[parancoe] 3 new revisions pushed by enricogi...@gmail.com on 2012-08-06 00:18 GMT
2 views
Skip to first unread message
para...@googlecode.com
Aug 5, 2012, 8:18:20 PM8/5/12
to parancoe...@googlegroups.com
3 new revisions:
Revision: ea2c34ea7fef
Author: enricogiurin <enrico...@gmail.com>
Date: Sun Aug 5 17:14:30 2012
Log: issue-14
http://code.google.com/p/parancoe/source/detail?r=ea2c34ea7fef
Revision: af1cebee40de
Author: enricogiurin <enrico...@gmail.com>
Date: Sun Aug 5 17:16:18 2012
Log: issue-14
http://code.google.com/p/parancoe/source/detail?r=af1cebee40de
Revision: 6a0f0a645238
Author: enricogiurin <enrico...@gmail.com>
Date: Sun Aug 5 17:16:44 2012
Log: issue-14
http://code.google.com/p/parancoe/source/detail?r=6a0f0a645238
==============================================================================
Revision: ea2c34ea7fef
Author: enricogiurin <enrico...@gmail.com>
Date: Sun Aug 5 17:14:30 2012
Log: issue-14
http://code.google.com/p/parancoe/source/detail?r=ea2c34ea7fef
Modified:
/plugins/parancoe-plugin-springsecurity-evolution/src/main/java/org/parancoe/plugins/securityevolution/SecureController.java
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/WEB-INF/jsp/plugin/security/login.jsp
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/applicationContext-plugin.xml
=======================================
---
/plugins/parancoe-plugin-springsecurity-evolution/src/main/java/org/parancoe/plugins/securityevolution/SecureController.java
Tue May 15 15:15:46 2012
+++
/plugins/parancoe-plugin-springsecurity-evolution/src/main/java/org/parancoe/plugins/securityevolution/SecureController.java
Sun Aug 5 17:14:30 2012
@@ -17,11 +17,11 @@
*/
package org.parancoe.plugins.securityevolution;
+import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
-
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
@@ -34,16 +34,31 @@
@Controller
@RequestMapping("/plugin/security/*.html")
-public class SecureController {
+public class SecureController {
private static Logger logger =
Logger.getLogger(SecureController.class);
+
+ @Resource(name="loginView")
+ private String loginView;
+
+ @Resource(name="accessDeniedView")
+ private String accessDeniedView;
+
@RequestMapping
public ModelAndView login(HttpServletRequest req, HttpServletResponse
res){
- return new ModelAndView("plugin/security/login");
+ if(logger.isDebugEnabled())
+ {
+ logger.debug("Forwarding view to "+loginView);
+ }
+ return new ModelAndView(loginView);
}
@RequestMapping
public ModelAndView accessDenied(HttpServletRequest req,
HttpServletResponse res){
- return new ModelAndView("plugin/security/accessDenied");
+ if(logger.isDebugEnabled())
+ {
+ logger.debug("Forwarding view to "+accessDeniedView);
+ }
+ return new ModelAndView(accessDeniedView);
}
@RequestMapping
@@ -51,7 +66,7 @@
HttpServletResponse res) {
return null;
}
-
+
/*@RequestMapping
public ModelAndView j_spring_security_check(HttpServletRequest req,
HttpServletResponse res){
return null;
=======================================
---
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/WEB-INF/jsp/plugin/security/login.jsp
Tue May 15 15:15:46 2012
+++
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/WEB-INF/jsp/plugin/security/login.jsp
Sun Aug 5 17:14:30 2012
@@ -50,15 +50,6 @@
<tr><td colspan='2'><input name="submit" type="submit"></td></tr>
<tr><td colspan='2'><input name="reset" type="reset"></td></tr>
</table>
- </form>
-
-
- <h1>Register with Google OpenID support</h1>
- <form action="j_spring_openid_security_check" method="post">
- <input name="openid_identifier" size="50" maxlength="100"
- type="hidden" value=" https://www.google.com/accounts/o8/id" />
- <input type="submit" value="Sign in with Google" />
- </form>
-
+ </form>
</body>
</html>
=======================================
---
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/applicationContext-plugin.xml
Tue May 29 21:24:49 2012
+++
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/applicationContext-plugin.xml
Sun Aug 5 17:14:30 2012
@@ -29,100 +29,239 @@
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
- <!-- Authomatic discovering of persistent classes -->
+ <!-- Automatic discovering of persistent classes -->
<lambico:discover-persistent-classes
basePackage="org.parancoe.plugins.securityevolution"/>
- <!-- Authomatic DAO definition from persistent classes -->
+ <!-- Automatic DAO definition from persistent classes -->
<lambico:define-daos
baseInterfacePackage="org.parancoe.plugins.securityevolution"/>
- <!-- Authomatic discovering of components -->
+ <!-- Automatic discovering of components -->
<context:component-scan
base-package="org.parancoe.plugins.securityevolution"/>
-
- <!--
- BEGIN Security configuration
- -->
-
- <security:http auto-config="true" pattern="/**"
- use-expressions="true"
access-decision-manager-ref="accessDecisionManager"
- authentication-manager-ref="authenticationManager">
-
- <security:logout invalidate-session="true"
- logout-success-url="/" logout-url="/logout.html" delete-cookies="true"
/>
- <security:custom-filter ref="parancoeFilterSecurityInterceptor"
- before="FILTER_SECURITY_INTERCEPTOR" />
-
-
- <security:form-login login-page="/plugin/security/login.html"
- authentication-failure-url="/plugin/security/login.html?login_error=1"
- login-processing-url="/plugin/security/j_spring_security_check" />
- <security:access-denied-handler
- error-page="/plugin/security/accessDenied.html" />
- <security:openid-login
- authentication-failure-url="/plugin/security/login.html?login_error=1"
- user-service-ref="openIDUserService"
login-processing-url="/plugin/security/j_spring_openid_security_check">
- <security:attribute-exchange
- identifier-match="https://www.google.com/.*">
- <security:openid-attribute name="email"
- type="http://schema.openid.net/contact/email" required="true" />
- </security:attribute-exchange>
- </security:openid-login>
- </security:http>
-
- <security:authentication-manager id="authenticationManager"
- alias="authenticationManager">
- <security:authentication-provider
- user-service-ref="userDetailsService">
- <security:password-encoder ref="passwordEncoder">
- <security:salt-source ref="saltSource" />
- </security:password-encoder>
- </security:authentication-provider>
- </security:authentication-manager>
-
- <!-- This section will be override at application level (webapp using the
plugin)-->
+<!--
+
+ BEGIN Security configuration.
+ This configuration is based on the dogstore-explicit-base.xml
configuration file
+ available at http://www.packtpub.com/support?nid=4435 -
www.springsecuritybook.com
+ Book: Spring Security 3 - Peter Mularien
+
+-->
+
+<!--
+ Plugin properties which are very likely to be overridden.
+ web-app can override one or more of the following values in the
application configuration file: WEB-INF\applicationContext.xml
+ Name is meaningful so no comment is needed
+-->
+
+
+ <bean id="filterUrlLogout" class="java.lang.String">
+ <constructor-arg type="java.lang.String" value="/logout.html"/>
+ </bean>
+
+ <bean id="loginView" class="java.lang.String">
+ <constructor-arg type="java.lang.String" value="/plugin/security/login"/>
+ </bean>
+
+ <bean id="accessDeniedView" class="java.lang.String">
+ <constructor-arg type="java.lang.String"
value="/plugin/security/accessDenied"/>
+ </bean>
+
+ <!-- This keyString should be overridden by your application. This value
is shared between rememberMeServices and rememberMeAuthenticationProvider,
so these two need to have the same value for 'key'-->
+ <bean id="keyString" class="java.lang.String">
+ <constructor-arg type="java.lang.String" value="parancoeKey"/>
+ </bean>
+
+ <bean id="logoutSuccessUrl" class="java.lang.String">
+ <constructor-arg type="java.lang.String" value="/"/>
+ </bean>
+
+ <bean id="defaultFailureUrl" class="java.lang.String">
+ <constructor-arg type="java.lang.String"
value="/plugin/security/login.html?login_error=1"/>
+ </bean>
+
+ <bean id="loginFormUrl" class="java.lang.String">
+ <constructor-arg type="java.lang.String"
value="/plugin/security/login.html"/>
+ </bean>
+
+ <bean id="accessDeniedUrl" class="java.lang.String">
+ <constructor-arg type="java.lang.String"
value="/plugin/security/accessDenied.html"/>
+ </bean>
+ <!-- The URL destination that this filter intercepts and processes -->
+ <bean id="filterProcessesUrl" class="java.lang.String">
+ <constructor-arg type="java.lang.String"
value="/plugin/security/j_spring_security_check"/>
+ </bean>
+
+
+
+ <bean id="tokenKey" class="java.lang.String">
+ <constructor-arg type="java.lang.String" value="ASGDADAG7625SGSG"/>
+ </bean>
+
+
+
+
+<!--
+ Filters definition. The commas are required in the
filter-chain "filters" attribute!
+-->
+
+ <bean id="springSecurityFilterChain"
class="org.springframework.security.web.FilterChainProxy">
+ <security:filter-chain-map path-type="ant">
+ <security:filter-chain pattern="/**" filters="
+ securityContextPersistenceFilter,
+ logoutFilter,
+ usernamePasswordProcessingFilter,
+ rememberMeProcessingFilter,
+ anonymousProcessingFilter,
+ exceptionTranslationFilter,
+ filterSecurityInterceptor" />
+ </security:filter-chain-map>
+ </bean>
+
+ <bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
+
+ <!-- Note the construction of the logout filter differs from most others
-->
+ <bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
+ <!-- the post-logout destination -->
+ <constructor-arg ref="logoutSuccessUrl"/>
+
+ <constructor-arg>
+ <array>
+ <ref bean="logoutHandler"/>
+ <ref bean="rememberMeServices"/>
+ </array>
+ </constructor-arg>
+ <property name="filterProcessesUrl" ref="filterUrlLogout"/>
+ </bean>
+
+
+
+ <bean id="usernamePasswordProcessingFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
+ <property name="filterProcessesUrl" ref="filterProcessesUrl" />
+ <!--
+
+ <property name="usernameParameter" value="login_username"/>
+ <property name="passwordParameter" value="login_password"/>
+ -->
+ <property name="authenticationManager"
ref="customAuthenticationManager"/>
+ <property name="rememberMeServices" ref="rememberMeServices"/>
+ <property name="authenticationFailureHandler"
ref="authenticationFailureHandler"/>
+ </bean>
+
+ <bean id="rememberMeProcessingFilter"
class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
+ <property name="rememberMeServices" ref="rememberMeServices"/>
+ <property name="authenticationManager"
ref="customAuthenticationManager" />
+ </bean>
+
+ <bean id="anonymousProcessingFilter"
class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
+ <!-- Both of these are required -->
+ <!-- username, default role -->
+ <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
+ <!-- randomly generated key -->
+ <property name="key" ref="tokenKey"/>
+ </bean>
+
+ <bean id="exceptionTranslationFilter"
class="org.springframework.security.web.access.ExceptionTranslationFilter">
+ <property name="authenticationEntryPoint"
ref="authenticationEntryPoint"/>
+ <property name="accessDeniedHandler" ref="accessDeniedHandler"/>
+ </bean>
+
+ <bean id="filterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
+ <property name="authenticationManager"
ref="customAuthenticationManager"/>
+ <property name="accessDecisionManager" ref="affirmativeBased"/>
+ <property name="securityMetadataSource" ref="securityMetadataSource"/>
+ </bean>
+
+
+
+<!--
+ Handlers and beans needed by the filters.
+-->
+
+ <!-- This section will be overridden at application level (webapp using
the plugin)-->
<security:filter-security-metadata-source
id="securityMetadataSource" use-expressions="true">
<security:intercept-url pattern="/admin/**"
access="hasRole('ROLE_ADMIN')" />
</security:filter-security-metadata-source>
-
-
- <bean id="parancoeFilterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"
>
- <property name="authenticationManager" ref="authenticationManager"/>
- <property name="accessDecisionManager" ref="accessDecisionManager"/>
- <property name="securityMetadataSource" ref="securityMetadataSource"/>
- </bean>
-
- <bean
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"
id="passwordEncoder" />
-
- <bean
class="org.springframework.security.authentication.dao.ReflectionSaltSource"
id="saltSource">
+
+ <bean id="logoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
+
+ <bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
+ <property name="key" ref="keyString"/>
+ <property name="userDetailsService" ref="userDetailsService"/>
+ </bean>
+
+ <!-- Custom parancoe implementation of the UserDetailsService interface
-->
+ <bean id="userDetailsService"
class="org.parancoe.plugins.securityevolution.ParancoeUserDetailsService"/>
+
+ <bean id="customAuthenticationManager"
class="org.springframework.security.authentication.ProviderManager">
+ <property name="providers">
+ <list>
+ <ref bean="authenticationProvider"/>
+ <ref bean="rememberMeAuthenticationProvider"/>
+ </list>
+ </property>
+ </bean>
+
+ <bean id="authenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
+ <property name="passwordEncoder" ref="passwordEncoder"/>
+ <property name="saltSource" ref="saltSource"/>
+ <property name="userDetailsService" ref="userDetailsService"/>
+ </bean>
+
+ <bean
class="org.springframework.security.authentication.dao.ReflectionSaltSource"
id="saltSource">
<property name="userPropertyToUse" value="getUsername"/>
</bean>
- <bean id="userDetailsService"
class="org.parancoe.plugins.securityevolution.ParancoeUserDetailsService"/>
-
-
- <!-- custom authentication for openId -->
- <bean id="openIDUserService"
class="org.parancoe.plugins.securityevolution.ParancoeOpenIDUserDetailsService"
/>
-
- <bean class="org.springframework.security.access.vote.UnanimousBased"
id="accessDecisionManager">
+ <bean
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"
id="passwordEncoder" />
+
+ <bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
+ <property name="key" ref="keyString"/>
+ </bean>
+
+ <bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
+ <property name="defaultFailureUrl" ref="defaultFailureUrl"/>
+ </bean>
+
+ <bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
+ <property name="loginFormUrl" ref="loginFormUrl" />
+ </bean>
+
+ <bean id="accessDeniedHandler"
class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
+ <property name="errorPage" ref="accessDeniedUrl" />
+ </bean>
+
+ <bean class="org.springframework.security.access.vote.AffirmativeBased"
id="affirmativeBased">
<property name="decisionVoters">
<list>
- <ref bean="webExpressionVoter"/>
+ <ref bean="roleVoter"/>
+ <ref bean="expressionVoter"/>
+ <ref bean="authenticatedVoter"/>
</list>
</property>
</bean>
- <bean id="webExpressionVoter"
class="org.springframework.security.web.access.expression.WebExpressionVoter"
/>
-
- <!--
- END Security configuration
- -->
+
+ <bean class="org.springframework.security.access.vote.RoleVoter"
id="roleVoter"/>
+
+ <bean class="org.springframework.security.access.vote.AuthenticatedVoter"
id="authenticatedVoter"/>
+
+ <!-- Used for expressions -->
+ <bean
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"
id="expressionHandler"/>
+ <bean
class="org.springframework.security.web.access.expression.WebExpressionVoter"
id="expressionVoter">
+ <property name="expressionHandler" ref="expressionHandler"/>
+ </bean>
+
+<!--
+
+ END - Security configuration
+
+-->
- <!-- -->
- <!-- Configurazione del plugin -->
- <!-- -->
+<!--
+ Plugin configuration in accordance with the parancoe plugins
architecture
+-->
<bean id="applicationContextPluginSpringSecurityEvolutionConfig"
class="org.parancoe.web.plugin.ApplicationContextPlugin">
<property name="name"
value="parancoe-plugin-springsecurity-evoulution"/>
<property name="contextLoaderListeners">
==============================================================================
Revision: af1cebee40de
Author: enricogiurin <enrico...@gmail.com>
Date: Sun Aug 5 17:16:18 2012
Log: issue-14
http://code.google.com/p/parancoe/source/detail?r=af1cebee40de
Added:
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/applicationContext-plugin-schema.xml
Deleted:
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/applicationContext-plugin.explicit.xml
=======================================
--- /dev/null
+++
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/applicationContext-plugin-schema.xml
Sun Aug 5 17:16:18 2012
@@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (C) 2006-2012 The Parancoe Team <in...@parancoe.org>
+
+ This file is part of Parancoe Plugin Spring Security Evolution.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+
+<!--
+ WARNING: This file is not used by the plugin. We keep it
+ as it shows the usage of the springsecurity schema.
+ -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+
xmlns:security="http://www.springframework.org/schema/security"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:lambico="http://www.lambico.org/schema/lambico"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ http://www.lambico.org/schema/lambico
http://www.lambico.org/schema/lambico.xsd
+ http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
+ http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
+
+
+ <!-- Authomatic discovering of persistent classes -->
+ <lambico:discover-persistent-classes
basePackage="org.parancoe.plugins.securityevolution"/>
+ <!-- Authomatic DAO definition from persistent classes -->
+ <lambico:define-daos
baseInterfacePackage="org.parancoe.plugins.securityevolution"/>
+
+ <!-- Authomatic discovering of components -->
+ <context:component-scan
base-package="org.parancoe.plugins.securityevolution"/>
+
+
+ <!--
+ BEGIN Security configuration
+ -->
+
+ <security:http auto-config="true" pattern="/**"
+ use-expressions="true"
access-decision-manager-ref="accessDecisionManager"
+ authentication-manager-ref="authenticationManager">
+
+ <security:logout invalidate-session="true"
+ logout-success-url="/" logout-url="/logout.html" delete-cookies="true"
/>
+ <security:custom-filter ref="parancoeFilterSecurityInterceptor"
+ before="FILTER_SECURITY_INTERCEPTOR" />
+
+
+ <security:form-login login-page="/plugin/security/login.html"
+ authentication-failure-url="/plugin/security/login.html?login_error=1"
+ login-processing-url="/plugin/security/j_spring_security_check" />
+ <security:access-denied-handler
+ error-page="/plugin/security/accessDenied.html" />
+ <security:openid-login
+ authentication-failure-url="/plugin/security/login.html?login_error=1"
+ user-service-ref="openIDUserService"
login-processing-url="/plugin/security/j_spring_openid_security_check">
+ <security:attribute-exchange
+ identifier-match="https://www.google.com/.*">
+ <security:openid-attribute name="email"
+ type="http://schema.openid.net/contact/email" required="true" />
+ </security:attribute-exchange>
+ </security:openid-login>
+ </security:http>
+
+ <security:authentication-manager id="authenticationManager"
+ alias="authenticationManager">
+ <security:authentication-provider
+ user-service-ref="userDetailsService">
+ <security:password-encoder ref="passwordEncoder">
+ <security:salt-source ref="saltSource" />
+ </security:password-encoder>
+ </security:authentication-provider>
+ </security:authentication-manager>
+
+ <!-- This section will be override at application level (webapp using the
plugin)-->
+ <security:filter-security-metadata-source
+ id="securityMetadataSource" use-expressions="true">
+ <security:intercept-url pattern="/admin/**"
+ access="hasRole('ROLE_ADMIN')" />
+ </security:filter-security-metadata-source>
+
+
+ <bean id="parancoeFilterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"
>
+ <property name="authenticationManager" ref="authenticationManager"/>
+ <property name="accessDecisionManager" ref="accessDecisionManager"/>
+ <property name="securityMetadataSource" ref="securityMetadataSource"/>
+ </bean>
+
+ <bean
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"
id="passwordEncoder" />
+
+ <bean
class="org.springframework.security.authentication.dao.ReflectionSaltSource"
id="saltSource">
+ <property name="userPropertyToUse" value="getUsername"/>
+ </bean>
+
+ <bean id="userDetailsService"
class="org.parancoe.plugins.securityevolution.ParancoeUserDetailsService"/>
+
+
+ <!-- custom authentication for openId -->
+ <bean id="openIDUserService"
class="org.parancoe.plugins.securityevolution.ParancoeOpenIDUserDetailsService"
/>
+
+ <bean class="org.springframework.security.access.vote.UnanimousBased"
id="accessDecisionManager">
+ <property name="decisionVoters">
+ <list>
+ <ref bean="webExpressionVoter"/>
+ </list>
+ </property>
+ </bean>
+ <bean id="webExpressionVoter"
class="org.springframework.security.web.access.expression.WebExpressionVoter"
/>
+
+ <!--
+ END Security configuration
+ -->
+
+
+
+
+ <!-- -->
+ <!-- Configurazione del plugin -->
+ <!-- -->
+ <bean id="applicationContextPluginSpringSecurityEvolutionConfig"
class="org.parancoe.web.plugin.ApplicationContextPlugin">
+ <property name="name"
value="parancoe-plugin-springsecurity-evoulution"/>
+ <property name="contextLoaderListeners">
+ <list>
+ <ref
bean="parancoe-plugin-springsecurity-evolution-InitializerContextListener"/>
+ </list>
+ </property>
+
+ <!-- fixtures to load at plugin startup -->
+ <property name="fixtureClassNames">
+ <list/>
+ </property>
+
+ <property name="jspPrefix" value="/WEB-INF/jsp"/>
+
+ <property name="jspResources">
+ <list>
+ <bean class="java.lang.String"><constructor-arg
value="classpath:#{applicationContextPluginSpringSecurityEvolutionConfig.jspPrefix}/plugin/security/*"/></bean>
+ </list>
+ </property>
+
+ </bean>
+
+
+
+
+</beans>
=======================================
---
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/applicationContext-plugin.explicit.xml
Mon Jul 23 18:36:34 2012
+++ /dev/null
@@ -1,147 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-
- Copyright (C) 2006-2012 The Parancoe Team <in...@parancoe.org>
-
- This file is part of Parancoe Plugin Spring Security Evolution.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:aop="http://www.springframework.org/schema/aop"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:security="http://www.springframework.org/schema/security"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
- http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
- http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
- ">
-
-
-
-
-
- <!-- note the commas are required in the filter-chain "filters"
attribute! -->
- <bean id="springSecurityFilterChain"
class="org.springframework.security.web.FilterChainProxy">
- <security:filter-chain-map path-type="ant">
- <security:filter-chain pattern="/**" filters="
- securityContextPersistenceFilter,
- logoutFilter,
- usernamePasswordProcessingFilter,
- rememberMeProcessingFilter,
- anonymousProcessingFilter,
- exceptionTranslationFilter,
- filterSecurityInterceptor" />
- </security:filter-chain-map>
- </bean>
-
- <bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
-
- <bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
- <!-- the post-logout destination -->
- <constructor-arg value="/"/>
-
- <constructor-arg>
- <array>
- <ref local="logoutHandler"/>
- <ref local="rememberMeServices"/>
- </array>
- </constructor-arg>
- <property name="filterProcessesUrl" value="/logout"/>
- </bean>
-
- <bean id="usernamePasswordProcessingFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
-<!-- <property name="filterProcessesUrl"
value="/j_spring_security_check"/>
- <property name="usernameParameter" value="login_username"/>
- <property name="passwordParameter" value="login_password"/> -->
- <property name="authenticationManager" ref="authenticationManager"/>
- <property name="rememberMeServices" ref="rememberMeServices"/>
- <property name="authenticationFailureHandler"
ref="authenticationFailureHandler"/>
- </bean>
-
- <security:authentication-manager id="authenticationManager"
- alias="authenticationManager">
- <security:authentication-provider
- user-service-ref="userDetailsService">
- <security:password-encoder ref="passwordEncoder">
- <security:salt-source ref="saltSource" />
- </security:password-encoder>
- </security:authentication-provider>
- </security:authentication-manager>
-
-
- <bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
- <property name="defaultFailureUrl" value="/login.do"/>
- </bean>
- <bean id="exceptionTranslationFilter"
class="org.springframework.security.web.access.ExceptionTranslationFilter">
- <property name="authenticationEntryPoint"
ref="authenticationEntryPoint"/>
- <property name="accessDeniedHandler" ref="accessDeniedHandler"/>
- </bean>
- <bean id="anonymousProcessingFilter"
class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
- <!-- Both of these are required -->
- <!-- username, default role -->
- <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
- <!-- randomly generated key -->
- <property name="key" value="BF93JFJ091N00Q7HF"/>
- </bean>
- <!-- Note the construction of the logout filter differs from most others
-->
-
-
- <bean id="logoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
-
- <bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
- <property name="loginFormUrl" value="/login.do"/>
- </bean>
-
- <bean id="accessDeniedHandler"
class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
- <property name="errorPage" value="/accessDenied.do"/>
- </bean>
-
- <bean id="filterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
- <property name="authenticationManager"
ref="customAuthenticationManager"/>
- <property name="accessDecisionManager" ref="affirmativeBased"/>
- <property name="securityMetadataSource">
- <!-- SEC-1256 -->
- <security:filter-security-metadata-source use-expressions="true">
- <security:intercept-url pattern="/login.do" access="permitAll"/>
- <security:intercept-url pattern="/home.do" access="permitAll and
evenMinute"/>
- <security:intercept-url pattern="/account/*.do"
access="hasRole('ROLE_USER') and fullyAuthenticated"/>
- <security:intercept-url pattern="/*" access="hasRole('ROLE_USER')"/>
- </security:filter-security-metadata-source>
-
- </property>
- </bean>
-
- <bean id="rememberMeProcessingFilter"
class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
- <property name="rememberMeServices" ref="rememberMeServices"/>
- <property name="authenticationManager" ref="authenticationManager" />
- </bean>
- <bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
- <property name="key" value="jbcpPetStore"/>
- <property name="tokenValiditySeconds" value="3600"/>
- <property name="tokenRepository" ref="jdbcRememberMeTokenRepository"/>
- <property name="userDetailsService" ref="jdbcUserServiceCustom"/>
- </bean>
- <bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
- <property name="key" value="jbcpPetStore"/>
- </bean>
- <bean id="jdbcRememberMeTokenRepository"
class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl">
- <property name="dataSource" ref="dataSource"/>
- </bean>
-
-
-
-
-</beans>
==============================================================================
Revision: 6a0f0a645238
Author: enricogiurin <enrico...@gmail.com>
Date: Sun Aug 5 17:16:44 2012
Log: issue-14
http://code.google.com/p/parancoe/source/detail?r=6a0f0a645238
Modified:
/examples/basicWebAppEvolution/src/main/webapp/WEB-INF/applicationContext.xml
=======================================
---
/examples/basicWebAppEvolution/src/main/webapp/WEB-INF/applicationContext.xml
Tue May 29 21:24:49 2012
+++
/examples/basicWebAppEvolution/src/main/webapp/WEB-INF/applicationContext.xml
Sun Aug 5 17:16:44 2012
@@ -23,6 +23,13 @@
<security:intercept-url pattern="/r/**"
access="hasRole('ROLE_USER')"/>
<security:intercept-url pattern="/admin/**"
access="hasRole('ROLE_ADMIN')" />
</security:filter-security-metadata-source>
+ <!-- Here you can override any of the properties of the plugin
security -->
+
+ <!--
+ <bean id="loginView" class="java.lang.String">
+ <constructor-arg type="java.lang.String" value="/italy/index"/>
+ </bean>
+ -->
<!-- end security section -->
Revision: ea2c34ea7fef
Author: enricogiurin <enrico...@gmail.com>
Date: Sun Aug 5 17:14:30 2012
Log: issue-14
http://code.google.com/p/parancoe/source/detail?r=ea2c34ea7fef
Revision: af1cebee40de
Author: enricogiurin <enrico...@gmail.com>
Date: Sun Aug 5 17:16:18 2012
Log: issue-14
http://code.google.com/p/parancoe/source/detail?r=af1cebee40de
Revision: 6a0f0a645238
Author: enricogiurin <enrico...@gmail.com>
Date: Sun Aug 5 17:16:44 2012
Log: issue-14
http://code.google.com/p/parancoe/source/detail?r=6a0f0a645238
==============================================================================
Revision: ea2c34ea7fef
Author: enricogiurin <enrico...@gmail.com>
Date: Sun Aug 5 17:14:30 2012
Log: issue-14
http://code.google.com/p/parancoe/source/detail?r=ea2c34ea7fef
Modified:
/plugins/parancoe-plugin-springsecurity-evolution/src/main/java/org/parancoe/plugins/securityevolution/SecureController.java
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/WEB-INF/jsp/plugin/security/login.jsp
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/applicationContext-plugin.xml
=======================================
---
/plugins/parancoe-plugin-springsecurity-evolution/src/main/java/org/parancoe/plugins/securityevolution/SecureController.java
Tue May 15 15:15:46 2012
+++
/plugins/parancoe-plugin-springsecurity-evolution/src/main/java/org/parancoe/plugins/securityevolution/SecureController.java
Sun Aug 5 17:14:30 2012
@@ -17,11 +17,11 @@
*/
package org.parancoe.plugins.securityevolution;
+import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
-
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
@@ -34,16 +34,31 @@
@Controller
@RequestMapping("/plugin/security/*.html")
-public class SecureController {
+public class SecureController {
private static Logger logger =
Logger.getLogger(SecureController.class);
+
+ @Resource(name="loginView")
+ private String loginView;
+
+ @Resource(name="accessDeniedView")
+ private String accessDeniedView;
+
@RequestMapping
public ModelAndView login(HttpServletRequest req, HttpServletResponse
res){
- return new ModelAndView("plugin/security/login");
+ if(logger.isDebugEnabled())
+ {
+ logger.debug("Forwarding view to "+loginView);
+ }
+ return new ModelAndView(loginView);
}
@RequestMapping
public ModelAndView accessDenied(HttpServletRequest req,
HttpServletResponse res){
- return new ModelAndView("plugin/security/accessDenied");
+ if(logger.isDebugEnabled())
+ {
+ logger.debug("Forwarding view to "+accessDeniedView);
+ }
+ return new ModelAndView(accessDeniedView);
}
@RequestMapping
@@ -51,7 +66,7 @@
HttpServletResponse res) {
return null;
}
-
+
/*@RequestMapping
public ModelAndView j_spring_security_check(HttpServletRequest req,
HttpServletResponse res){
return null;
=======================================
---
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/WEB-INF/jsp/plugin/security/login.jsp
Tue May 15 15:15:46 2012
+++
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/WEB-INF/jsp/plugin/security/login.jsp
Sun Aug 5 17:14:30 2012
@@ -50,15 +50,6 @@
<tr><td colspan='2'><input name="submit" type="submit"></td></tr>
<tr><td colspan='2'><input name="reset" type="reset"></td></tr>
</table>
- </form>
-
-
- <h1>Register with Google OpenID support</h1>
- <form action="j_spring_openid_security_check" method="post">
- <input name="openid_identifier" size="50" maxlength="100"
- type="hidden" value=" https://www.google.com/accounts/o8/id" />
- <input type="submit" value="Sign in with Google" />
- </form>
-
+ </form>
</body>
</html>
=======================================
---
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/applicationContext-plugin.xml
Tue May 29 21:24:49 2012
+++
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/applicationContext-plugin.xml
Sun Aug 5 17:14:30 2012
@@ -29,100 +29,239 @@
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
- <!-- Authomatic discovering of persistent classes -->
+ <!-- Automatic discovering of persistent classes -->
<lambico:discover-persistent-classes
basePackage="org.parancoe.plugins.securityevolution"/>
- <!-- Authomatic DAO definition from persistent classes -->
+ <!-- Automatic DAO definition from persistent classes -->
<lambico:define-daos
baseInterfacePackage="org.parancoe.plugins.securityevolution"/>
- <!-- Authomatic discovering of components -->
+ <!-- Automatic discovering of components -->
<context:component-scan
base-package="org.parancoe.plugins.securityevolution"/>
-
- <!--
- BEGIN Security configuration
- -->
-
- <security:http auto-config="true" pattern="/**"
- use-expressions="true"
access-decision-manager-ref="accessDecisionManager"
- authentication-manager-ref="authenticationManager">
-
- <security:logout invalidate-session="true"
- logout-success-url="/" logout-url="/logout.html" delete-cookies="true"
/>
- <security:custom-filter ref="parancoeFilterSecurityInterceptor"
- before="FILTER_SECURITY_INTERCEPTOR" />
-
-
- <security:form-login login-page="/plugin/security/login.html"
- authentication-failure-url="/plugin/security/login.html?login_error=1"
- login-processing-url="/plugin/security/j_spring_security_check" />
- <security:access-denied-handler
- error-page="/plugin/security/accessDenied.html" />
- <security:openid-login
- authentication-failure-url="/plugin/security/login.html?login_error=1"
- user-service-ref="openIDUserService"
login-processing-url="/plugin/security/j_spring_openid_security_check">
- <security:attribute-exchange
- identifier-match="https://www.google.com/.*">
- <security:openid-attribute name="email"
- type="http://schema.openid.net/contact/email" required="true" />
- </security:attribute-exchange>
- </security:openid-login>
- </security:http>
-
- <security:authentication-manager id="authenticationManager"
- alias="authenticationManager">
- <security:authentication-provider
- user-service-ref="userDetailsService">
- <security:password-encoder ref="passwordEncoder">
- <security:salt-source ref="saltSource" />
- </security:password-encoder>
- </security:authentication-provider>
- </security:authentication-manager>
-
- <!-- This section will be override at application level (webapp using the
plugin)-->
+<!--
+
+ BEGIN Security configuration.
+ This configuration is based on the dogstore-explicit-base.xml
configuration file
+ available at http://www.packtpub.com/support?nid=4435 -
www.springsecuritybook.com
+ Book: Spring Security 3 - Peter Mularien
+
+-->
+
+<!--
+ Plugin properties which are very likely to be overridden.
+ web-app can override one or more of the following values in the
application configuration file: WEB-INF\applicationContext.xml
+ Name is meaningful so no comment is needed
+-->
+
+
+ <bean id="filterUrlLogout" class="java.lang.String">
+ <constructor-arg type="java.lang.String" value="/logout.html"/>
+ </bean>
+
+ <bean id="loginView" class="java.lang.String">
+ <constructor-arg type="java.lang.String" value="/plugin/security/login"/>
+ </bean>
+
+ <bean id="accessDeniedView" class="java.lang.String">
+ <constructor-arg type="java.lang.String"
value="/plugin/security/accessDenied"/>
+ </bean>
+
+ <!-- This keyString should be overridden by your application. This value
is shared between rememberMeServices and rememberMeAuthenticationProvider,
so these two need to have the same value for 'key'-->
+ <bean id="keyString" class="java.lang.String">
+ <constructor-arg type="java.lang.String" value="parancoeKey"/>
+ </bean>
+
+ <bean id="logoutSuccessUrl" class="java.lang.String">
+ <constructor-arg type="java.lang.String" value="/"/>
+ </bean>
+
+ <bean id="defaultFailureUrl" class="java.lang.String">
+ <constructor-arg type="java.lang.String"
value="/plugin/security/login.html?login_error=1"/>
+ </bean>
+
+ <bean id="loginFormUrl" class="java.lang.String">
+ <constructor-arg type="java.lang.String"
value="/plugin/security/login.html"/>
+ </bean>
+
+ <bean id="accessDeniedUrl" class="java.lang.String">
+ <constructor-arg type="java.lang.String"
value="/plugin/security/accessDenied.html"/>
+ </bean>
+ <!-- The URL destination that this filter intercepts and processes -->
+ <bean id="filterProcessesUrl" class="java.lang.String">
+ <constructor-arg type="java.lang.String"
value="/plugin/security/j_spring_security_check"/>
+ </bean>
+
+
+
+ <bean id="tokenKey" class="java.lang.String">
+ <constructor-arg type="java.lang.String" value="ASGDADAG7625SGSG"/>
+ </bean>
+
+
+
+
+<!--
+ Filters definition. The commas are required in the
filter-chain "filters" attribute!
+-->
+
+ <bean id="springSecurityFilterChain"
class="org.springframework.security.web.FilterChainProxy">
+ <security:filter-chain-map path-type="ant">
+ <security:filter-chain pattern="/**" filters="
+ securityContextPersistenceFilter,
+ logoutFilter,
+ usernamePasswordProcessingFilter,
+ rememberMeProcessingFilter,
+ anonymousProcessingFilter,
+ exceptionTranslationFilter,
+ filterSecurityInterceptor" />
+ </security:filter-chain-map>
+ </bean>
+
+ <bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
+
+ <!-- Note the construction of the logout filter differs from most others
-->
+ <bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
+ <!-- the post-logout destination -->
+ <constructor-arg ref="logoutSuccessUrl"/>
+
+ <constructor-arg>
+ <array>
+ <ref bean="logoutHandler"/>
+ <ref bean="rememberMeServices"/>
+ </array>
+ </constructor-arg>
+ <property name="filterProcessesUrl" ref="filterUrlLogout"/>
+ </bean>
+
+
+
+ <bean id="usernamePasswordProcessingFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
+ <property name="filterProcessesUrl" ref="filterProcessesUrl" />
+ <!--
+
+ <property name="usernameParameter" value="login_username"/>
+ <property name="passwordParameter" value="login_password"/>
+ -->
+ <property name="authenticationManager"
ref="customAuthenticationManager"/>
+ <property name="rememberMeServices" ref="rememberMeServices"/>
+ <property name="authenticationFailureHandler"
ref="authenticationFailureHandler"/>
+ </bean>
+
+ <bean id="rememberMeProcessingFilter"
class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
+ <property name="rememberMeServices" ref="rememberMeServices"/>
+ <property name="authenticationManager"
ref="customAuthenticationManager" />
+ </bean>
+
+ <bean id="anonymousProcessingFilter"
class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
+ <!-- Both of these are required -->
+ <!-- username, default role -->
+ <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
+ <!-- randomly generated key -->
+ <property name="key" ref="tokenKey"/>
+ </bean>
+
+ <bean id="exceptionTranslationFilter"
class="org.springframework.security.web.access.ExceptionTranslationFilter">
+ <property name="authenticationEntryPoint"
ref="authenticationEntryPoint"/>
+ <property name="accessDeniedHandler" ref="accessDeniedHandler"/>
+ </bean>
+
+ <bean id="filterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
+ <property name="authenticationManager"
ref="customAuthenticationManager"/>
+ <property name="accessDecisionManager" ref="affirmativeBased"/>
+ <property name="securityMetadataSource" ref="securityMetadataSource"/>
+ </bean>
+
+
+
+<!--
+ Handlers and beans needed by the filters.
+-->
+
+ <!-- This section will be overridden at application level (webapp using
the plugin)-->
<security:filter-security-metadata-source
id="securityMetadataSource" use-expressions="true">
<security:intercept-url pattern="/admin/**"
access="hasRole('ROLE_ADMIN')" />
</security:filter-security-metadata-source>
-
-
- <bean id="parancoeFilterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"
>
- <property name="authenticationManager" ref="authenticationManager"/>
- <property name="accessDecisionManager" ref="accessDecisionManager"/>
- <property name="securityMetadataSource" ref="securityMetadataSource"/>
- </bean>
-
- <bean
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"
id="passwordEncoder" />
-
- <bean
class="org.springframework.security.authentication.dao.ReflectionSaltSource"
id="saltSource">
+
+ <bean id="logoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
+
+ <bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
+ <property name="key" ref="keyString"/>
+ <property name="userDetailsService" ref="userDetailsService"/>
+ </bean>
+
+ <!-- Custom parancoe implementation of the UserDetailsService interface
-->
+ <bean id="userDetailsService"
class="org.parancoe.plugins.securityevolution.ParancoeUserDetailsService"/>
+
+ <bean id="customAuthenticationManager"
class="org.springframework.security.authentication.ProviderManager">
+ <property name="providers">
+ <list>
+ <ref bean="authenticationProvider"/>
+ <ref bean="rememberMeAuthenticationProvider"/>
+ </list>
+ </property>
+ </bean>
+
+ <bean id="authenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
+ <property name="passwordEncoder" ref="passwordEncoder"/>
+ <property name="saltSource" ref="saltSource"/>
+ <property name="userDetailsService" ref="userDetailsService"/>
+ </bean>
+
+ <bean
class="org.springframework.security.authentication.dao.ReflectionSaltSource"
id="saltSource">
<property name="userPropertyToUse" value="getUsername"/>
</bean>
- <bean id="userDetailsService"
class="org.parancoe.plugins.securityevolution.ParancoeUserDetailsService"/>
-
-
- <!-- custom authentication for openId -->
- <bean id="openIDUserService"
class="org.parancoe.plugins.securityevolution.ParancoeOpenIDUserDetailsService"
/>
-
- <bean class="org.springframework.security.access.vote.UnanimousBased"
id="accessDecisionManager">
+ <bean
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"
id="passwordEncoder" />
+
+ <bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
+ <property name="key" ref="keyString"/>
+ </bean>
+
+ <bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
+ <property name="defaultFailureUrl" ref="defaultFailureUrl"/>
+ </bean>
+
+ <bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
+ <property name="loginFormUrl" ref="loginFormUrl" />
+ </bean>
+
+ <bean id="accessDeniedHandler"
class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
+ <property name="errorPage" ref="accessDeniedUrl" />
+ </bean>
+
+ <bean class="org.springframework.security.access.vote.AffirmativeBased"
id="affirmativeBased">
<property name="decisionVoters">
<list>
- <ref bean="webExpressionVoter"/>
+ <ref bean="roleVoter"/>
+ <ref bean="expressionVoter"/>
+ <ref bean="authenticatedVoter"/>
</list>
</property>
</bean>
- <bean id="webExpressionVoter"
class="org.springframework.security.web.access.expression.WebExpressionVoter"
/>
-
- <!--
- END Security configuration
- -->
+
+ <bean class="org.springframework.security.access.vote.RoleVoter"
id="roleVoter"/>
+
+ <bean class="org.springframework.security.access.vote.AuthenticatedVoter"
id="authenticatedVoter"/>
+
+ <!-- Used for expressions -->
+ <bean
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"
id="expressionHandler"/>
+ <bean
class="org.springframework.security.web.access.expression.WebExpressionVoter"
id="expressionVoter">
+ <property name="expressionHandler" ref="expressionHandler"/>
+ </bean>
+
+<!--
+
+ END - Security configuration
+
+-->
- <!-- -->
- <!-- Configurazione del plugin -->
- <!-- -->
+<!--
+ Plugin configuration in accordance with the parancoe plugins
architecture
+-->
<bean id="applicationContextPluginSpringSecurityEvolutionConfig"
class="org.parancoe.web.plugin.ApplicationContextPlugin">
<property name="name"
value="parancoe-plugin-springsecurity-evoulution"/>
<property name="contextLoaderListeners">
==============================================================================
Revision: af1cebee40de
Author: enricogiurin <enrico...@gmail.com>
Date: Sun Aug 5 17:16:18 2012
Log: issue-14
http://code.google.com/p/parancoe/source/detail?r=af1cebee40de
Added:
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/applicationContext-plugin-schema.xml
Deleted:
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/applicationContext-plugin.explicit.xml
=======================================
--- /dev/null
+++
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/applicationContext-plugin-schema.xml
Sun Aug 5 17:16:18 2012
@@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (C) 2006-2012 The Parancoe Team <in...@parancoe.org>
+
+ This file is part of Parancoe Plugin Spring Security Evolution.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+
+<!--
+ WARNING: This file is not used by the plugin. We keep it
+ as it shows the usage of the springsecurity schema.
+ -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+
xmlns:security="http://www.springframework.org/schema/security"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:lambico="http://www.lambico.org/schema/lambico"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ http://www.lambico.org/schema/lambico
http://www.lambico.org/schema/lambico.xsd
+ http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
+ http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
+
+
+ <!-- Authomatic discovering of persistent classes -->
+ <lambico:discover-persistent-classes
basePackage="org.parancoe.plugins.securityevolution"/>
+ <!-- Authomatic DAO definition from persistent classes -->
+ <lambico:define-daos
baseInterfacePackage="org.parancoe.plugins.securityevolution"/>
+
+ <!-- Authomatic discovering of components -->
+ <context:component-scan
base-package="org.parancoe.plugins.securityevolution"/>
+
+
+ <!--
+ BEGIN Security configuration
+ -->
+
+ <security:http auto-config="true" pattern="/**"
+ use-expressions="true"
access-decision-manager-ref="accessDecisionManager"
+ authentication-manager-ref="authenticationManager">
+
+ <security:logout invalidate-session="true"
+ logout-success-url="/" logout-url="/logout.html" delete-cookies="true"
/>
+ <security:custom-filter ref="parancoeFilterSecurityInterceptor"
+ before="FILTER_SECURITY_INTERCEPTOR" />
+
+
+ <security:form-login login-page="/plugin/security/login.html"
+ authentication-failure-url="/plugin/security/login.html?login_error=1"
+ login-processing-url="/plugin/security/j_spring_security_check" />
+ <security:access-denied-handler
+ error-page="/plugin/security/accessDenied.html" />
+ <security:openid-login
+ authentication-failure-url="/plugin/security/login.html?login_error=1"
+ user-service-ref="openIDUserService"
login-processing-url="/plugin/security/j_spring_openid_security_check">
+ <security:attribute-exchange
+ identifier-match="https://www.google.com/.*">
+ <security:openid-attribute name="email"
+ type="http://schema.openid.net/contact/email" required="true" />
+ </security:attribute-exchange>
+ </security:openid-login>
+ </security:http>
+
+ <security:authentication-manager id="authenticationManager"
+ alias="authenticationManager">
+ <security:authentication-provider
+ user-service-ref="userDetailsService">
+ <security:password-encoder ref="passwordEncoder">
+ <security:salt-source ref="saltSource" />
+ </security:password-encoder>
+ </security:authentication-provider>
+ </security:authentication-manager>
+
+ <!-- This section will be override at application level (webapp using the
plugin)-->
+ <security:filter-security-metadata-source
+ id="securityMetadataSource" use-expressions="true">
+ <security:intercept-url pattern="/admin/**"
+ access="hasRole('ROLE_ADMIN')" />
+ </security:filter-security-metadata-source>
+
+
+ <bean id="parancoeFilterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"
>
+ <property name="authenticationManager" ref="authenticationManager"/>
+ <property name="accessDecisionManager" ref="accessDecisionManager"/>
+ <property name="securityMetadataSource" ref="securityMetadataSource"/>
+ </bean>
+
+ <bean
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"
id="passwordEncoder" />
+
+ <bean
class="org.springframework.security.authentication.dao.ReflectionSaltSource"
id="saltSource">
+ <property name="userPropertyToUse" value="getUsername"/>
+ </bean>
+
+ <bean id="userDetailsService"
class="org.parancoe.plugins.securityevolution.ParancoeUserDetailsService"/>
+
+
+ <!-- custom authentication for openId -->
+ <bean id="openIDUserService"
class="org.parancoe.plugins.securityevolution.ParancoeOpenIDUserDetailsService"
/>
+
+ <bean class="org.springframework.security.access.vote.UnanimousBased"
id="accessDecisionManager">
+ <property name="decisionVoters">
+ <list>
+ <ref bean="webExpressionVoter"/>
+ </list>
+ </property>
+ </bean>
+ <bean id="webExpressionVoter"
class="org.springframework.security.web.access.expression.WebExpressionVoter"
/>
+
+ <!--
+ END Security configuration
+ -->
+
+
+
+
+ <!-- -->
+ <!-- Configurazione del plugin -->
+ <!-- -->
+ <bean id="applicationContextPluginSpringSecurityEvolutionConfig"
class="org.parancoe.web.plugin.ApplicationContextPlugin">
+ <property name="name"
value="parancoe-plugin-springsecurity-evoulution"/>
+ <property name="contextLoaderListeners">
+ <list>
+ <ref
bean="parancoe-plugin-springsecurity-evolution-InitializerContextListener"/>
+ </list>
+ </property>
+
+ <!-- fixtures to load at plugin startup -->
+ <property name="fixtureClassNames">
+ <list/>
+ </property>
+
+ <property name="jspPrefix" value="/WEB-INF/jsp"/>
+
+ <property name="jspResources">
+ <list>
+ <bean class="java.lang.String"><constructor-arg
value="classpath:#{applicationContextPluginSpringSecurityEvolutionConfig.jspPrefix}/plugin/security/*"/></bean>
+ </list>
+ </property>
+
+ </bean>
+
+
+
+
+</beans>
=======================================
---
/plugins/parancoe-plugin-springsecurity-evolution/src/main/resources/applicationContext-plugin.explicit.xml
Mon Jul 23 18:36:34 2012
+++ /dev/null
@@ -1,147 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-
- Copyright (C) 2006-2012 The Parancoe Team <in...@parancoe.org>
-
- This file is part of Parancoe Plugin Spring Security Evolution.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:aop="http://www.springframework.org/schema/aop"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:security="http://www.springframework.org/schema/security"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
- http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
- http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
- ">
-
-
-
-
-
- <!-- note the commas are required in the filter-chain "filters"
attribute! -->
- <bean id="springSecurityFilterChain"
class="org.springframework.security.web.FilterChainProxy">
- <security:filter-chain-map path-type="ant">
- <security:filter-chain pattern="/**" filters="
- securityContextPersistenceFilter,
- logoutFilter,
- usernamePasswordProcessingFilter,
- rememberMeProcessingFilter,
- anonymousProcessingFilter,
- exceptionTranslationFilter,
- filterSecurityInterceptor" />
- </security:filter-chain-map>
- </bean>
-
- <bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
-
- <bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
- <!-- the post-logout destination -->
- <constructor-arg value="/"/>
-
- <constructor-arg>
- <array>
- <ref local="logoutHandler"/>
- <ref local="rememberMeServices"/>
- </array>
- </constructor-arg>
- <property name="filterProcessesUrl" value="/logout"/>
- </bean>
-
- <bean id="usernamePasswordProcessingFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
-<!-- <property name="filterProcessesUrl"
value="/j_spring_security_check"/>
- <property name="usernameParameter" value="login_username"/>
- <property name="passwordParameter" value="login_password"/> -->
- <property name="authenticationManager" ref="authenticationManager"/>
- <property name="rememberMeServices" ref="rememberMeServices"/>
- <property name="authenticationFailureHandler"
ref="authenticationFailureHandler"/>
- </bean>
-
- <security:authentication-manager id="authenticationManager"
- alias="authenticationManager">
- <security:authentication-provider
- user-service-ref="userDetailsService">
- <security:password-encoder ref="passwordEncoder">
- <security:salt-source ref="saltSource" />
- </security:password-encoder>
- </security:authentication-provider>
- </security:authentication-manager>
-
-
- <bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
- <property name="defaultFailureUrl" value="/login.do"/>
- </bean>
- <bean id="exceptionTranslationFilter"
class="org.springframework.security.web.access.ExceptionTranslationFilter">
- <property name="authenticationEntryPoint"
ref="authenticationEntryPoint"/>
- <property name="accessDeniedHandler" ref="accessDeniedHandler"/>
- </bean>
- <bean id="anonymousProcessingFilter"
class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
- <!-- Both of these are required -->
- <!-- username, default role -->
- <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
- <!-- randomly generated key -->
- <property name="key" value="BF93JFJ091N00Q7HF"/>
- </bean>
- <!-- Note the construction of the logout filter differs from most others
-->
-
-
- <bean id="logoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
-
- <bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
- <property name="loginFormUrl" value="/login.do"/>
- </bean>
-
- <bean id="accessDeniedHandler"
class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
- <property name="errorPage" value="/accessDenied.do"/>
- </bean>
-
- <bean id="filterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
- <property name="authenticationManager"
ref="customAuthenticationManager"/>
- <property name="accessDecisionManager" ref="affirmativeBased"/>
- <property name="securityMetadataSource">
- <!-- SEC-1256 -->
- <security:filter-security-metadata-source use-expressions="true">
- <security:intercept-url pattern="/login.do" access="permitAll"/>
- <security:intercept-url pattern="/home.do" access="permitAll and
evenMinute"/>
- <security:intercept-url pattern="/account/*.do"
access="hasRole('ROLE_USER') and fullyAuthenticated"/>
- <security:intercept-url pattern="/*" access="hasRole('ROLE_USER')"/>
- </security:filter-security-metadata-source>
-
- </property>
- </bean>
-
- <bean id="rememberMeProcessingFilter"
class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
- <property name="rememberMeServices" ref="rememberMeServices"/>
- <property name="authenticationManager" ref="authenticationManager" />
- </bean>
- <bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
- <property name="key" value="jbcpPetStore"/>
- <property name="tokenValiditySeconds" value="3600"/>
- <property name="tokenRepository" ref="jdbcRememberMeTokenRepository"/>
- <property name="userDetailsService" ref="jdbcUserServiceCustom"/>
- </bean>
- <bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
- <property name="key" value="jbcpPetStore"/>
- </bean>
- <bean id="jdbcRememberMeTokenRepository"
class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl">
- <property name="dataSource" ref="dataSource"/>
- </bean>
-
-
-
-
-</beans>
==============================================================================
Revision: 6a0f0a645238
Author: enricogiurin <enrico...@gmail.com>
Date: Sun Aug 5 17:16:44 2012
Log: issue-14
http://code.google.com/p/parancoe/source/detail?r=6a0f0a645238
Modified:
/examples/basicWebAppEvolution/src/main/webapp/WEB-INF/applicationContext.xml
=======================================
---
/examples/basicWebAppEvolution/src/main/webapp/WEB-INF/applicationContext.xml
Tue May 29 21:24:49 2012
+++
/examples/basicWebAppEvolution/src/main/webapp/WEB-INF/applicationContext.xml
Sun Aug 5 17:16:44 2012
@@ -23,6 +23,13 @@
<security:intercept-url pattern="/r/**"
access="hasRole('ROLE_USER')"/>
<security:intercept-url pattern="/admin/**"
access="hasRole('ROLE_ADMIN')" />
</security:filter-security-metadata-source>
+ <!-- Here you can override any of the properties of the plugin
security -->
+
+ <!--
+ <bean id="loginView" class="java.lang.String">
+ <constructor-arg type="java.lang.String" value="/italy/index"/>
+ </bean>
+ -->
<!-- end security section -->
Reply all
Reply to author
Forward
0 new messages