer"/-->
</b:bean>
</b:beans>

160
sandbox/heavyduty/src/main/webapp/WEB-INF/applicationContext-acegi-security.xml
View File

@ -1,160 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
- A simple "base bones" Acegi Security configuration.
-
- The sample includes the "popular" features that people tend to use.
- Specifically, form authentication, remember-me, and anonymous processing.
- Other features aren't setup, as these can be added later by inserting
- the relevant XML fragments as specified in the Reference Guide.
-
- To assist new users, the filters specified in the FilterChainProxy are
- declared in the application context in the same order. Collaborators
- required by those filters are placed at the end of the file.
-
-->
<beans>
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value><![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
]]></value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
<constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
<constructor-arg>
<list>
<ref bean="rememberMeServices"/>
<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>
<bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>
<property name="defaultTargetUrl" value="/"/>
<property name="filterProcessesUrl" value="/login"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>
<bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
</bean>
<bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName"><value>My Realm</value></property>
</bean>
<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
<bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>
<bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="changeThis"/>
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
</bean>
<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/acegilogin.jsp"/>
<property name="forceHttps" value="false"/>
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp"/>
</bean>
</property>
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.access.vote.RoleVoter"/>
<bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
<bean id="filterInvocationInterceptor" class="org.springframework.security.web.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value><![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secure/extreme/**=ROLE_SUPERVISOR
/secure/**=IS_AUTHENTICATED_REMEMBERED
/**=IS_AUTHENTICATED_ANONYMOUSLY
]]></value>
</property>
</bean>
<bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="userDetailsService"/>
<property name="key" value="changeThis"/>
</bean>
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"/>
<bean class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
<bean class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
<bean id="userDetailsService" class="org.springframework.security.core.userdetails.memory.InMemoryDaoImpl">
<property name="userProperties">
<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location" value="/WEB-INF/users.properties"/>
</bean>
</property>
</bean>
<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
<bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
<bean id="daacc" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>
<bean id="attributes" class="org.springframework.security.access.annotation.SecurityAnnotationAttributes"/>
<bean id="securityMetadataSource" class="org.springframework.security.access.intercept.method.MethodDefinitionAttributes">
<property name="attributes"><ref bean="attributes"/></property>
</bean>
<bean id="securityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="securityMetadataSource">
<ref bean="securityMetadataSource"/>
</property>
</bean>
</beans>

24
sandbox/heavyduty/src/main/webapp/WEB-INF/classes/META-INF/persistence.xml
View File

@ -1,24 +0,0 @@
<persistence xmlns="http://java.sun.com/xml/ns/persistence"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence
http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd"
version="1.0">
<persistence-unit name="SAMPLE" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider>
<class>sample.domain.User</class>
<properties>
<property name="hibernate.archive.autodetection" value="class" />
<property name="hibernate.format_sql" value="true" />
<property name="hibernate.dialect" value="org.hibernate.dialect.HSQLDialect" />
<!-- property name="hibernate.cache.provider_class"
value="org.hibernate.cache.EHCacheProvider" />
<property name="hibernate.cache.use_second_level_cache" value="true" />
<property name="hibernate.cache.use_query_cache" value="true" / -->
<property name="hibernate.max_fetch_depth" value="3" />
<property name="hibernate.default_batch_fetch_size" value="8" />
<property name="hibernate.generate_statistics" value="true" />
</properties>
</persistence-unit>
</persistence>

0
sandbox/heavyduty/src/main/webapp/WEB-INF/classes/database/heavyduty
View File

8
sandbox/heavyduty/src/main/webapp/WEB-INF/classes/jdbc.properties
View File

@ -1,8 +0,0 @@
jpa.dialect=org.hibernate.dialect.HSQLDialect
jpa.generateDdl=true
jpa.showSql=true
jdbc.driver=org.hsqldb.jdbcDriver
jdbc.url=jdbc:hsqldb:mem:heavyduty
jdbc.username=sa
jdbc.password=

60
sandbox/heavyduty/src/main/webapp/WEB-INF/classes/users.ldif
View File

@ -1,60 +0,0 @@
dn: ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups
dn: ou=people,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people
dn: uid=rod,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Rod Johnson
sn: Johnson
uid: rod
userPassword: koala
dn: uid=dianne,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Dianne Emu
sn: Emu
uid: dianne
userPassword: emu
dn: uid=scott,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Scott
sn: Wombat
uid: scott
userPassword: wombat
dn: cn=user,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfNames
cn: user
member: uid=rod,ou=people,dc=springframework,dc=org
member: uid=dianne,ou=people,dc=springframework,dc=org
member: uid=scott,ou=people,dc=springframework,dc=org
dn: cn=teller,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfNames
cn: teller
member: uid=rod,ou=people,dc=springframework,dc=org
member: dianne=rod,ou=people,dc=springframework,dc=org
dn: cn=supervisor,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfNames
cn: supervisor
member: uid=rod,ou=people,dc=springframework,dc=org

22
sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl
View File

@ -1,22 +0,0 @@
<html>
<head>
<title>Spring Security Login</title>
</head>
<body onload="document.f.username.focus();">
<h1>Spring Security Login (Freemarker)</h1>
<form name="f" action="login" method="POST">
<table>
<tr><td>User:</td><td><input type='text' name='username' value=''/></td></tr>
<tr><td>Password:</td><td><input type='password' name='password' value=''/></td></tr>
<tr><td><input type="checkbox" name="remember-me"/></td><td>Don't ask for my password for two weeks</td></tr>
<tr><td colspan='2'><input name="submit" type="submit"></td></tr>
<tr><td colspan='2'><input name="reset" type="reset"></td></tr>
</table>
</form>
</body>
</html>

15
sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/multi-action-test.ftl
View File

@ -1,15 +0,0 @@
<html>
<head>
<title>MultiActionController Test</title>
</head>
<body>
<form action="testMulti.htm">
<input name="action" value="${nextAction}" type="text"/> <br/>
<input name="x" value="5" type="text"/> <br/>
<input name="y" value="5" type="text"/> <br/>
<input type='submit' value='submit' />
</form>
</body>
</html>

34
sandbox/heavyduty/src/main/webapp/WEB-INF/heavyduty-servlet.xml
View File

@ -1,34 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<bean name="testMultiController" class="heavyduty.web.TestMultiActionController">
<property name="methodNameResolver">
<bean class="org.springframework.web.servlet.mvc.multiaction.ParameterMethodNameResolver"/>
</property>
</bean>
<!--
<bean name="/post.html" class="bigbank.web.PostAccounts">
<constructor-arg ref="bankService"/>
</bean>
-->
<bean id="freemarkerConfig" class="org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer">
<property name="templateLoaderPath" value="/WEB-INF/freemarker/"/>
</bean>
<bean id="viewResolver" class="org.springframework.web.servlet.view.freemarker.FreeMarkerViewResolver">
<property name="prefix" value=""/>
<property name="suffix" value=".ftl"/>
</bean>
<bean class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<value>
**/testMulti.htm=testMultiController
</value>
</property>
</bean>
</beans>

27
sandbox/heavyduty/src/main/webapp/WEB-INF/jsp/listAccounts.jsp
View File

@ -1,27 +0,0 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core_rt"%>
<h1>Accounts</h1>
<a href="index.jsp">Home3</a><br><br>
<table>
<c:forEach var="account" items="${accounts}">
<tr>
<td>
<c:out value="${account.id}"/>
</td>
<td>
<c:out value="${account.holder}"/>
</td>
<td>
<c:out value="${account.balance}"/>
</td>
<td>
<a href="post.html?id=<c:out value="${account.id}"/>&amount=-20.00">-$20</a>
<a href="post.html?id=<c:out value="${account.id}"/>&amount=-5.00">-$5</a>
<a href="post.html?id=<c:out value="${account.id}"/>&amount=5.00">+$5</a>
<a href="post.html?id=<c:out value="${account.id}"/>&amount=20.00">+$20</a>
</td>
</tr>
</c:forEach>
</table>

85
sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml
View File

@ -1,85 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Tutorial web application
-
-->
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
<display-name>Spring Security Tutorial Application</display-name>
<!--
- Location of the XML file that defines the root application context
- Applied by ContextLoaderListener.
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext-business.xml
/WEB-INF/appContext-persistence.xml
/WEB-INF/appContext-security.xml
</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/classes/log4j.properties</param-value>
</context-param>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>heavyduty.root</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!--
- Loads the root application context of this web app at startup.
- The application context is then available via
- WebApplicationContextUtils.getWebApplicationContext(servletContext).
-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!--
- Publishes events for session creation and destruction through the application
- context. Optional unless concurrent session control is being used.
-->
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<!--
- Provides core MVC application controller.
-->
<servlet>
<servlet-name>heavyduty</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>heavyduty</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>

29
sandbox/heavyduty/src/main/webapp/context.jsp
View File

@ -1,29 +0,0 @@
<%@page import="org.springframework.web.context.support.WebApplicationContextUtils"%>
<%@page import="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"%>
<%@page import="org.springframework.security.authentication.ProviderManager"%>
<html>
<body>
<h1>Context Information Page</h1>
<p>
LdapAuthenticationProvider instances: <br/>
<%=
WebApplicationContextUtils.getRequiredWebApplicationContext(
session.getServletContext()).getBeansOfType(LdapAuthenticationProvider.class)
%>
</p>
<p>
Providers: <br />
<%=
((ProviderManager)WebApplicationContextUtils.getRequiredWebApplicationContext(
session.getServletContext()).getBean("org.springframework.security.authenticationManager")).getProviders() %>
</p>
<p><a href="/index.jsp">Home</a></p>
</body>
</html>

18
sandbox/heavyduty/src/main/webapp/index.jsp
View File

@ -1,18 +0,0 @@
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<html>
<body>
<h1>HeavyDuty App Home Page</h1>
<p>
Anyone can view this page.
</p>
<p>
Test multi-action controller <a href="testMulti.htm?action=step1">SEC-830</a>.
</p>
<p>
Your principal object is....: <%= request.getUserPrincipal() %>
</p>
<h3>Restricted Pages ...</h3>
<p><a href="secure/index.jsp">Secure page</a></p>
<p><a href="secure/extreme/index.jsp">Extremely secure page</a></p>
</body>
</html>

25
sandbox/heavyduty/src/main/webapp/login.jsp
View File

@ -1,25 +0,0 @@
<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core_rt' %>
<%@ page import="org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter" %>
<%@ page import="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" %>
<%@ page import="org.springframework.security.core.AuthenticationException" %>
<html>
<head>
<title>CUSTOM SPRING SECURITY LOGIN</title>
</head>
<body onload="document.f.username.focus();">
<h1>CUSTOM SPRING SECURITY LOGIN</h1>
<form name="f" action="<c:url value='login'/>" method="POST">
<table>
<tr><td>User:</td><td><input type='text' name='username' /></td></tr>
<tr><td>Password:</td><td><input type='password' name='password'/></td></tr>
<tr><td><input type="checkbox" name="remember-me"></td><td>Don't ask for my password for two weeks</td></tr>
<tr><td colspan='2'><input name="submit" type="submit"></td></tr>
<tr><td colspan='2'><input name="reset" type="reset"></td></tr>
</table>
</form>
</body>
</html>

15
sandbox/heavyduty/src/main/webapp/secure/extreme/index.jsp
View File

@ -1,15 +0,0 @@
<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags" %>
<html>
<body>
<h1>VERY Secure Page</h1>
This is a protected page. You can only see me if you are a supervisor.
<authz:authorize access="hasRole('ROLE_SUPERVISOR')">
You have "ROLE_SUPERVISOR" (this text is surrounded by &lt;authz:authorize&gt; tags).
</authz:authorize>
<p><a href="../../">Home</a>
<p><a href="../../logout">Logout</a>
</body>
</html>

38
sandbox/heavyduty/src/main/webapp/secure/index.jsp
View File

@ -1,38 +0,0 @@
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<html>
<body>
<h1>Secure Page</h1>
<p>
This is a protected page. You can get to me if you've been remembered,
or if you've authenticated this session.
</p>
<sec:authorize access="hasRole('ROLE_SUPERVISOR')">
You are a supervisor! You can therefore see the <a href="extreme/index.jsp">extremely secure page</a>.<br/><br/>
</sec:authorize>
<h3>Properties obtained using &lt;sec:authentication /&gt; tag</h3>
<table border="1">
<tr><th>Tag</th><th>Value</th></tr>
<tr>
<td>&lt;sec:authentication property='name' /&gt;</td><td><sec:authentication property="name"/></td>
</tr>
<tr>
<td>&lt;sec:authentication property='principal.username' /&gt;</td><td><sec:authentication property="principal.username"/></td>
</tr>
<tr>
<td>&lt;sec:authentication property='principal.enabled' /&gt;</td><td><sec:authentication property="principal.enabled"/></td>
</tr>
<tr>
<td>&lt;sec:authentication property='principal.accountNonLocked' /&gt;</td><td><sec:authentication property="principal.accountNonLocked"/></td>
</tr>
</table>
Saved Request: <%= session.getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY") %>
<p><a href="../">Home</a>
<p><a href="../logout">Logout</a>
</body>
</html>

24
sandbox/webflow/src/main/resources/applicationContext-business.xml
View File

@ -1,24 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<bean id="bankDao" class="bigbank.BankDaoStub"/>
<bean id="seedData" class="bigbank.SeedData">
<property name="bankDao" ref="bankDao"/>
</bean>
<bean id="bankService" class="bigbank.BankServiceImpl">
<constructor-arg ref="bankDao"/>
<!-- This will add a security interceptor to the bean
<security:intercept-methods>
<security:protect method="bigbank.BankService.*" access="IS_AUTHENTICATED_REMEMBERED" />
<security:protect method="bigbank.BankService.post" access="ROLE_TELLER" />
</security:intercept-methods> -->
</bean>
</beans>

2
sandbox/webflow/src/main/webapp/META-INF/MANIFEST.MF
View File

@ -1,2 +0,0 @@
Manifest-Version: 1.0

13
sandbox/webflow/src/main/webapp/WEB-INF/freemarker/form.ftl
View File

@ -1,13 +0,0 @@
<html>
<head>
<title>Form</title>
</head>
<body>
<form action="secure">
<input name="x" value='${x!"change me"}' type="text"/> <br/>
<input type='submit' value='submit' />
</form>
</body>
</html>

22
sandbox/webflow/src/main/webapp/WEB-INF/freemarker/login.ftl
View File

@ -1,22 +0,0 @@
<html>
<head>
<title>Spring Security Login</title>
</head>
<body onload="document.f.username.focus();">
<h1>Spring Security Login (Freemarker)</h1>
<form name="f" action="authenticate" method="POST">
<table>
<tr><td>User:</td><td><input type='text' name='username' value=''/></td></tr>
<tr><td>Password:</td><td><input type='password' name='password' value=''/></td></tr>
<tr><td><input type="checkbox" name="remember-me"/></td><td>Don't ask for my password for two weeks</td></tr>
<tr><td colspan='2'><input name="submit" type="submit"></td></tr>
<tr><td colspan='2'><input name="reset" type="reset"></td></tr>
</table>
</form>
</body>
</html>

27
sandbox/webflow/src/main/webapp/WEB-INF/jsp/listAccounts.jsp
View File

@ -1,27 +0,0 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core_rt"%>
<h1>Accounts</h1>
<a href="index.jsp">Home3</a><br><br>
<table>
<c:forEach var="account" items="${accounts}">
<tr>
<td>
<c:out value="${account.id}"/>
</td>
<td>
<c:out value="${account.holder}"/>
</td>
<td>
<c:out value="${account.balance}"/>
</td>
<td>
<a href="post.html?id=<c:out value="${account.id}"/>&amount=-20.00">-$20</a>
<a href="post.html?id=<c:out value="${account.id}"/>&amount=-5.00">-$5</a>
<a href="post.html?id=<c:out value="${account.id}"/>&amount=5.00">+$5</a>
<a href="post.html?id=<c:out value="${account.id}"/>&amount=20.00">+$20</a>
</td>
</tr>
</c:forEach>
</table>

19
sandbox/webflow/src/main/webapp/WEB-INF/secure.xml
View File

@ -1,19 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<flow xmlns="http://www.springframework.org/schema/webflow"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
<secured attributes="ROLE_USER" />
<input name="x"/>
<view-state id="form">
<transition on="submit" to="finish" />
</view-state>
<end-state id="finish">
<output name="x"/>
</end-state>
</flow>

36
sandbox/webflow/src/main/webapp/WEB-INF/security-config.xml
View File

@ -1,36 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
<!-- Configure Spring Security -->
<security:http auto-config="true">
<security:form-login login-page="/app/login" login-processing-url="/app/authenticate" authentication-failure-url="/app/login?login_error=1" />
<security:logout logout-url="/app/logout" />
</security:http>
<!--
Define local authentication provider, a real app would use an external provider (JDBC, LDAP, CAS, etc)
usernames/passwords are:
keith/melbourne
erwin/leuven
jeremy/atlanta
scott/rochester
-->
<security:authentication-provider>
<security:password-encoder hash="md5" />
<security:user-service>
<security:user name="keith" password="417c7382b16c395bc25b5da1398cf076" authorities="ROLE_USER, ROLE_SUPERVISOR" />
<security:user name="erwin" password="12430911a8af075c6f41c6976af22b09" authorities="ROLE_USER, ROLE_SUPERVISOR" />
<security:user name="jeremy" password="57c6cbff0d421449be820763f03139eb" authorities="ROLE_USER" />
<security:user name="scott" password="942f2339bf50796de535a384f0d1af3e" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</beans>

74
sandbox/webflow/src/main/webapp/WEB-INF/web.xml
View File

@ -1,74 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Tutorial web application
-
-->
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
<display-name>Spring Security Tutorial Application</display-name>
<!--
- Location of the XML file that defines the root application context
- Applied by ContextLoaderListener.
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/security-config.xml
</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/classes/log4j.properties</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
- Loads the root application context of this web app at startup.
- The application context is then available via
- WebApplicationContextUtils.getWebApplicationContext(servletContext).
-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!--
- Publishes events for session creation and destruction through the application
- context. Optional unless concurrent session control is being used.
-->
<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!--
- Provides core MVC application controller. See contacts-servlet.xml.
-->
<servlet>
<servlet-name>webflow</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>webflow</servlet-name>
<url-pattern>/app/*</url-pattern>
</servlet-mapping>
</web-app>

59
sandbox/webflow/src/main/webapp/WEB-INF/webflow-servlet.xml
View File

@ -1,59 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:webflow="http://www.springframework.org/schema/webflow-config"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/webflow-config
http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd">
<bean class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<value>
/secure=flowController
</value>
</property>
<property name="defaultHandler">
<bean class="org.springframework.web.servlet.mvc.UrlFilenameViewController" />
</property>
</bean>
<bean id="freemarkerConfig" class="org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer">
<property name="templateLoaderPath" value="/WEB-INF/freemarker/"/>
</bean>
<bean id="viewResolver" class="org.springframework.web.servlet.view.freemarker.FreeMarkerViewResolver">
<property name="prefix" value=""/>
<property name="suffix" value=".ftl"/>
</bean>
<bean class="org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter" />
<bean id="flowController" class="org.springframework.webflow.mvc.servlet.FlowController">
<property name="flowExecutor" ref="flowExecutor"/>
</bean>
<!-- Executes flows: the entry point into the Spring Web Flow system -->
<webflow:flow-executor id="flowExecutor">
<webflow:flow-execution-listeners>
<webflow:listener ref="securityFlowExecutionListener" />
</webflow:flow-execution-listeners>
</webflow:flow-executor>
<!-- The registry of executable flow definitions -->
<webflow:flow-registry id="flowRegistry" flow-builder-services="flowBuilderServices">
<webflow:flow-location id="secure" path="/WEB-INF/secure.xml" />
</webflow:flow-registry>
<!-- Plugs in a custom creator for Web Flow views -->
<webflow:flow-builder-services id="flowBuilderServices" view-factory-creator="mvcViewFactoryCreator" />
<bean id="mvcViewFactoryCreator" class="org.springframework.webflow.mvc.builder.MvcViewFactoryCreator">
<property name="viewResolvers" ref="viewResolver"/>
</bean>
<bean id="securityFlowExecutionListener" class="org.springframework.webflow.security.SecurityFlowExecutionListener" />
</beans>

1
sandbox/webflow/src/main/webapp/index.html
View File

@ -1 +0,0 @@
Hi. I'm the index.

15
sandbox/webflow/src/main/webapp/secure/extreme/index.jsp
View File

@ -1,15 +0,0 @@
<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags" %>
<html>
<body>
<h1>VERY Secure Page</h1>
This is a protected page. You can only see me if you are a supervisor.
<authz:authorize access="hasRole('ROLE_SUPERVISOR')">
You have "ROLE_SUPERVISOR" (this text is surrounded by &lt;authz:authorize&gt; tags).
</authz:authorize>
<p><a href="../../">Home</a>
<p><a href="../../logout">Logout</a>
</body>
</html>

36
sandbox/webflow/src/main/webapp/secure/index.jsp
View File

@ -1,36 +0,0 @@
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<html>
<body>
<h1>Secure Page</h1>
<p>
This is a protected page. You can get to me if you've been remembered,
or if you've authenticated this session.
</p>
<sec:authorize access="hasRole('ROLE_SUPERVISOR')">
You are a supervisor! You can therefore see the <a href="extreme/index.jsp">extremely secure page</a>.<br/><br/>
</sec:authorize>
<h3>Properties obtained using &lt;sec:authentication /&gt; tag</h3>
<table border="1">
<tr><th>Tag</th><th>Value</th></tr>
<tr>
<td>&lt;sec:authentication property='name' /&gt;</td><td><sec:authentication property="name"/></td>
</tr>
<tr>
<td>&lt;sec:authentication property='principal.username' /&gt;</td><td><sec:authentication property="principal.username"/></td>
</tr>
<tr>
<td>&lt;sec:authentication property='principal.enabled' /&gt;</td><td><sec:authentication property="principal.enabled"/></td>
</tr>
<tr>
<td>&lt;sec:authentication property='principal.accountNonLocked' /&gt;</td><td><sec:authentication property="principal.accountNonLocked"/></td>
</tr>
</table>
<p><a href="../">Home</a>
<p><a href="../logout">Logout</a>
</body>
</html>