0

Spring Sec doesn't work

asked 2009-07-11 10:17:26 +0800

dermaik81 gravatar image dermaik81
60 1

Hi all2gether,
I've got a problem running spring security. First I want to integrate the framework like it is described. here. So, I went to set up the applicationContext-scurity.xml as follows:

<?xml version="1.0" encoding="UTF-8"?>

<!--
  - Sample namespace-based configuration
  -
  - $Id: applicationContext-security.xml 3019 2008-05-01 17:51:48Z luke_t $
  -->

<beans:beans xmlns="http://www.springframework.org/schema/security"
     xmlns:zksp="http://www.zkoss.org/2008/zkspring"
     xmlns:beans="http://www.springframework.org/schema/beans"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://www.springframework.org/schema/beans 
         http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
         http://www.springframework.org/schema/security 
         http://www.springframework.org/schema/security/spring-security-2.0.1.xsd
         http://www.zkoss.org/2008/zkspring
         http://www.zkoss.org/2008/zkspring/zkspring.xsd">
	<global-method-security secured-annotations="enabled">
		<!-- AspectJ pointcut expression that locates our "post" method and applies security that way
		<protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
		-->
	</global-method-security>

    <http auto-config="true">
        <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
        <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
		<!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
        <intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />
        <intercept-url pattern="/post.html" access="ROLE_TELLER" />
        -->
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!--
    Uncomment to enable X509 client authentication support
        <x509 /> 
-->

        <!-- All of this is unnecessary if auto-config="true"
        <form-login />
        <anonymous />
        <http-basic />
        <logout />
        <remember-me /> -->

        <!-- Uncomment to limit the number of sessions a user can have
        <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
		-->		
		<form-login login-page="/login.zul"/>
    </http>
	<zksp:zk-event login-template-close-delay="5">
		<zksp:intercept-event event="onClick" path="//**" access="ROLE_TELLER"/>
	</zksp:zk-event>
    <!--
    Usernames/Passwords are
        rod/koala
        dianne/emu
        scott/wombat
        peter/opal
    -->
    <authentication-provider>
        <password-encoder hash="md5"/>
        <user-service>
            <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
	        <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
            <user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
            <user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
	    </user-service>
	</authentication-provider>

</beans:beans>

And change some things in the web.xml like
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
	<display-name>
	vas</display-name>
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath:/config/application-context.xml,classpath:/config/datasource-context.xml,/WEB-INF/applicationContext-security.xml</param-value>
	</context-param>
	<listener>
		<description>
		Used to cleanup when a session is destroyed</description>
		<display-name>
		ZK Session Cleaner</display-name>
		<listener-class>org.zkoss.zk.ui.http.HttpSessionListener</listener-class>
	</listener>
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	<listener>
		<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
	</listener>
	 <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
	
	<servlet>
		<description>
		The servlet loads the DSP pages.</description>
		<servlet-name>dspLoader</servlet-name>
		<servlet-class>
		org.zkoss.web.servlet.dsp.InterpreterServlet</servlet-class>
	</servlet>
	<servlet>
		<description>
		ZK loader for ZUML pages</description>
		<servlet-name>zkLoader</servlet-name>
		<servlet-class>
		org.zkoss.zk.ui.http.DHtmlLayoutServlet</servlet-class>
		<init-param>
			<param-name>update-uri</param-name>
			<param-value>/zkau</param-value>
		</init-param>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet>
		<description>
		The asynchronous update engine for ZK</description>
		<servlet-name>auEngine</servlet-name>
		<servlet-class>
		org.zkoss.zk.au.http.DHtmlUpdateServlet</servlet-class>
	</servlet>
	<servlet-mapping>
		<servlet-name>dspLoader</servlet-name>
		<url-pattern>*.dsp</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>zkLoader</servlet-name>
		<url-pattern>*.zul</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>zkLoader</servlet-name>
		<url-pattern>*.zhtml</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>auEngine</servlet-name>
		<url-pattern>/zkau/*</url-pattern>
	</servlet-mapping>
	<welcome-file-list>
		<welcome-file>index.html</welcome-file>
		<welcome-file>index.htm</welcome-file>
		<welcome-file>index.jsp</welcome-file>
		<welcome-file>default.html</welcome-file>
		<welcome-file>default.htm</welcome-file>
		<welcome-file>default.jsp</welcome-file>
		<welcome-file>index.zul</welcome-file>
	</welcome-file-list>
</web-app>

And finally the zk.xml like:
<?xml version="1.0" encoding="UTF-8"?>

<!--
	Created by ZK Studio
-->

<zk>
		<system-config>
     		<ui-factory-class>org.zkoss.spring.bean.ZkSpringUiFactory</ui-factory-class>
		</system-config>
	
		 
</zk>

Well, tomcat starts - although I found no messages of Spring in the console... Maybe thats the first hint that something is going wrong.
The onClick events are cought by Spring - that works. Not the login-page "login.zul" I specified in the appCon-Sec.xml is shown but an error occurs:
"HTTP Status 404 - /vas/spring_security_login
--------------------------------------------------------------------------------
type Status report
message /vas/spring_security_login
description The requested resource (/vas/spring_security_login) is not available."


I am sure that I forgot some important things to set up, didn't I ??

Thanks a lot for any posts + best wishes,
Maik

delete flag offensive retag edit
Be the first one to reply this discussion!
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

Follow

RSS

Stats

Asked: 2009-07-11 10:17:26 +0800

Seen: 673 times

Last updated: Jul 11 '09

Related questions

Using controller

Error: Replicated language: xul/html

php

Window Overlapped

Echo/Casabac [closed]

OnClick on label

Problem with Checkbox [closed]

Look of a control [closed]

Documentation?

Combo Box

About Us | Faq | Help | Privacy Policy | Contact Us
Copyright Potix Corporation 2015.
Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More