-
FEATURED COMPONENTS
First time here? Check out the FAQ!
Hi all2gether,
I've got a problem running spring security. First I want to integrate the framework like it is described. here. So, I went to set up the applicationContext-scurity.xml as follows:
<?xml version="1.0" encoding="UTF-8"?> <!-- - Sample namespace-based configuration - - $Id: applicationContext-security.xml 3019 2008-05-01 17:51:48Z luke_t $ --> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:zksp="http://www.zkoss.org/2008/zkspring" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd http://www.zkoss.org/2008/zkspring http://www.zkoss.org/2008/zkspring/zkspring.xsd"> <global-method-security secured-annotations="enabled"> <!-- AspectJ pointcut expression that locates our "post" method and applies security that way <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/> --> </global-method-security> <http auto-config="true"> <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/> <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" /> <!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead <intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" /> <intercept-url pattern="/post.html" access="ROLE_TELLER" /> --> <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <!-- Uncomment to enable X509 client authentication support <x509 /> --> <!-- All of this is unnecessary if auto-config="true" <form-login /> <anonymous /> <http-basic /> <logout /> <remember-me /> --> <!-- Uncomment to limit the number of sessions a user can have <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/> --> <form-login login-page="/login.zul"/> </http> <zksp:zk-event login-template-close-delay="5"> <zksp:intercept-event event="onClick" path="//**" access="ROLE_TELLER"/> </zksp:zk-event> <!-- Usernames/Passwords are rod/koala dianne/emu scott/wombat peter/opal --> <authentication-provider> <password-encoder hash="md5"/> <user-service> <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" /> <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" /> <user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" /> <user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" /> </user-service> </authentication-provider> </beans:beans>
<?xml version="1.0" encoding="UTF-8"?> <web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <display-name> vas</display-name> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:/config/application-context.xml,classpath:/config/datasource-context.xml,/WEB-INF/applicationContext-security.xml</param-value> </context-param> <listener> <description> Used to cleanup when a session is destroyed</description> <display-name> ZK Session Cleaner</display-name> <listener-class>org.zkoss.zk.ui.http.HttpSessionListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <description> The servlet loads the DSP pages.</description> <servlet-name>dspLoader</servlet-name> <servlet-class> org.zkoss.web.servlet.dsp.InterpreterServlet</servlet-class> </servlet> <servlet> <description> ZK loader for ZUML pages</description> <servlet-name>zkLoader</servlet-name> <servlet-class> org.zkoss.zk.ui.http.DHtmlLayoutServlet</servlet-class> <init-param> <param-name>update-uri</param-name> <param-value>/zkau</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet> <description> The asynchronous update engine for ZK</description> <servlet-name>auEngine</servlet-name> <servlet-class> org.zkoss.zk.au.http.DHtmlUpdateServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>dspLoader</servlet-name> <url-pattern>*.dsp</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>zkLoader</servlet-name> <url-pattern>*.zul</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>zkLoader</servlet-name> <url-pattern>*.zhtml</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>auEngine</servlet-name> <url-pattern>/zkau/*</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> <welcome-file>index.zul</welcome-file> </welcome-file-list> </web-app>
<?xml version="1.0" encoding="UTF-8"?> <!-- Created by ZK Studio --> <zk> <system-config> <ui-factory-class>org.zkoss.spring.bean.ZkSpringUiFactory</ui-factory-class> </system-config> </zk>
Asked: 2009-07-11 10:17:26 +0800
Seen: 673 times
Last updated: Jul 11 '09