overall security cleanup and fixes

2013-06-02 20:08:13 +03:00 · 2013-06-02 20:08:13 +03:00 · 0eea508ede
commit 0eea508ede
parent d28c7a14f8
6 changed files with 30 additions and 18 deletions
--- a/spring-all/pom.xml
+++ b/spring-all/pom.xml
@ -132,6 +132,15 @@

        <plugins>
 			
+			<plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-war-plugin</artifactId>
+                <version>2.3</version>
+                <configuration>
+                    <failOnMissingWebXml>false</failOnMissingWebXml>
+                </configuration>
+            </plugin>
+            
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-surefire-plugin</artifactId>
--- a/spring-security-custom/.springBeans
+++ b/spring-security-custom/.springBeans
@ -7,7 +7,7 @@
 	</configSuffixes>
 	<enableImports><![CDATA[false]]></enableImports>
 	<configs>
-		<config>src/main/webapp/WEB-INF/mvc-servlet.xml</config>
+		<config>src/main/webapp/WEB-INF/api-servlet.xml</config>
 	</configs>
 	<configSets>
 	</configSets>
--- a/spring-security-custom/src/main/java/org/baeldung/spring/MvcConfig.java
+++ b/spring-security-custom/src/main/java/org/baeldung/spring/MvcConfig.java
@ -1,7 +1,6 @@
 package org.baeldung.spring;

 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.ViewResolver;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
@ -9,8 +8,8 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter
 import org.springframework.web.servlet.view.InternalResourceViewResolver;
 import org.springframework.web.servlet.view.JstlView;

+// @Configuration
@EnableWebMvc
-@Configuration
 public class MvcConfig extends WebMvcConfigurerAdapter {

    public MvcConfig() {
--- a/spring-security-custom/src/main/resources/webSecurityConfig.xml
+++ b/spring-security-custom/src/main/resources/webSecurityConfig.xml
@ -1,22 +1,26 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
-    xsi:schemaLocation="
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
+	xsi:schemaLocation="
        http://www.springframework.org/schema/security 
        http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">

-    <http use-expressions="true">
-        <intercept-url pattern="/login*" access="permitAll" />
-        <intercept-url pattern="/**" access="isAuthenticated()" />
+	<http use-expressions="true">
+		<intercept-url pattern="/login*" access="permitAll" />
+		<intercept-url pattern="/**" access="isAuthenticated()" />

-        <form-login login-page='/login.html' login-processing-url="/perform_login" default-target-url="/homepage.html" authentication-failure-url="/login.html?error=true"
-            always-use-default-target="true" />
+		<!-- <form-login login-page='/login.html' login-processing-url="/perform_login" 
+			default-target-url="/homepage.html" authentication-failure-url="/login.html?error=true" -->
+		<!-- always-use-default-target="true" /> -->

-    </http>
+		<http-basic />

-    <authentication-manager>
-        <authentication-provider ref="customAuthenticationProvider" />
-    </authentication-manager>
+	</http>
+
+	<authentication-manager>
+		<authentication-provider ref="customAuthenticationProvider" />
+	</authentication-manager>

 </beans:beans>
--- a/spring-security-custom/src/main/webapp/WEB-INF/api-servlet.xml
+++ b/spring-security-custom/src/main/webapp/WEB-INF/api-servlet.xml
--- a/spring-security-custom/src/main/webapp/WEB-INF/web.xml
+++ b/spring-security-custom/src/main/webapp/WEB-INF/web.xml
@ -24,13 +24,13 @@

    <!-- Spring child -->
    <servlet>
-        <servlet-name>mvc</servlet-name>
+        <servlet-name>api</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
-        <servlet-name>mvc</servlet-name>
-        <url-pattern>/</url-pattern>
+        <servlet-name>api</servlet-name>
+        <url-pattern>/api/*</url-pattern>
    </servlet-mapping>

    <!-- Spring Security -->