Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated heavy-duty sample to be able to build it.

This commit is contained in:
Luke Taylor 2009-04-28 06:42:57 +00:00
parent 929b6bb1a0
commit f38c0eb675
13 changed files with 268 additions and 275 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
sandbox/heavyduty/pom.xml
View File

@ -8,24 +8,20 @@
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<artifactId>spring-security-ldap</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>org.springframework.core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>org.springframework.context</artifactId>
<version>${spring.version}</version>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>org.springframework.web</artifactId>
@ -40,60 +36,62 @@
<groupId>org.springframework</groupId>
<artifactId>org.springframework.jdbc</artifactId>
<scope>runtime</scope>
<version>${spring.version}</version>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<artifactId>org.springframework.orm</artifactId>
<version>${spring.version}</version>
</dependency>
</dependency>
<!--
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>org.springframework.context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>org.springframework.aop</artifactId>
<scope>runtime</scope>
<version>${spring.version}</version>
</dependency>
-->
<dependency>
<groupId>org.freemarker</groupId>
<artifactId>freemarker</artifactId>
<scope>runtime</scope>
<version>2.3.12</version>
</dependency>
<dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>1.8.0.7</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>3.3.2.GA</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>1.3.0</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<optional>true</optional>
<version>1.5.4</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>1.5.4</version>
</dependency>
</dependency>
<dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>1.8.0.7</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>3.3.2.GA</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>1.4.1</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<scope>provided</scope>
<version>2.4</version>
</dependency>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
@ -104,7 +102,7 @@
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<scope>runtime</scope>
<version>1.1.2</version>
<version>1.1.2</version>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
@ -123,18 +121,18 @@
<artifactId>slf4j-log4j12</artifactId>
<version>1.4.3</version>
<scope>runtime</scope>
</dependency>
</dependency>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap</artifactId>
<version>1.2.1</version>
</dependency>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<scope>runtime</scope>
<version>1.2.14</version>
</dependency>
</dependency>
</dependencies>
<build>
@ -155,7 +153,7 @@
<downloadSources>true</downloadSources>
<wtpversion>2.0</wtpversion>
</configuration>
</plugin>
</plugin>
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty-plugin</artifactId>
@ -183,8 +181,8 @@
</plugin>
</plugins>
</build>
<properties>
<spring.version>2.5.6</spring.version>
<properties>
<spring.version>3.0.0.M2</spring.version>
<spring.security.version>3.0.0.CI-SNAPSHOT</spring.security.version>
</properties>

4
sandbox/heavyduty/src/main/java/bigbank/BankDaoStub.java
View File

@ -5,8 +5,8 @@ import java.util.Map;
public class BankDaoStub implements BankDao {
private long id = 0;
private Map accounts = new HashMap();
private Map<Long, Account> accounts = new HashMap<Long, Account>();
public void createOrUpdateAccount(Account account) {
if (account.getId() == -1) {
id++;

8
sandbox/heavyduty/src/main/java/bigbank/BankService.java
View File

@ -1,15 +1,15 @@
package bigbank;
import org.springframework.security.annotation.Secured;
import org.springframework.security.access.annotation.Secured;
public interface BankService {
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
public Account readAccount(Long id);
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
public Account[] findAccounts();
@Secured("ROLE_TELLER")
public Account post(Account account, double amount);
}

10
sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyAuthenticationProcessingFilter.java
View File

@ -1,11 +1,11 @@
package heavyduty.security.ui;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
public class HeavyDutyAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
}

6
sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyEntryPoint.java
View File

@ -1,9 +1,9 @@
package heavyduty.security.ui;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
public class HeavyDutyEntryPoint extends AuthenticationProcessingFilterEntryPoint {
}

16
sandbox/heavyduty/src/main/java/heavyduty/web/TestMultiActionController.java
View File

@ -18,33 +18,33 @@ import org.springframework.web.servlet.mvc.multiaction.MultiActionController;
*/
public class TestMultiActionController extends MultiActionController {
public static final String VIEW_NAME = "multi-action-test";
public String login(HttpServletRequest request, HttpServletResponse response) {
return "login";
}
public void step1(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String[] x = request.getParameterValues("x");
logger.info("x= " + (x == null ? "null" : Arrays.asList(x)));
String[] y = request.getParameterValues("y");
logger.info("y = " + (y == null ? "null" : Arrays.asList(y)));
logger.info("y = " + (y == null ? "null" : Arrays.asList(y)));
request.getRequestDispatcher("/testMulti.htm?action=step1xtra&x=5&x=5").forward(request, response);
}
public ModelAndView step1xtra(HttpServletRequest request, HttpServletResponse response) throws ServletRequestBindingException {
logger.info("x = " + Arrays.asList(request.getParameterValues("x")));
return createView("step2");
}
}
public ModelAndView step2(HttpServletRequest request, HttpServletResponse response) throws ServletRequestBindingException {
return createView("step1");
}
private ModelAndView createView(String name) {
Map model = new HashMap();
Map<String, String> model = new HashMap<String, String>();
model.put("nextAction", name);
return new ModelAndView(VIEW_NAME, model);
}
}

11
sandbox/heavyduty/src/main/java/sample/TestVoter.java
View File

@ -1,12 +1,11 @@
package sample;
import java.lang.annotation.Annotation;
import java.util.List;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.vote.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.vote.AccessDecisionVoter;
import org.springframework.security.core.Authentication;
public class TestVoter implements AccessDecisionVoter {
@ -14,14 +13,14 @@ public class TestVoter implements AccessDecisionVoter {
return true;
}
public boolean supports(Class clazz) {
public boolean supports(Class<?> clazz) {
return MethodInvocation.class.isAssignableFrom(clazz);
}
public int vote(Authentication authentication, Object object, List<ConfigAttribute> config) {
MethodInvocation mi = (MethodInvocation) object;
Annotation[][] annotations = mi.getMethod().getParameterAnnotations();
mi.getMethod().getParameterAnnotations();
return ACCESS_GRANTED;

18
sandbox/heavyduty/src/main/java/sample/dao/impl/GenericDAOImpl.java
View File

@ -24,7 +24,7 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
/**
* Minimal constructor
*
*
* @param t
* type POJO hibernate
*/
@ -34,12 +34,11 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
/**
* read data
*
*
* @param id
* data id
* @return data
*/
@SuppressWarnings("unchecked")
public T read(PK id) {
if (id == null) {
throw new IllegalArgumentException("Id cannot be null or empty");
@ -54,7 +53,7 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
/**
* persist data
*
*
* @param transientInstance
* data to persist
* @see sido.common.dao.GenericDAO#persist(T)
@ -68,9 +67,9 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
}
/**
*
*
* attach clean
*
*
* @param instance
* data to attach
* @see sido.common.dao.GenericDAO#refresh(T)
@ -85,7 +84,7 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
/**
* delete
*
*
* @param persistentInstance
* data to delete
* @see sido.common.dao.GenericDAO#delete(T)
@ -100,13 +99,12 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
/**
* merge
*
*
* @param detachedInstance
* data to merge
* @return the merged data
* @see sido.common.dao.GenericDAO#merge(T)
*/
@SuppressWarnings("unchecked")
public T merge(T detachedInstance) {
if (LOG.isDebugEnabled()) {
LOG.debug("merging instance of "
@ -123,4 +121,4 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
}
}
}

12
sandbox/heavyduty/src/main/java/sample/service/UserService.java
View File

@ -1,16 +1,16 @@
package sample.service;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
public interface UserService extends UserDetailsService {
/**
* Register a new User in database
* @param username
*/
public UserDetails register(String username, String password);
}

22
sandbox/heavyduty/src/main/java/sample/service/impl/UserServiceImpl.java
View File

@ -1,18 +1,16 @@
/**
*
*
*/
package sample.service.impl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.AuthenticationException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UsernameNotFoundException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import sample.dao.UserDAO;
@ -21,7 +19,7 @@ import sample.service.UserService;
/**
* @author A207119
*
*
*/
@Component
@Transactional
@ -39,9 +37,9 @@ public class UserServiceImpl implements UserService {
try {
User user = userDAO.findByUsername(username);
return new org.springframework.security.userdetails.User(user
return new org.springframework.security.core.userdetails.User(user
.getUsername(), user.getPassword(), true, true, true, true,
new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_USER") });
AuthorityUtils.createAuthorityList("ROLE_USER"));
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throw new UsernameNotFoundException("No matching account", e);
@ -51,9 +49,9 @@ public class UserServiceImpl implements UserService {
public UserDetails register(String username, String password) {
User user = new User(username, password);
userDAO.persist(user);
return new org.springframework.security.userdetails.User(user
return new org.springframework.security.core.userdetails.User(user
.getUsername(), user.getPassword(), true, true, true, true,
new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_USER") });
AuthorityUtils.createAuthorityList("ROLE_USER"));
}

108
sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml
View File

@ -12,33 +12,33 @@
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
<!--b:import resource="appContext-misc.xml"/-->
<context:component-scan base-package='sample'/>
<global-method-security secured-annotations="enabled" access-decision-manager-ref="methodAccessMgr">
<protect-pointcut expression="execution(* sample.service.UserService+.*(..))"
access="ROLE_LOGGEDIN" />
</global-method-security>
<aop:aspectj-autoproxy/>
<b:bean id="methodAccessMgr" class="org.springframework.security.vote.AffirmativeBased">
<b:property name="decisionVoters">
<b:list>
<b:bean class="sample.TestVoter"/>
</b:list>
</b:property>
</b:bean>
<context:component-scan base-package='sample'/>
<global-method-security secured-annotations="enabled" access-decision-manager-ref="methodAccessMgr">
<protect-pointcut expression="execution(* sample.service.UserService+.*(..))"
access="ROLE_LOGGEDIN" />
</global-method-security>
<aop:aspectj-autoproxy/>
<b:bean id="methodAccessMgr" class="org.springframework.security.access.vote.AffirmativeBased">
<b:property name="decisionVoters">
<b:list>
<b:bean class="sample.TestVoter"/>
</b:list>
</b:property>
</b:bean>
<http>
<intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
<intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
<intercept-url pattern="/testMulti.htm*" access="IS_AUTHENTICATED_FULLY" />
<!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
<intercept-url pattern="/testMulti.htm*" access="IS_AUTHENTICATED_FULLY" />
<!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
<intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />
<intercept-url pattern="/post.html" access="ROLE_TELLER" />
-->
@ -57,25 +57,25 @@
<!-- Uncomment to limit the number of sessions a user can have -->
<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" session-registry-ref='sessionRegistry'/>
</http>
<authentication-manager alias="authenticationManager" />
<b:bean id='tokenRepo' class='org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl'/>
<b:bean id='tokenRepo' class='org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl'/>
<!-- Traditional Session Control Beans -->
<!--
<!--
<b:bean id='sessionControlFilter' class="org.springframework.security.concurrent.ConcurrentSessionFilter">
<custom-filter position="CONCURRENT_SESSION_FILTER"/>
<b:property name="sessionRegistry" ref='sessionRegistry'/>
</b:bean>
<b:bean id='sessionController' class="org.springframework.security.concurrent.ConcurrentSessionControllerImpl">
<b:property name='sessionRegistry' ref='sessionRegistry'/>
</b:bean>
-->
<b:bean id='sessionRegistry' class="org.springframework.security.concurrent.SessionRegistryImpl"/>
-->
<b:bean id='sessionRegistry' class="org.springframework.security.authentication.concurrent.SessionRegistryImpl"/>
<!--
<b:bean id="customAuthFilter" class="heavyduty.security.ui.HeavyDutyAuthenticationProcessingFilter">
<custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
@ -86,45 +86,45 @@
<b:bean id="customEntryPoint" class="heavyduty.security.ui.HeavyDutyEntryPoint">
<b:property name="loginFormUrl" value="/login.jsp"/>
</b:bean>
-->
<!--
-->
<!--
<b:bean id="loginPageGenerator" class="org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter">
<custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/>
<b:constructor-arg ref="customAuthFilter"/>
</b:bean>
-->
<authentication-provider user-service-ref="daoUserService">
<password-encoder hash="md5" />
</authentication-provider>
<authentication-provider user-service-ref="daoUserService">
<password-encoder hash="md5" />
</authentication-provider>
<authentication-provider>
<password-encoder hash="md5"/>
<user-service>
<user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
<user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
<user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
<user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
<user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
<ldap-server id="ldapServer"/>
</user-service>
</authentication-provider>
<ldap-server id="ldapServer"/>
<!-- b:bean id="mbeanServer" class="org.springframework.jmx.support.MBeanServerFactoryBean"/ -->
<b:bean id="exporter" class="org.springframework.jmx.export.MBeanExporter">
<b:property name="beans">
<b:map>
<b:entry key="bean:name=ldapContextSource" value-ref="ldapServer"/>
</b:map>
</b:property>
<b:property name="assembler">
<b:bean class="org.springframework.jmx.export.assembler.MethodNameBasedMBeanInfoAssembler">
<b:property name="managedMethods" value="setPassword,setUserDn,getUrls,setUrl,setUrls,setPooled,isPooled,setBase,getBaseLdapPathAsString"/>
</b:bean>
</b:property>
<!-- b:property name="server" ref="mbeanServer"/-->
</b:bean>
<b:bean id="exporter" class="org.springframework.jmx.export.MBeanExporter">
<b:property name="beans">
<b:map>
<b:entry key="bean:name=ldapContextSource" value-ref="ldapServer"/>
</b:map>
</b:property>
<b:property name="assembler">
<b:bean class="org.springframework.jmx.export.assembler.MethodNameBasedMBeanInfoAssembler">
<b:property name="managedMethods" value="setPassword,setUserDn,getUrls,setUrl,setUrls,setPooled,isPooled,setBase,getBaseLdapPathAsString"/>
</b:bean>
</b:property>
<!-- b:property name="server" ref="mbeanServer"/-->
</b:bean>
</b:beans>
</b:beans>

226
sandbox/heavyduty/src/main/webapp/WEB-INF/applicationContext-acegi-security.xml
View File

@ -18,35 +18,35 @@
<beans>
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value><![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
]]></value>
</property>
</bean>
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value><![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
]]></value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
<constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
<constructor-arg>
<list>
<ref bean="rememberMeServices"/>
<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>
<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
<constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
<constructor-arg>
<list>
<ref bean="rememberMeServices"/>
<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>
<bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>
<property name="defaultTargetUrl" value="/"/>
<property name="filterProcessesUrl" value="/j_spring_security_check"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>
<bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>
<property name="defaultTargetUrl" value="/"/>
<property name="filterProcessesUrl" value="/j_spring_security_check"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>
<bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
@ -57,105 +57,105 @@
<property name="realmName"><value>My Realm</value></property>
</bean>
<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
<bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>
<bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>
<bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="changeThis"/>
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
</bean>
<bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="changeThis"/>
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
</bean>
<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/acegilogin.jsp"/>
<property name="forceHttps" value="false"/>
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp"/>
</bean>
</property>
</bean>
<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/acegilogin.jsp"/>
<property name="forceHttps" value="false"/>
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp"/>
</bean>
</property>
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.vote.RoleVoter"/>
<bean class="org.springframework.security.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.access.vote.RoleVoter"/>
<bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value><![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secure/extreme/**=ROLE_SUPERVISOR
/secure/**=IS_AUTHENTICATED_REMEMBERED
/**=IS_AUTHENTICATED_ANONYMOUSLY
]]></value>
</property>
</bean>
<bean id="filterInvocationInterceptor" class="org.springframework.security.web.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value><![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secure/extreme/**=ROLE_SUPERVISOR
/secure/**=IS_AUTHENTICATED_REMEMBERED
/**=IS_AUTHENTICATED_ANONYMOUSLY
]]></value>
</property>
</bean>
<bean id="rememberMeServices" class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="userDetailsService"/>
<property name="key" value="changeThis"/>
</bean>
<bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="userDetailsService"/>
<property name="key" value="changeThis"/>
</bean>
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<bean class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
<bean class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
</list>
</property>
</bean>
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<bean class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
<bean class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
<bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
<property name="userProperties">
<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location" value="/WEB-INF/users.properties"/>
</bean>
</property>
</bean>
<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
<bean id="userDetailsService" class="org.springframework.security.core.userdetails.memory.InMemoryDaoImpl">
<property name="userProperties">
<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location" value="/WEB-INF/users.properties"/>
</bean>
</property>
</bean>
<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
<bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>
<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
<bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
<bean id="daacc" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>
<bean id="daacc" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>
<bean id="attributes" class="org.springframework.security.annotation.SecurityAnnotationAttributes"/>
<bean id="attributes" class="org.springframework.security.access.annotation.SecurityAnnotationAttributes"/>
<bean id="objectDefinitionSource" class="org.springframework.security.intercept.method.MethodDefinitionAttributes">
<property name="attributes"><ref local="attributes"/></property>
</bean>
<bean id="securityMetadataSource" class="org.springframework.security.access.intercept.method.MethodDefinitionAttributes">
<property name="attributes"><ref local="attributes"/></property>
</bean>
<bean id="securityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
<property name="objectDefinitionSource">
<ref local="objectDefinitionSource"/>
</property>
</bean>
<bean id="securityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
<property name="securityMetadataSource">
<ref local="securityMetadataSource"/>
</property>
</bean>
</beans>
</beans>

2
sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml
View File

@ -62,7 +62,7 @@
- context. Optional unless concurrent session control is being used.
-->
<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<!--