SEC-1494: Updated the tutorial webapp to use CSS and make use of the securityHiddenUI element when UI security is disabled.

samples/tutorial/src/main/webapp/WEB-INF/jsp/listAccounts.jsp

@@ -1,5 +1,16 @@
 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+  <head>
+      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
+      <link rel="stylesheet" href="<c:url value='/static/css/tutorial.css'/>" type="text/css" />
+      <title>Accounts</title>
+  </head>
+<body>
+<div id="content">
+
 <h1>Accounts</h1>
 
 <a href="index.jsp">Home</a><br><br>
@@ -28,4 +39,7 @@
 </c:forEach>
 </table>
 
-<p><a href="j_spring_security_logout">Logout</a>
+<p><a href="j_spring_security_logout">Logout</a></p>
+</div>
+</body>
+</html>

samples/tutorial/src/main/webapp/index.jsp

@@ -1,7 +1,18 @@
+<%@ page session="false" %>
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
-<%@page session="false" %>
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
 <html>
+  <head>
+      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
+      <link rel="stylesheet" href="<c:url value='/static/css/tutorial.css'/>" type="text/css" />
+      <title>Home Page</title>
+  </head>
 <body>
+<div id="content">
 <h1>Home Page</h1>
 <p>
 Anyone can view this page.
@@ -12,15 +23,20 @@ If you're logged in, you can <a href="listAccounts.html">list accounts</a>.
 <p>
 Your principal object is....: <%= request.getUserPrincipal() %>
 </p>
+<sec:authorize url='/secure/index.jsp'>
 <p>
-<sec:authorize url='/secure/index.jsp'>You can currently access "/secure" URLs.</sec:authorize>
+You can currently access "/secure" URLs.
 </p>
+</sec:authorize>
+<sec:authorize url='/secure/extreme/index.jsp'>
 <p>
-<sec:authorize url='/secure/extreme/index.jsp'>You can currently access "/secure/extreme" URLs.</sec:authorize>
+You can currently access "/secure/extreme" URLs.
 </p>
+</sec:authorize>
 
 <p>
 <a href="secure/index.jsp">Secure page</a></p>
 <p><a href="secure/extreme/index.jsp">Extremely secure page</a></p>
+</div>
 </body>
 </html>

samples/tutorial/src/main/webapp/loggedout.jsp

@@ -1,14 +1,20 @@
 <%@page session="false" %>
 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
 <html>
-<head>
-<title>Logged Out</title>
-</head>
+  <head>
+      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
+      <link rel="stylesheet" href="<c:url value='/static/css/tutorial.css'/>" type="text/css" />
+      <title>Logged Out</title>
+  </head>
 <body>
+<div id="content">
 <h2>Logged Out</h2>
 <p>
 You have been logged out. <a href="<c:url value='/'/>">Start again</a>.
 </p>
+</div>
 </body>
 </html>

samples/tutorial/src/main/webapp/secure/extreme/index.jsp

@@ -1,7 +1,16 @@
 <%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags" %>
+<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 
 <html>
+  <head>
+      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
+      <link rel="stylesheet" href="<c:url value='/static/css/tutorial.css'/>" type="text/css" />
+      <title>Secure Page</title>
+  </head>
 <body>
+<div id="content">
 <h1>VERY Secure Page</h1>
 This is a protected page. You can only see me if you are a supervisor.
 
@@ -9,7 +18,8 @@ This is a protected page. You can only see me if you are a supervisor.
    You have "ROLE_SUPERVISOR" (this text is surrounded by &lt;authz:authorize&gt; tags).
 </authz:authorize>
 
-<p><a href="../../">Home</a>
-<p><a href="../../j_spring_security_logout">Logout</a>
+<p><a href="../../">Home</a></p>
+<p><a href="../../j_spring_security_logout">Logout</a></p>
+</div>
 </body>
 </html>

samples/tutorial/src/main/webapp/secure/index.jsp

@@ -1,17 +1,27 @@
 <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
+<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 
 <html>
+  <head>
+      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
+      <link rel="stylesheet" href="<c:url value='/static/css/tutorial.css'/>" type="text/css" />
+      <title>Secure Page</title>
+  </head>
 <body>
+<div id="content">
+
 <h1>Secure Page</h1>
 <p>
 This is a protected page. You can get to me if you've been remembered,
 or if you've authenticated this session.
 </p>
-
+<p>
 <sec:authorize access="hasRole('ROLE_SUPERVISOR')">
     You are a supervisor! You can therefore see the <a href="extreme/index.jsp">extremely secure page</a>.<br/><br/>
 </sec:authorize>
-
+</p>
 <h3>Properties obtained using &lt;sec:authentication /&gt; tag</h3>
 <table border="1">
 <tr><th>Tag</th><th>Value</th></tr>
@@ -32,5 +42,6 @@ or if you've authenticated this session.
 
 <p><a href="../">Home</a></p>
 <p><a href="../j_spring_security_logout">Logout</a></p>
+</div>
 </body>
 </html>

samples/tutorial/src/main/webapp/static/css/tutorial.css

@@ -0,0 +1,13 @@
+
+body {
+    font-family:"Palatino Linotype","Book Antiqua",Palatino,serif;
+}
+
+#content {
+    margin: 5em auto;
+    width: 40em;
+}
+
+.securityHiddenUI, .securityHiddenUI * {
+    background-color: #ff4500;
+}

samples/tutorial/src/main/webapp/timeout.jsp

@@ -1,15 +1,20 @@
 <%@page session="false" %>
 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 
 <html>
-<head>
-<title>Session Timeout</title>
-</head>
+  <head>
+      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
+      <link rel="stylesheet" href="<c:url value='/static/css/tutorial.css'/>" type="text/css" />
+      <title>Session Timeout</title>
+  </head>
 <body>
+<div id="content">
 <h2>Invalid Session</h2>
 
 <p>
 Your session appears to have timed out. Please <a href="<c:url value='/'/>">start again</a>.
 </p>
+</div>
 </body>
 </html>