Announcement Announcement Module
Collapse
No announcement yet.
Maven, Spring Security 3.0.x and spring-portlet-security JAR == No luck! Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Maven, Spring Security 3.0.x and spring-portlet-security JAR == No luck!

    Hi all,
    I'm searching to integrate my portlet security within Liferay 6.0 and I've integrated spring-security 3.0.7 within my WAR and configured:
    • Spring security XML context
    • my portlet security definition
    (see below for reference)

    To cut it short: where can I find the spring-security-portlet (groupId) from org.springframework.security.extensions (groupId)? For now I've resorted to download and build the artifact locally using the code found here. According to the source code's POM, the artifact declaration should be:
    Code:
    <dependency>
    	<groupId>org.springframework.security.extensions</groupId>
    	<artifactId>spring-security-portlet</artifactId>
    	<version>1.0.0.CI-SNAPSHOT</version>
    </dependency>
    Are these codes actually built by some CI server? In which public repository I can found them? I've tried with the following:

    My settings.xml file showing the repositories I'm using:
    Code:
    		<repositories>
    			<repository>
    				<id>com.springsource.repository.bundles.snapshot</id>
    				<name>SpringSource Enterprise Bundle Repository - SpringSource Bundle Snapshot</name>
    				<url>http://repository.springsource.com/maven/bundles/snapshot</url>
    			</repository>
    			<repository>
    				<id>com.springsource.repository.bundles.release</id>
    				<name>SpringSource Enterprise Bundle Repository - SpringSource Bundle Releases</name>
    				<url>http://repository.springsource.com/maven/bundles/release</url>
    			</repository>
    			<repository>
    				<id>com.springsource.repository.bundle.external</id>
    				<name>SpringSource Enterprise Bundle Repository - External Bundle Releases</name>
    				<url>http://repository.springsource.com/maven/bundles/external</url>
    			</repository>
    			<repository>
    				<id>com.springsource.repository.bundle.milestone</id>
    				<name>SpringSource Enterprise Bundle Repository - SpringSource Bundle Milestones</name>
    				<url>http://repository.springsource.com/maven/bundles/milestone</url>
    			</repository>
    
    			<repository>
    				<id>com.springsource.repository.libraries.release</id>
    				<name>SpringSource Enterprise Bundle Repository - SpringSource Library Releases</name>
    				<url>http://repository.springsource.com/maven/libraries/release</url>
    			</repository>
    			<repository>
    				<id>com.springsource.repository.libraries.external</id>
    				<name>SpringSource Enterprise Bundle Repository - External Library Releases</name>
    				<url>http://repository.springsource.com/maven/libraries/external</url>
    			</repository>
    			<repository>
    				<id>com.springsource.repository.libraries.milestone</id>
    				<name>SpringSource Enterprise Bundle Repository - Milestone Library	Releases</name>
    				<url>http://repository.springsource.com/maven/libraries/milestone</url>
    			</repository>
    			<repository>
    				<id>com.springsource.repository.libraries.snapshot</id>
    				<name>SpringSource Enterprise Bundle Repository - Snapshot Library Releases</name>
    				<url>http://repository.springsource.com/maven/libraries/snapshot</url>
    			</repository>
    
    			<repository>
    				<id>spring-maven-release</id>
    				<name>Spring Maven Release Repository</name>
    				<url>http://maven.springframework.org/release</url>
    			</repository>
    			<repository>
    				<id>spring-maven-milestone</id>
    				<name>Spring Maven Milestone Repository</name>
    				<url>http://maven.springframework.org/milestone</url>
    			</repository>
    			<repository>
    				<releases>
    					<enabled>false</enabled>
    				</releases>
    				<snapshots>
    					<enabled>true</enabled>
    				</snapshots>
    				<id>com.springsource.repository.maven.snapshot</id>
    				<name>SpringSource Enterprise Bundle Maven Repository - SpringSource Snapshot Releases</name>
    				<url>http://maven.springframework.org/snapshot</url>
    			</repository>
    		</repositories>
    More background follow

    In order to integrate the portal security I',ve found that spring-security 2.x contains a spring-security-portlet JAR to be included within a portlet application. Since I'm using spring security 3.0 there is no such JAR. So, I've searched around the web and found this GIT repository, downloaded th she code, updated the dependencies within the POM to refer to the latest Spring version and "mvn clean install"-ed it with no error.

    In order to configure the spring security and portlet context, I followed the portlet sample coming with the code. The application works: I can use @Secured annotations to protect methods and JSP security taglibs to conditionally show pieces of UI according to the portal user roles.

    Spring security XML context
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns:context="http://www.springframework.org/schema/context"
    	xmlns:security="http://www.springframework.org/schema/security"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
    		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    
    	<security:global-method-security  secured-annotations="enabled" pre-post-annotations="enabled" />
    	
    	<security:http use-expressions="true" entry-point-ref="preAuthenticatedEntryPoint" />
    	<bean id="preAuthenticatedEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
    
        <bean id="portletContextIntegrationInterceptor" class="org.springframework.security.extensions.portlet.PortletSessionContextIntegrationInterceptor"/>
        
        <bean id="portletAuthenticationInterceptor" class="org.springframework.security.extensions.portlet.PortletProcessingInterceptor">
            <property name="authenticationDetailsSource">
                <bean class="org.springframework.security.extensions.portlet.PortletPreAuthenticatedAuthenticationDetailsSource">
                    <property name="mappableRolesRetriever">
                        <bean class="org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever">
                            <property name="mappableAttributes">
                                <set>
                                    <!-- Some standard liferay roles -->
                                    <value>Administrator</value>
                                    <value>Guest</value>
                                    <value>User</value>
                                    <value>Power User</value>
                                </set>
                            </property>                        
                        </bean>
                    </property>
                </bean>
            </property>            
            <property name="authenticationManager" ref="authenticationManager"/>
            <!-- Liferay doesn't seem to set the authType -->
            <property name="useAuthTypeAsCredentials" value="false"/>
        </bean>
        
        <security:authentication-manager alias="authenticationManager">
        	<security:authentication-provider ref="portletAuthProvider" />
        </security:authentication-manager>
         
        <bean id="portletAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
            <property name="preAuthenticatedUserDetailsService">
                <bean class="org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
            </property>
            <property name="throwExceptionWhenTokenRejected" value="true"/>
        </bean>
    </beans>

    fascicoloutente-portlet.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns:context="http://www.springframework.org/schema/context"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
    
    	<import resource="common-portlet-context.xml"/>
    
        <bean id="portletModeHandlerMapping" class="org.springframework.web.portlet.handler.PortletModeHandlerMapping">
            <property name="interceptors">
                <list>
                    <ref bean="portletContextIntegrationInterceptor"/>
                    <ref bean="portletAuthenticationInterceptor"/>
                </list>            
            </property>
            <property name="portletModeMap">
                <map>
                    <entry key="view" value-ref="fascicoloUtentePortletController"/>
                </map>
            </property>
        </bean>
    
    	<context:component-scan base-package="it.osapulie.web.portlet.fascicoloutente" />
    </beans>

  • #2
    Hi. No, the portlet code is unmaintained and is likely to be dropped in future. You are welcome to fork it and use it as you see fit.

    Comment


    • #3
      Thanks Luke. Just one last question: does it mean that there is no interest in integrating spring-based portlets or there is a better way for integrating within a portal authentication system?

      Comment


      • #4
        I'm not aware of any alternative intergration options, but I don't really know much about portlets when it comes down to it.

        Comment

        Working...
        X