Announcement Announcement Module
Collapse
No announcement yet.
Spring security tag and Freemarker Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring security tag and Freemarker

    Hello guys/gals

    I'm using Freemarker and Spring Security in my development project.

    I would like to conditionally display web components according to roles.

    If I WOULD use JSP I would do it like this:
    HTML Code:
    <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
    
    <html>
    <head>
    <title>My Page</title>
    </head>
    
    <body>
    <security:authorize ifAllGranted="ROLE_ADMIN">
         Hello admin!
    </security>
    </body>
    
    </html>
    But I'm NOT using JSP! I'm using Freemarker

    So, how would you do the same stuff with Freemarker?

    Goodcat

  • #2
    Add this to the top of your freemarker template...

    Code:
    <#assign security=JspTaglibs["http://www.springframework.org/security/tags"] />

    and then you can use...

    Code:
    <@security.authorize ifAnyGranted="ROLE_WHATEVER">
    ...
    </@security.authorize>

    Comment


    • #3
      Hi joshr,

      I did it your way but I"m getting this error
      Code:
      org.springframework.web.util.NestedServletException: Request processing failed; nested exception is freemarker.core.InvalidReferenceException: Error on line 5, column 1 in /cars/car-detail.ftl
      JspTaglibs["http://www.springframework.org/security/tags"] is undefined.
      It cannot be assigned to security
      	org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:583)
      	org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501)
      	javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
      	javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
      	org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
      	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
      	org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96)
      	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
      	com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:119)
      	com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:55)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
      	org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
      	org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
      	org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
      	org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
      	org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
      	org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
      	org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:277)
      	org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
      	org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
      	org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
      	org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
      	org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
      	org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)
      	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
      	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
      Do you have any idea where is the problem?

      Thanks in advance, jrv

      Comment


      • #4
        Thanks joshr!

        I got it to work like that.

        As a sidenote, I only got it to work when I put spring-security-tags.jar in my /WEB-INF/lib folder.

        Problem solved

        Comment


        • #5
          Hello, i got some problem with you, but i can't resolve yet. i didn't know, what's wrong with my code, i try with your mention above but in my view showing the code :
          Code:
          <#assign security=JspTaglibs["http://www.springframework.org/security/tags"] />
          I have spring-security-tags lib. Could you help me ? this not any exception occurs,
          Last edited by anaktani; Jun 3rd, 2009, 10:04 AM.

          Comment


          • #6
            I am not sure what your have an issue with. You are including the tag, not getting an exception, but what seems to be the problem? Are you not able to use the security tags?

            Can you post one of your freemarker files where you are using a security tag?

            Comment


            • #7
              Hello, i'm sory,,,it's my mistake... i forget to setting path for freemarker, and now i get exception occurs like this :
              Code:
              java.lang.ClassNotFoundException: org.springframework.security.acls.sid.SidRetrievalStrategy
                      at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1387)
                      at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1233)
                      at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
                      at java.lang.Class.forName0(Native Method)
                      at java.lang.Class.forName(Class.java:247)
                      at freemarker.template.utility.ClassUtil.forName(ClassUtil.java:77)..
              and this file using securuty tag :
              Code:
               <#assign security=JspTaglibs["http://www.springframework.org/security/tags"] />
                 <@security.authorize ifAnyGranted="ROLE_ADMIN">
              Your is Administrator
              </@security.authorize>
              <@security.authorize ifNotGranted="ROLE_ADMIN">
              Your is Nothing
              </@security.authorize><br>
              But i have security library ... spring-security-core.2.0.4 and spring-security-taglibs.2.0.4, something another needed again ?
              Last edited by anaktani; Jun 3rd, 2009, 08:59 PM.

              Comment


              • #8
                You still haven't actually said what the problem is ... Why are you saying something is wrong?

                Comment


                • #9
                  i have similar problem like anakTani, i'm using freemarker version=2.3.15, and spring security core 2.04, i get the exception occurs like this
                  Code:
                  exception
                  
                  org.springframework.web.util.NestedServletException: Handler processing failed; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/acls/sid/SidRetrievalStrategy
                  	org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:919)
                  	org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:808)
                  	org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
                  	org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431)
                  	javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
                  	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
                  And this my security-context.xml setting
                  Code:
                   <http auto-config='true' access-decision-manager-ref="accessDecisionManager">
                          <anonymous/>
                          <intercept-url pattern="/login.html*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
                          <intercept-url pattern="/*.html" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
                          <intercept-url pattern="/public/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
                          <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
                          <intercept-url pattern="/admin/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
                          <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
                  
                          <form-login login-page='/login.html' authentication-failure-url="/login.html?error=true" />
                      </http>
                  
                  
                  	<!--
                  	The authentication manager is installed automatically with the security configuration above, but does not have
                  	a bean ID alias.  Use the authentication-manager tag to	define an alias, so that we can inject it into our
                  	JdbcUserDetailsManager as the authenticationManager property.
                  	-->
                      <authentication-manager alias="authManager"/>
                  
                  	<!--
                  	We use the Spring - provided JdbcUserDetailsManager directly,
                  	Any non-trivial application would probably extend and customize this,
                  	but that's not the purpose of this demo.
                      -->
                      <beans:bean id="userDetailsManager" class="org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager">
                          <beans:property name="dataSource" ref="dataSource"/>
                          <beans:property name="authenticationManager" ref="authManager"/>
                                
                  		<!-- enable lookup of permissions via user's group -->
                          <beans:property name="enableGroups" value="false"/>
                  
                  
                  		<!-- disable direct lookup of user's permissions (require lookup via group) -->
                          <beans:property name="enableAuthorities" value="true"/>
                      </beans:bean>
                  
                      <!-- Again, we use the 'stock' authentication provider - no customization here -->
                      <authentication-provider user-service-ref="userDetailsManager"/>
                  
                  
                  	<!--  configuration to use "PERM_" prefix for authorities instead of the default "ROLE_" prefix -->
                      <beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
                          <beans:property name="decisionVoters">
                              <beans:list>
                                  <beans:bean id="roleVoter" class="org.springframework.security.vote.RoleVoter">
                                      <beans:property name="rolePrefix" value="ROLE_" />
                                  </beans:bean>
                                  <beans:bean class="org.springframework.security.vote.AuthenticatedVoter"/>
                              </beans:list>
                          </beans:property>
                      </beans:bean>
                  i try used jsp, it's work...but if i used freemarker it's doesn't work,,any body help me ? please...

                  Comment


                  • #10
                    That class is in the Acl module, so it looks like you'll need that on the classpath when using freemarker. I'm not sure why it requires it when you aren't using the ACL tags.

                    Comment


                    • #11
                      Hi.. thanks Luke, i try to include spring-security-acl.jar in my project, it's work, but i still understand about the reason... thanks again...

                      Comment

                      Working...
                      X