Announcement Announcement Module
Collapse
No announcement yet.
An Application withouth web Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • An Application withouth web

    Hi ,
    I am totally new to Spring Security. But I read now for two days internet tuts and the Spring Security 3 Book.
    I am working on my Bachelor Thesis and have to add to classes the security meachnism of Spring. That means I won't need a webserver like Apache for my Application.
    All I want to do is that some methods are invoked only by RoleA and some other Methods are only allowed to for RoleB and so on.
    I looked into many forums but none of them showed how to use spring without a webapplication. I start wondering if it even possible to use? (I know it is but I can't find it)

    I have the following questions hopefully to finally to start with the programming.
    How can I set up the SecurityContextHolder.
    In Particular what do I have to do configure everything via xml. I mean web.xml is not needet. But where does the program know where to load the file with all the configurations.
    And moreover how can Authentications invoke annotated methods?

    I only found this at the reference Paper
    Code:
    package test.security;
    import java.io.BufferedReader;
    import java.io.InputStreamReader;
    
    import javax.naming.AuthenticationException;
    
    import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
    import org.springframework.security.authentication.AuthenticationManager;
    import org.springframework.security.authentication.BadCredentialsException;
    import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
    import org.springframework.security.core.Authentication;
    import org.springframework.security.core.context.SecurityContext;
    import org.springframework.security.core.context.SecurityContextHolder;
    
    
    public class Main {
    
        private static AuthenticationManager am = new SampleAuthenticationManager();
    
        /**
         * @param args
         */
        public static void main(String[] args) throws Exception {
            
                
                while(true) {
    
                
                try
                {
                Authentication request = new UsernamePasswordAuthenticationToken("bob", "bob");
                System.out.println(request.toString());
                Authentication result = am.authenticate(request);
                System.out.println(result.toString());
                
                SecurityContextHolder.setStrategyName("MODE_GLOBAL");
                System.out.println(SecurityContextHolder.getContextHolderStrategy().toString());
                SecurityContextHolder.getContext().setAuthentication(result);
                System.out.println("Erfolgreich angemeldet");
                System.out.println(result.toString());
                
                Methods methods = new Methods();
                methods.forUser();
                methods.forAdmin();
                break;
                }
                catch (BadCredentialsException e) {
                    System.out.println(e.getMessage());
                }
                
                
                }
                System.out.println("ENDE");
    
    
        }
    
    }
    In this code I can call both methods, although it is only allowed to call methods.forUser() but there should be an exception by the call of methods.forAdmin()

    Code:
    package test.security;
    import org.springframework.security.access.annotation.Secured;
    import org.springframework.security.access.prepost.PreAuthorize;
    import org.springframework.test.annotation.Rollback;
    
    
    public class Methods  {
    
        @Secured("PETER")
        public void forUser()
        {
            System.out.println("Peter hat Zugriff");
        }
        
        @Secured("ROLE_ADMIN")
        public void forAdmin()
        {
            System.out.println("Admin hat Zugriff");
        }
        
        
    
    }
    Code:
    package test.security;
    import java.util.List;
    import java.util.ArrayList;
    
    import org.springframework.security.authentication.AuthenticationManager;
    import org.springframework.security.core.Authentication;
    import org.springframework.security.core.AuthenticationException;
    import org.springframework.security.core.GrantedAuthority;
    import org.springframework.security.core.authority.GrantedAuthorityImpl;
    import org.springframework.security.authentication.*;
    
    
    public class SampleAuthenticationManager implements AuthenticationManager {
        
        static final List<GrantedAuthority> AUTHORITIES = new ArrayList<GrantedAuthority>();
    
        static {  AUTHORITIES.add(new GrantedAuthorityImpl("ROLE_USER"));
                 AUTHORITIES.add(new GrantedAuthorityImpl("PETER"));
        }
        
    
        @Override
        public Authentication authenticate(Authentication auth) throws AuthenticationException {
            if (auth.getName().equals(auth.getCredentials())) 
            {
                return new UsernamePasswordAuthenticationToken(auth.getName(), auth.getCredentials(), AUTHORITIES);
            }
            throw new BadCredentialsException("Bad Credentials");
    
        
        }
    
    
    }
    If you share your knowledge I would be more than happy.

    regards
    A desperate Student from germany.
Working...
X