I am using spring security 3.x, here i need to integrate with JA-SIG CAS server, I can login CAS server through https://localhost:8443/cas/login, but after integrated with spring security, i can not redirect my login page to CAS login URL, and my previous account doesn't use, spring security always tell me login error, googled for lots of times and don't know why? any help will be appreciated. And here is patial of my spring security configuration:
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<!-- 这里的service 必须是一个由CasAuthenticationFilter 监控的URL -->
<property name="service" value="http://localhost:8082/dna/j_spring_cas_security_check" />
<property name="sendRenew" value="false" />
</bean>
<!-- hook up cas entry point -->
<bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
<constructor-arg ref="casEntryPoint" />
</bean>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService">
<bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<constructor-arg ref="myUserDetailsService" />
</bean>
</property>
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<!-- 配置cas服务器前缀 -->
<constructor-arg index="0" value="https://localhost:8443/cas-server-webapp-5.0.8/" />
</bean>
</property>
<property name="key" value="casAuthProviderKey" />
</bean>
<bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="https://localhost:8443/cas-server-webapp-5.0.8/login" />
<property name="serviceProperties" ref="serviceProperties" />
</bean>
<bean id="singleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="https://localhost:8443/cas-server-webapp-5.0.8/cas/logout" />
<constructor-arg>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</constructor-arg>
<property name="filterProcessesUrl" value="/j_spring_cas_security_logout" />
</bean>
<!-- 目前不需要将ajax请求拒绝 -->
<bean id="authEntryPoint" class="com.gooalgene.common.authority.AjaxAwareLoginUrlAuthenticationEntryPoint" c:loginFormUrl="/login" />
<bean id="authenticationSuccessHandler" class="com.gooalgene.common.handler.AuthenticationSuccessHandlerImpl">
<property name="defaultTargetUrl" value="/dna/index" />
</bean>
<sec:http auto-config='false' use-expressions="true" entry-point-ref="casEntryPoint">
<sec:intercept-url pattern="/managerPage" access="hasRole('ROLE_ADMIN')" />
<sec:intercept-url pattern="/**" access="hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')" />
<sec:form-login authentication-success-handler-ref="authenticationSuccessHandler"
authentication-failure-handler-ref="authenticationFailureHandler"/>
<sec:access-denied-handler error-page="/403" />
<sec:custom-filter ref="casFilter" position="CAS_FILTER" />
<sec:custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
<sec:custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" />
</sec:http>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="casAuthenticationProvider" />
</sec:authentication-manager>
And my spring mvc default welcome page is /login.
Here is my debug console log:
INFO [com.gooalgene.common.handler.AuthenticationFailureHandlerImpl]
- 登录失败,异常信息:No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
Related
I just changed in activiti-custom-context.xml file and after changes also i am not able to send the email to the users and i have changed the database properties also but after relaunch server ,my server is not connected to the database ,which I provided.
<class="org.springframework.jdbc.datasource.SimpleDriverDataSource">
<property name="driverClass" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/explorer" />
<property name="username" value="root" />
<property name="passw`enter code here`ord" value="root" />
</bean> -->
<bean id="transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
</property>
<property name="mailServerUseTLS" value="true" /><!--This is important if you use Gmail as your hoster -->
<property name="mailServerHost" value="smtp.gmail.com" />
<property name="mailServerPort" value="587" />
<property name="mailServerUsername" value="my#host.com" />
<property name="mailServerPassword" value="hostpassword"/>
</bean>
<bean id="processEngine" class="org.activiti.spring.ProcessEngineFactoryBean">
<property name="processEngineConfiguration" ref="processEngineConfiguration" />
</bean>
<bean id="repositoryService" factory-bean="processEngine" factory-method="getRepositoryService" />
<bean id="runtimeService" factory-bean="processEngine" factory-method="getRuntimeService" />
<bean id="taskService" factory-bean="processEngine" factory-method="getTaskService" />
<bean id="formService" factory-bean="processEngine" factory-method="getFormService" />
<bean id="historyService" factory-bean="processEngine" factory-method="getHistoryService" />
<bean id="managementService" factory-bean="processEngine" factory-method="getManagementService" />
<bean id="identityService" factory-bean="processEngine" factory-method="getIdentityService" />
</beans>
I have been trying to configure MyBatis with Spring MVC to work with multiple databases. I have a page which is trying to connect to one of the DB's to fetch data, so that it can be populated into the drop-down boxes.
Now I am not sure what is wrong with this configuration, but I am receiving the following error:
]] Root cause of ServletException. org.springframework.jdbc.BadSqlGrammarException: ### Error querying database. Cause: java.sql.SQLException: ORA-06576: not a valid function or procedure name
I am providing the XML file here for your reference
<bean id="dataSource1"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="oracle.jdbc.driver.OracleDriver" />
<property name="url" value="jdbc:oracle:thin:#1.1.2.5:1529:DITOS" />
<property name="username" value="return" />
<property name="password" value="return" />
</bean>
<!-- scan for mappers and let them be autowired -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage"
value="p.com.ent.appl.return.dev.dao,p.com.ent.appl.return.dep.dao,p.com.ent.appl.return.dao.otheruser" />
<property name="sqlSessionFactoryBeanName" value="sqlSessionFactory1" />
</bean>
<!-- Declare a transaction manager -->
<bean id="cashReturnTx"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource1" />
</bean>
<!-- define the SqlSessionFactory, notice that configLocation is not needed
when you use MapperFactoryBean -->
<bean id="sqlSessionFactory1" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="dataSource1" />
<property name="configLocation" value="WEB-INF/mybatis/sqlmap-config.xml" />
<!-- <property name="mapperLocations" value="classpath:/com/vrn/ent/dev/daoxml/*.xml"
/> -->
<property name="mapperLocations"
value="classpath*:/p/com/ent/appl/return/**/daoxml/*.xml" />
</bean>
<bean id="sqlSession1" class="org.mybatis.spring.SqlSessionTemplate">
<constructor-arg index="0" ref="sqlSessionFactory1" />
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="oracle.jdbc.driver.OracleDriver" />
<property name="url" value="jdbc:oracle:thin:#4.24.80.15:1522:LM" />
<property name="username" value="RETURN" />
<property name="password" value="OWNER" />
</bean>
<!-- scan for mappers and let them be autowired -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage"
value="p.com.ent.appl.return.dev.dao,p.com.ent.appl.return.dep.dao,p.com.ent.appl.return.dao.otheruser" />
<property name="sqlSessionFactoryBeanName" value="sqlSessionFactory" />
</bean>
<bean id="otherUserTx"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
<!-- define the SqlSessionFactory, notice that configLocation is not needed
when you use MapperFactoryBean -->
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="configLocation" value="WEB-INF/mybatis/sqlmap-config.xml" />
<!-- <property name="mapperLocations" value="classpath:/com/vrn/ent/dev/daoxml/*.xml"
/> -->
<property name="mapperLocations"
value="classpath*:/p/com/ent/appl/return/**/daoxml/*.xml" />
</bean>
<bean id="sqlSession" class="org.mybatis.spring.SqlSessionTemplate">
<constructor-arg index="0" ref="sqlSessionFactory" />
</bean>
</beans>
According to the exception: BadSqlGrammarException: ### Error querying database. Cause: java.sql.SQLException: ORA-06576: not a valid function or procedure name, a DB is hit.
Read about error ORA-06576.
Issue is likeky be related to how the procedure is called. Right way is { CALL MyProcedure (#arg0, #arg1) }
Configuration shows that same mappers may be used with both datasources, what happens then if target schemas are different?
At first, why I want to use different keyspaces?
Because I want to write JUnit Test, but I need another keyspace for testing.
I am using Spring MVC.
And I use the hectorTemplate autowired in spring.
<!-- cassandra configuration -->
<bean id="cassandraHostConfigurator" class="me.prettyprint.cassandra.service.CassandraHostConfigurator">
<constructor-arg value="${cassandra.url}" />
</bean>
<bean id="cluster" class="me.prettyprint.cassandra.service.ThriftCluster">
<constructor-arg value="${cassandra.cluster}" />
<constructor-arg ref="cassandraHostConfigurator" />
</bean>
<bean id="consistencyLevelPolicy" class="me.prettyprint.cassandra.model.ConfigurableConsistencyLevel">
<property name="defaultReadConsistencyLevel" value="${cassandra.defaultReadConsistencyLevel}"></property>
<property name="defaultWriteConsistencyLevel" value="${cassandra.defaultWriteConsistencyLevel}"></property>
</bean>
<bean id="keyspace" class="me.prettyprint.hector.api.factory.HFactory" factory-method="createKeyspace">
<constructor-arg value="${cassandra.keyspace}" />
<constructor-arg ref="cluster" />
<constructor-arg ref="consistencyLevelPolicy" />
</bean>
<bean id="hectorTemplate" class="me.prettyprint.cassandra.service.spring.HectorTemplateImpl">
<property name="cluster" ref="cluster" />
<property name="keyspace" ref="keyspace" />
<property name="replicationStrategyClass" value="org.apache.cassandra.locator.SimpleStrategy" />
<property name="replicationFactor" value="1" />
</bean>
So I should do what to add another keyspace?
Thanks for the help.(n.n)!!!!!
<!-- Keyspace1 -->
<bean id="keyspace1" class="me.prettyprint.hector.api.factory.HFactory" factory-method="createKeyspace">
<constructor-arg value="${cassandra.keyspace1}" />
<constructor-arg ref="cluster" />
<constructor-arg ref="consistencyLevelPolicy" />
</bean>
<bean id="hectorTemplate1" class="me.prettyprint.cassandra.service.spring.HectorTemplateImpl">
<property name="cluster" ref="cluster" />
<property name="keyspace" ref="keyspace1" />
<property name="replicationStrategyClass" value="org.apache.cassandra.locator.SimpleStrategy" />
<property name="replicationFactor" value="1" />
</bean>
<!-- Keyspace2 -->
<bean id="keyspace2" class="me.prettyprint.hector.api.factory.HFactory" factory-method="createKeyspace">
<constructor-arg value="${cassandra.keyspace2}" />
<constructor-arg ref="cluster" />
<constructor-arg ref="consistencyLevelPolicy" />
</bean>
<bean id="hectorTemplate2" class="me.prettyprint.cassandra.service.spring.HectorTemplateImpl">
<property name="cluster" ref="cluster" />
<property name="keyspace" ref="keyspace2" />
<property name="replicationStrategyClass" value="org.apache.cassandra.locator.SimpleStrategy" />
<property name="replicationFactor" value="1" />
</bean>
For JUnit test, you SHOULD use the same keyspace and use an embedded Cassandra. Check here. There is no reason to create another keyspace just for testing.
I have couple of permissions as:
inventory:po:view
inventory:po:create
inventory:po:update
In the JSP, below works:
<shiro:hasPermission name="inventory:po:create">
<li><a href='<c:url value="/inventory/document/viewDocument?doctype=2" />'>Purchase Order</a></li>
</shiro:hasPermission>
However, below doesn't.
<shiro:hasPermission name="inventory:po:*">
</shiro:hasPermission>
Shiro Version is 1.2.1. I also tried using the subject.isPermitted() call in and that doesn't work too.
I'm sure this is supposed to be pretty straight forward, but is there anything I miss in the configuration to enable wildcard support ? Please advice.
Shiro Configuration:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<!-- Security Manager -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="jdbcRealm" />
<property name="cacheManager" ref="cacheManager"/>
</bean>
<!-- Caching -->
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManager" ref="ehCacheManager" />
</bean>
<bean id="ehCacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
<bean id="sessionDAO"
class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO" />
<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="sessionDAO" ref="sessionDAO" />
</bean>
<!-- JDBC Realm Settings -->
<bean id="jdbcRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm">
<property name="name" value="jdbcRealm" />
<property name="dataSource" ref="dataSource" />
<property name="authenticationQuery"
value="SELECT password FROM system_user_accounts WHERE username=? and status=10" />
<property name="userRolesQuery"
value="SELECT role_code FROM system_roles r, system_user_accounts u, system_user_roles ur WHERE u.user_id=ur.user_id AND r.role_id=ur.role_id AND u.username=?" />
<property name="permissionsQuery"
value="SELECT code FROM system_roles r, system_permissions p, system_role_permission rp WHERE r.role_id=rp.role_id AND p.permission_id=rp.permission_id AND r.role_code=?" />
<property name="permissionsLookupEnabled" value="true"></property>
<property name="cachingEnabled" value="true" />
</bean>
<!-- Spring Integration -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<!-- Enable Shiro Annotations for Spring-configured beans. Only run after
the lifecycleBeanProcessor has run: -->
<bean id="annotationProxy"
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor" />
<bean id="authorizationAttributeSourceAdvisor"
class="org.apache.shiro.sprinemphasized textg.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
<!-- Secure Spring remoting: Ensure any Spring Remoting method invocations
can be associated with a Subject for security checks. -->
<bean id="secureRemoteInvocationExecutor"
class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor">
<property name="securityManager" ref="securityManager" />
</bean>
<!-- Passthrough for Login page -->
<bean id="passThruLogin" class="org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter">
<property name="loginUrl" value="/login" />
</bean>
<!-- Shiro filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login" />
<property name="successUrl" value="/dashboard" />
<property name="unauthorizedUrl" value="/error" />
<property name="filters">
<map>
<entry key="authc" value-ref="passThruLogin" />
</map>
</property>
<property name="filterChainDefinitions">
<value>
<!-- !!! Order matters !!! -->
/authenticate = anon
/login = anon
/logout = anon
/error = anon
/static/** = anon
/** = authc
</value>
</property>
</bean>
The " * " isn't a wildcard in shiro's permission checking, on the contrary it means "requires all values".
You should assert a wildcard right of your own (read is usually a good default wildcard permission) and be explicit on the permission check.
On the contrary '*' means 'GRANT the user all rights', which got you confused with imho.
From Check Permissions part of shiro's documentation about permission
if ( SecurityUtils.getSubject().isPermitted("printer:print") ) {
//print the document
}
Therefore, this is an incorrect check. What if the current user does not have the ability to print to any printer, but they do have the ability to print to say, the lp7200 and epsoncolor printers. Then the 2nd example above would never allow them to print to the lp7200 printer even though they have been granted that ability!
I have set up i18n to my web app using Spring.It works fine.But I have a problem.When I click link to different language,from, lets say edit_user page. The request url is generated as '/edit_user.htm?lang=de'.Controller class receives this request and run editUser method based on #RequestMapping(value = { "edit_user" }). How to avoid this from happening.I just want my web app to be able to simply change the locale without reaching controller class methods when clicked on "change language links". My spring-config-servlet.xml is as following.
<bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="classpath:i18n/messages" />
<property name="defaultEncoding" value="UTF-8" />
</bean>
<bean id="localeChangeInterceptor"
class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="lang" />
</bean>
<bean id="localeResolver"
class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
<property name="defaultLocale" value="en" />
</bean>
<bean id="handlerMapping"
class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
<property name="interceptors">
<ref bean="localeChangeInterceptor" />
</property>
</bean>
<bean
class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter" />
<bean id="restTemplate" class="org.springframework.web.client.RestTemplate" />
<bean
class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
<property name="order" value="1" />
<property name="mediaTypes">
<map>
<entry key="pretty" value="text/html" />
<entry key="json" value="application/json" />
<entry key="xml" value="application/xml" />
</map>
</property>
<property name="defaultViews">
<list>
<bean
class="org.springframework.web.servlet.view.json.MappingJacksonJsonView" />
<bean class="org.springframework.web.servlet.view.xml.MarshallingView">
<constructor-arg>
<bean class="org.springframework.oxm.xstream.XStreamMarshaller" />
</constructor-arg>
</bean>
</list>
</property>
<property name="ignoreAcceptHeader" value="true" />
</bean>
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="order" value="2" />
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<bean
class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="exceptionMappings">
....
</property>
<property name="defaultErrorView" value="errorPage" />
</bean>
Hm... Interesting.
UserController class receives this request:
en | de
for URL http://www.example.com/AppName/User/edit_user.htm?lang=de and run editUser method.
But you can change your links to:
EN | DE
and now when user click link to different language HomeController class receives request /?lang=de, web app change the locale and redirect user to the root page http://www.example.com/AppName/?lang=de.
Is this behavior acceptable for your application?
Otherwise I guess you have to filter request params for all controller classes if you want to find another solution.