Announcement Announcement Module
Collapse
No announcement yet.
add spring security to an existing application Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • add spring security to an existing application

    Hello,
    I have to integrate spring security to an existing application that uses Velocity (no jsp and no spring). In this application, the authtication and authorization are managed via a complicated way, so I have to use spring security to make it easier. However, I followed some tutorials and many examples without success... to start with, is it even possible to use spring security without spring, and with velocity?
    here is the configurations i used (there are other filters but i put spring security on top):
    web.xml
    Code:
    <!-- Spring Security-->
     <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
              /WEB-INF/Spring-security-context.xml
            </param-value>
        </context-param>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      </filter>
    [...]
    <!-- Mapping Spring Security-->
        <filter-mapping>
             <filter-name>springSecurityFilterChain</filter-name>
             <url-pattern>/app/*</url-pattern>
        </filter-mapping>
    [...]
    <!--Spring Security-->
        <listener>
            <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class>
        </listener>
    Spring-security-context.xml
    Code:
    <beans:beans xmlns="http://www.springframework.org/schema/security"
      xmlns:beans="http://www.springframework.org/schema/beans"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns:context="http://www.springframework.org/schema/context"
      xsi:schemaLocation="http://www.springframework.org/schema/beans
               http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
               http://www.springframework.org/schema/context
               http://www.springframework.org/schema/context/spring-context-3.0.xsd
               http://www.springframework.org/schema/security
               http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    
    <!-- Activer @Autowired -->
     <context:annotation-config />
    
    <!-- Enable annotation-based security -->
       <global-method-security secured-annotations="enabled"
                               pre-post-annotations="enabled"/>
    <http pattern="/app/template/Login.vm" security="none" />
     <http  auto-config="false" use-expressions="true" >
     <form-login login-page="/app/template/Login.vm/" username-parameter="loginName" password-parameter="password"
                    login-processing-url="/app/template/Login.vm"
                    default-target-url="/app/template/supref/Home.vm" />
     </http>
    
     <beans:bean id="authenticatedVoter"
       class="org.springframework.security.access.vote.AuthenticatedVoter" />
    <!-- this voter will have the default attributes -->
    <beans:bean id="roleVoter"
       class="org.springframework.security.access.vote.RoleVoter ">
      <beans:property name="rolePrefix" value="" />
    </beans:bean>
       <beans:bean id="accessDecisionManager"
       class="org.springframework.security.access.vote.AffirmativeBased">
      <beans:property name="decisionVoters">
        <beans:list>
          <beans:ref bean="roleVoter" />
          <beans:ref bean="authenticatedVoter" />
        </beans:list>
      </beans:property>
    </beans:bean>
    
    <beans:bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>
    
     <beans:bean id="applicationUserDetailsService"
                class="com.frmwrk.services.security.spring_security.ApplicationUserDetailsService">
      </beans:bean>
    
    <authentication-manager>
       <authentication-provider user-service-ref="applicationUserDetailsService">
           <password-encoder hash="md5"/>
        </authentication-provider>
     </authentication-manager>
    
    </beans:beans>
    *ApplicationUserDetailsService.java, is an implementation of UserDetailsService
    *in my Login.vm, the fields are named: loginName, password, and the action refers to LoginAction.java where the authentication is handeled in the original application...

    I tried a lot, and when i try to see what is in the authentication object,i get "anonymousUser" :
    Code:
    Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    
    if (principal instanceof UserDetails) {
      String username = ((UserDetails)principal).getUsername();
    } else {
      String username = principal.toString();
    }
    what to do please?
    --Thank you
Working...
X