-
FEATURED COMPONENTS
First time here? Check out the FAQ!
Hi,
I am using spring webflow with zk, and I am trying to implement spring security, I want to use authentication from database, I am using hibernate
for DB. How do I configure custom authentaction-manager in spring-webflow.
Thanks
Hi Iantsai,
No I am not facing any issue till now while integrating spring webflow with zk, the only thing is how do I use authentication manager to authenticate using hibernate. I have one login page which is bind with bean and saperate service file. and the database have one role field.
I want to authenticate user with this role.
Thanks
Hi,
Yes I tried, and it works, but I want to use my user bean and service for authentication,
I tried to use authentication, by defining <secured attribute="some ROLE"> but it always through me to login page which i define like this
<security:http auto-config="true">
<security:form-login login-page="/spring/login" login-processing-url="/spring/loginProcess" default-target-url="/spring/main" authentication-failure-url="/spring/login?login_error=1" />
<security:logout logout-url="/spring/logout" logout-success-url="/spring/logoutSuccess" />
</security:http>
And I want to know few things like,
1) we provide <secured attribute="some ROLE"> which is hard coded role, what it means. is there any way to use it dynamically.
2) We are using security manager like
<security:authentication-provider>
<security:password-encoder hash="md5" />
<security:user-service>
<security:user name="keith" password="417c7382b16c395bc25b5da1398cf076" authorities="ROLE_USER, ROLE_SUPERVISOR" />
<security:user name="erwin" password="12430911a8af075c6f41c6976af22b09" authorities="ROLE_USER, ROLE_SUPERVISOR" />
<security:user name="jeremy" password="57c6cbff0d421449be820763f03139eb" authorities="ROLE_USER" />
<security:user name="scott" password="942f2339bf50796de535a384f0d1af3e" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
where user name, password and authorities are hard coded.
Hi abhishekv5,
For this you will have to implement UserDetailsService interface. Please refer to Spring Security reference, Spring Security forums or Spring Security book to find out more about how to implement it.
Like ashishd say, you must implement the UserDetailService.
In Zksample2 are codes on where you can have a look about this. We named this class 'PolicyManager.java'.
Writing custom UserDetailsService
link
. . . <!-- ====================================================== --> <!-- We define the kind of authentification with a --> <!-- so called authentication-provider --> <!-- We use the DAO authenticationProvider. --> <!-- We coded out a custom UserDetailServiceImpl. --> <!-- So we have our users stored in a DB we use --> <!-- our own user-service class and point to her. --> <!-- ====================================================== --> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="myUserDetailsService"> </authentication-provider> </authentication-manager> <!-- ====================================================== --> <!-- The Implementation of the Interface --> <!-- UserDetailService for the logged in --> <!-- user and his rights --> <!-- ====================================================== --> <beans:bean id="myUserDetailsService" class="de.forsthaus.policy.model.PolicyManager"> <beans:property name="userService" ref="userService" /> </beans:bean> . . .
best
Stephan
Hi Terrytornado,
I am getting an error while setting the authentication manager,
Error is : "cvc-complex-type.2.1: Element 'security:authentication-manager' must have no character or element information item , because the
type's content type is empty."
My security configuration file is :
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:zksp="http://www.zkoss.org/2008/zkspring"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.2.xsd
http://www.zkoss.org/2008/zkspring
http://www.zkoss.org/2008/zkspring/zkspring.xsd">
<!-- <security:global-method-security secured-annotations="enabled" /> -->
<!-- Configure Spring Security -->
<security:http auto-config="true">
<security:form-login login-page="/spring/login" login-processing-url="/spring/loginProcess" default-target-url="/spring/onebox" authentication-failure-url="/spring/login?login_error=1" />
<security:logout logout-url="/spring/logout" logout-success-url="/spring/logoutSuccess" />
</security:http>
<zksp:zk-event login-template-close-delay="5">
<!-- use own form-login definition in Ajax login -->
<zksp:form-login login-page="/spring/loginPopup" authentication-failure-url="/spring/loginPopup?login_error=1"
width="597px" height="451px"/>
</zksp:zk-event>
<!--
Define local authentication provider, a real app would use an external provider (JDBC, LDAP, CAS, etc)
usernames/passwords are:
keith/melbourne
erwin/leuven
jeremy/atlanta
scott/rochester
-->
<security:authentication-provider>
<security:password-encoder hash="md5" />
<security:user-service>
<security:user name="keith" password="417c7382b16c395bc25b5da1398cf076" authorities="ROLE_USER, ROLE_SUPERVISOR" />
<security:user name="erwin" password="12430911a8af075c6f41c6976af22b09" authorities="ROLE_USER, ROLE_SUPERVISOR" />
<security:user name="jeremy" password="57c6cbff0d421449be820763f03139eb" authorities="ROLE_USER" />
<security:user name="scott" password="942f2339bf50796de535a384f0d1af3e" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</beans>
you must read first the spring-security docu.
I think that your <security:authentication-provider> must stand in a <security:authentication-manager> tag.
best
Stephan
PS: Please use the [ c o d e ] your code samples between here [/ c o d e ] tag for posting formatted codes.
Hi Terrytornado,
Yes you are absolutely right, the <security:authentication-provider> comes under the <security:authentication-manager> tag,
but in my security xml file, whenever I tried to add <security:authentication-provider> tag under <security:authentication-manager>,
it gives me an error.
"cvc-complex-type.2.1: Element 'security:authentication-manager' must have no character or element information item , because the
type's content type is empty."
Asked: 2010-10-24 23:40:52 +0800
Seen: 1,282 times
Last updated: Oct 26 '10