Hope someone could help me.
I am trying to configure Spring Security 3.1 with Spring MVC 3.0.8 but the annotated controllers does not get the access restricted by Spring.
web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/Spring/applicationContext-security.xml
/WEB-INF/Spring/applicationContext.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Sitemash -->
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
<!-- <servlet-name>referencia</servlet-name> -->
</filter-mapping>
<!-- Spring Listeners -->
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<error-page>
<error-code>500</error-code>
<location>/erroInterno.jsp</location>
</error-page>
<servlet>
<servlet-name>stc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>stc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:oxm="http://www.springframework.org/schema/oxm"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:task="http://www.springframework.org/schema/task"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/oxm http://www.springframework.org/schema/oxm/spring-oxm-3.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.0.xsd">
<!-- import the dataSource definition -->
<import resource="applicationContext-dataSource.xml"/>
<!-- Pacote base que sera scaneada por componentes annotados que serao auto-registrados como Spring beans.-->
<context:component-scan base-package="br.com.cielo.portalcontestacao" />
<!-- Ativa a detecao de annotations nas classes -->
<context:annotation-config />
<!-- Configures the annotation-driven Spring MVC Controller programming model.
Note that, with Spring 3.0, this tag works in Servlet MVC only! -->
<mvc:annotation-driven />
<!-- Recursos utilizados nos imports das páginas -->
<mvc:resources mapping="/resources/**" location="/static/" cache-period="31556926"/>
<!-- Template para uso nos DAOs -->
<bean id="namedParameterJdbcTemplate" class="org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate">
<constructor-arg ref="dataSource" />
</bean>
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<constructor-arg ref="dataSource" />
</bean>
<task:executor id="taskExecutor" pool-size="0-3" queue-capacity="0" rejection-policy="CALLER_RUNS" keep-alive="300"/>
<task:annotation-driven executor="taskExecutor" />
<bean id="lobHandler" class="org.springframework.jdbc.support.lob.OracleLobHandler">
</bean>
<!-- Configuração de Locale -->
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
<property name="defaultLocale" value="pt_BR" />
</bean>
<!-- Annotação para controle de transações na aplicação -->
<tx:annotation-driven transaction-manager="transactionManager"/>
<!-- Indica qual o transaction manager a ser utilizado -->
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource"/>
<property name="nestedTransactionAllowed" value="true"/>
</bean>
<!-- Mensagens do sistema -->
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basename" value="mensagens" />
</bean>
<bean name="stcProperties" class="br.com.cielo.portalcontestacao.service.utils.STCProperties"/>
<bean name="serviceInvoker" class="br.com.cielo.portalcontestacao.service.ServiceInvokerImpl"/>
</beans>
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=
"http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<http pattern="/static/**" security="none"/>
<http pattern="/" security="none"/>
<http auto-config='true' disable-url-rewriting="true" use-expressions="true">
<intercept-url pattern="/pages/login" access="anonymous or fullyAuthenticated" />
<form-login login-page="/pages/login" />
<session-management session-fixation-protection="newSession">
<concurrency-control max-sessions="1" />
</session-management>
</http>
<beans:bean id='userDetailsService'
class="br.com.cielo.portalcontestacao.security.UserDetailsServiceImpl">
<beans:property name="jdbcTemplate" ref="jdbcTemplate"/>
<beans:property name="namedParameterJdbcTemplate" ref="namedParameterJdbcTemplate"/>
</beans:bean>
<beans:bean id='stcAuthenticationProvider'
class="br.com.cielo.portalcontestacao.security.AuthenticationProviderServiceImpl">
<beans:property name="serviceInvoker" ref="serviceInvoker"/>
<beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>
<authentication-manager erase-credentials="true">
<authentication-provider ref='stcAuthenticationProvider' />
</authentication-manager>
</beans:beans>
stc-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- DispatcherServlet application context for web tier. -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!--context:annotation-config/-->
<security:global-method-security secured-annotations="enabled"/>
<mvc:view-controller path="/pages/login" view-name="login"/>
<mvc:view-controller path="/pages/home" view-name="index"/>
<mvc:view-controller path="/pages/acessonegado" view-name="acessoNegado"/>
<!-- Declara as Exceptions a serem tratadas pelo framework -->
<!--bean class="br.com.cielo.portalcontestacao.service.exceptions.GenericException">
<property name="exceptionMappings">
<props>
<prop key="java.lang.Exception">dataAccessFailure</prop>
<prop key="org.springframework.web.servlet.PageNotFound">pageNotFound</prop>
<prop key="org.springframework.dao.DataAccessException">dataAccessFailure</prop>
<prop key="org.springframework.transaction.TransactionException">dataAccessFailure</prop>
</props>
</property>
</bean-->
<!-- Declaracao dos Views Resolvers utilizados na aplicacao -->
<bean class="org.springframework.web.servlet.view.XmlViewResolver">
<property name="order" value="0" />
</bean>
<bean class="org.springframework.web.servlet.view.ResourceBundleViewResolver">
<property name="basename" value="views"/>
<property name="order" value="1" />
</bean>
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
<property name="order" value="0" />
</bean>
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basename" value="mensagens"/>
</bean>
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<!-- one of the properties available; the maximum file size in bytes -->
<property name="maxUploadSize" value="10000000" />
</bean>
</beans>
Here is some class that I want the access restricted by Spring Security:
imports ommited
ImportacaoArquivo.java
#Secured("ROLE_SCHEDULE")
#Controller
public class ImportacaoArquivo {
#Secured("ROLE_SCHEDULE")
#RequestMapping(value = "/pages/schedules", method = RequestMethod.GET)
public final ModelAndView exibirPageLinks(final HttpServletRequest request) {
return new ModelAndView("arquivo");
}
}
<security:global-method-security /> should be declared in the same context where beans you want to secure are declared.
Since your controller is declared (by <context:component-scan />) in the root context, <security:global-method-security /> should be declared there as well.
So, this is the information I've gathered from reading different sources:
Your <security:global-method-security /> has to be declared in stc-servlet.xml
<context:component-scan /> for your your controllers has to be declared in stc-servlet.xml. The scanning for the rest of your beans may remain in applicationContext.xml. This would work best if your controllers are contained inside one package and nothing else is there (for instance br.com.cielo.portalcontestacao.controllers).
Also on stc-servlet.xml you need to define <aop:config proxy-target-class="true" />. This instructs Spring to use CGLib to advice methods and classes, and you need that because your controllers do not implement any interface.
Alternative solutions:
Use regular intercept-url to define which endpoints have to be secure.
Use #Secured annotation on your services instead of using it on the controllers.
delete 'final' keyword from the method in your ImportacaoArquivo.java file:
#Secured("ROLE_SCHEDULE")
#RequestMapping(value = "/pages/schedules", method = RequestMethod.GET)
public ModelAndView exibirPageLinks(final HttpServletRequest request) {
return new ModelAndView("arquivo");
}
Related
It's My Project
enter image description here
It's My spring-mvc.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd">
<context:component-scan base-package="com.SpringDemo.Controller"/>
<!-- Thymeleaf Template Resolver -->
<bean id="templateResolver" class="org.thymeleaf.spring4.templateresolver.SpringResourceTemplateResolver">
<property name="prefix" value="" />
<property name="suffix" value=".html" />
<property name="templateMode" value="HTML" />
<property name="order" value="1" />
</bean>
<bean id="templateEngine" class="org.thymeleaf.spring4.SpringTemplateEngine">
<property name="templateResolver" ref="templateResolver" />
<property name="enableSpringELCompiler" value="true" />
</bean>
<bean class="org.thymeleaf.spring4.view.ThymeleafViewResolver">
<property name="viewNames" value="thymeleaf/*"/>
<property name="templateEngine" ref="templateEngine" />
</bean>
<!-- 对模型视图名称的解析,即在模型视图名称添加前后缀 -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="" />
<!--<property name="suffix" value=".jsp" />-->
<property name="order" value="2" />
<property name="viewNames" value="*.jsp" />
</bean>
<!-- 支持上传文件 -->
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver"/>
</beans>
It's My Controller
#Controller
public class HomeController{
//It's OK
#RequestMapping("/home")
public String showHomePage(Model model){
model.addAttribute("name","spring-mvc");
return "thymeleaf/testTh";
}
//It's WRONG
#RequestMapping("/index")
public ModelAndView test(ModelAndView mv){
mv.addObject("name","erer");
mv.setViewName("index.jsp");
return mv;
}
}
It's My Exception
enter image description here
In's My Web.xml
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<!-- 加载springMVC的配置文件 -->
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mvc.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
I want that all requests are first passed through the controller.
And then return to the page
Please import spring-boot-starter-thymeleaf
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
I think the problems may be located on the returned view name. Since the view name is the same as the /index path, so maybe it will be dispatched by spring dispatcher again. Maybe you can try to change the view as another name to have a try.
I want to update a website in real time by using WebSocket to push data from within a class annotated as ServerEndpoint. Such data is to be obtained from a given bean created in the Spring xml file. #Autowire does not work, so I assume it's because my endpoint object is in a different context. How can I get such reference?
Edit
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml,
/WEB-INF/spring-database.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
servlet-context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure -->
<!-- Enables the Spring MVC #Controller programming model -->
<annotation-driven />
<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
<resources mapping="/resources/**" location="/resources/" />
<!-- Resolves views selected for rendering by #Controllers to thymeleaf resources in the /WEB-INF/view directory -->
<beans:bean id="templateResolver" class="org.thymeleaf.templateresolver.ServletContextTemplateResolver">
<beans:property name="prefix" value="/WEB-INF/view/" />
<beans:property name="suffix" value=".html" />
<beans:property name="templateMode" value="HTML5" />
<beans:property name="cacheable" value="false" />
</beans:bean>
<beans:bean id="templateEngine" class="org.thymeleaf.spring4.SpringTemplateEngine">
<beans:property name="templateResolver" ref="templateResolver" />
<beans:property name="additionalDialects">
<beans:set>
<beans:bean class="org.thymeleaf.extras.springsecurity4.dialect.SpringSecurityDialect" />
</beans:set>
</beans:property>
</beans:bean>
<beans:bean class="org.thymeleaf.spring4.view.ThymeleafViewResolver">
<beans:property name="templateEngine" ref="templateEngine" />
<beans:property name="order" value="1" />
</beans:bean>
<beans:bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<!-- max upload size in bytes -->
<beans:property name="maxUploadSize" value="52428800" /> <!-- 50MB -->
<!-- max size of file in memory (in bytes) -->
<beans:property name="maxInMemorySize" value="1048576" /> <!-- 1MB -->
</beans:bean>
<context:component-scan base-package="com.mypackage" />
<context:annotation-config />
<beans:bean id="localeChangeInterceptor"
class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<beans:property name="paramName" value="language" />
</beans:bean>
<beans:bean class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping" >
<beans:property name="interceptors">
<beans:list>
<beans:ref bean="localeChangeInterceptor" />
</beans:list>
</beans:property>
</beans:bean>
<!-- Register the welcome.properties -->
<beans:bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<beans:property name="basename" value="ui_messages" />
</beans:bean>
<beans:import resource="serverConfiguration.xml"/> <!-- Here is where I create the bean I need -->
Thanks in advance,
Diego
I'm building a spring security sample with method security enabled.
before using methodSecurity I'm not getting any errors, but after I annotate the method with #PreAuthorize annotation I get this error
java.lang.NoClassDefFoundError: org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor
I have spring 4 libs added to the project. also spring security 3.2.6
my web.xml file content
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!--region Spring Security-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/config/security-config.xml</param-value>
</context-param>
<!--endregion-->
<servlet>
<servlet-name>fitTrackerServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/config/servlet-config.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>fitTrackerServlet</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>fitTrackerServlet</servlet-name>
<url-pattern>/pdfs/**</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>fitTrackerServlet</servlet-name>
<url-pattern>/images/**</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>fitTrackerServlet</servlet-name>
<url-pattern>*.json</url-pattern>
</servlet-mapping>
<display-name>Archetype Created Web Application</display-name>
</web-app>
servlet-config.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<context:component-scan base-package="com.pluralsight" />
<mvc:annotation-driven />
<security:global-method-security pre-post-annotations="enabled"/>
<mvc:resources mapping="/pdfs/**" location="/pdfs"/>
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basename" value="messages"/>
</bean>
<mvc:interceptors>
<bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="language"/>
</bean>
</mvc:interceptors>
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
<property name="defaultLocale" value="en"/>
</bean>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>
<bean id="multipartResolver" class="org.springframework.web.multipart.support.StandardServletMultipartResolver">
</bean>
</beans>
security-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns="http://www.springframework.org/schema/security"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" use-expressions="true">
<!--khatte avale ziri baraye tanzim login page mibashad-->
<intercept-url pattern="/Login.html" access="permitAll" />
<intercept-url pattern="/Logout.html" access="permitAll" />
<intercept-url pattern="/403.html" access="permitAll" />
<intercept-url pattern="/LoginFailed.html" access="permitAll" />
<form-login login-page="/Login.html" authentication-failure-url="/LoginFailed.html" />
<logout logout-success-url="/Logout.html" />
<access-denied-handler error-page="/403.html" />
</http>
<authentication-manager>
<authentication-provider>
<!--instead of the "userDetailsService" we can use this line of code: -->
<jdbc-user-service data-source-ref="dataSource"/>
<password-encoder hash="bcrypt"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="com.microsoft.sqlserver.jdbc.SQLServerDriver" />
<beans:property name="url" value="jdbc:sqlserver://server;databasename=SpringSecurity" />
<beans:property name="username" value="sa" />
<beans:property name="password" value="Rooyan#1234" />
</beans:bean>
</beans:beans>
here's the annotated method:
#PreAuthorize("hasRole('ROLE_ADMIN')")
#RequestMapping(value = "addGoal", method = RequestMethod.POST)
public String updateGoal(#Valid #ModelAttribute("goal") Goal goal, BindingResult result) {
System.out.println("result has errors: " + result.hasErrors());
System.out.println("Goal set: " + goal.getMinutes());
if(result.hasErrors()) {
return "addGoal";
}
return "redirect:index.jsp";
}
Adding this dependency solved the issue for me:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-messaging</artifactId>
</dependency>
Note that I am using Spring Boot 1.4.0.RC1.
Make sure that you have aopalliance jar in your WEB-INF/lib folder.
As of Spring 3, spring-aop no longer has this.
I'm having a problem trying to figure out what went wrong with my code.
I'm trying to create a user and role management using spring mvc + hibernate + mysql but what happens is all of my page return http 404
my web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
servlet-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:task="http://www.springframework.org/schema/task" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.2.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/jee
http://www.springframework.org/schema/jee/spring-jee-3.2.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing
infrastructure -->
<mvc:annotation-driven />
<tx:annotation-driven />
<context:component-scan base-package="com.spring.userman" />
<context:component-scan base-package="com.spring.userman.service" />
<context:component-scan base-package="com.spring.userman.dao" />
<context:component-scan base-package="com.spring.userman.model" />
<!-- Resolves views selected for rendering by #Controllers to .jsp resources
in the /WEB-INF/views directory -->
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
</bean>
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/springtest" />
<property name="username" value="root" />
<property name="password" value="root" />
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="dataSource"></property>
<property name="annotatedClasses">
<list>
<value>com.spring.userman.model.Role</value>
<value>com.spring.userman.model.User</value>
</list>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQL5Dialect</prop>
<prop key="hibernate.show_sql">true</prop>
</props>
</property>
</bean>
<bean id="transactionManager"
class="org.springframework.orm.hibernate4.HibernateTransactionManager"
p:sessionFactory-ref="sessionFactory">
</bean>
root-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- Root Context: defines shared resources visible to all other web components -->
<context:component-scan base-package="com.spring.userman" />
<context:component-scan base-package="com.spring.userman.service" />
<context:component-scan base-package="com.spring.userman.dao" />
<context:component-scan base-package="com.spring.userman.model" />
<security:http auto-config="true">
<security:intercept-url pattern="/sec/moderation"
access="ROLE_MODERATOR" />
<security:intercept-url pattern="/admin/"
access="ROLE_ADMIN" />
<security:form-login login-page="/user-login"
default-target-url="/success-login" authentication-failure-url="/error-login" />
<security:logout logout-success-url="/index" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="customUserDetailsService">
<security:password-encoder hash="plaintext" />
</security:authentication-provider>
</security:authentication-manager>
I suspect the problem come from the security:authencation-manager, because when I replace the authentication provider with a hardcoded user I can access all of my page without the 404 error.
Thank you
Servlet context is the child context of root context. Thus all beans defined in root context are available in servlet context but the one's defined in servlet context are not available in root context.
I am presuming you are doing db interactions in customUserDetailsService thus would have injected/used EM/SessionFactory somehow. However these are defined in servlet context thus these definitions are not available in root context during creations of customUserDetailsService.
The simplest solution may be to move the relevant beans definition (relate to db interactions) to root context. However be careful since you wouldn't have flexibility to do web scoping (request/session etc) of these beans in root context (it's not web aware whereas servlet context in contrast is).
I'm using
<mvc:resources mapping="/resources/**" location="/resources/" />
To handle static content in my SpringMVC app. This works fine. I am able to upload images and retrieve them within the application using the "/resources" url .I want to use an jpeg for a background image in a jsp, so I though I would simply drop the jpeg into the resources folder in my workspace. However, there is no resource folder in my workspace folder anywhere. Where is spring storing these images? How do I get to this folder to add my background image?
as requested web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web- app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>SpringMVCTest</display-name>
<servlet>
<servlet-name>springMVCTest</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springMVCTest</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
servlet.xml to clarify everything is configured properly.
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
<tx:annotation-driven />
<mvc:annotation-driven />
<mvc:resources mapping="/resources/**" location="/resources/" />
<context:component-scan base-package="/"></context:component-scan>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/"></property>
<property name="suffix" value=".jsp"></property>
</bean>
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver" p:maxUploadSize="1000000" />
<bean id="personService" class="PersonServiceImpl" />
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/test" />
<property name="username" value="root" />
<property name="password" value="" />
</bean>
<bean id="sessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="packagesToScan" value="/" />
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
<prop key="hibernate.hbm2ddl.auto">update</prop>
</props>
</property>
</bean>
<bean id="transactionManager" class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
The call to the save image method
saveImage(context.getRealPath("/resources/" + person.getId() + ".jpg"), image);
However, there is no resource folder in my workspace folder anywhere
It should be present in WebContent. If its not there then <mvc:resource> is not being used to serve static content.
How do I get to this folder to add my background image?
Create resources folder under WebContent and put your images into it. Access the images by /resources/foo.jpeg.