Announcement Announcement Module
Collapse
No announcement yet.
Spring Security 3 and Ajax type login Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by alois.cochard View Post
    I implemented that exactly the same way, but I needed to create some more class because of the new structure of spring security 3.0 (not really difficult, but took time to understand spring security 3.0 changes).

    Don't hesitate to ask for code too, I can post a sample project on my blog. But remember I made it for spring security 3.0.
    Please post or email the code for Spring Security 3.0...

    Comment


    • #17
      Spring Security 3 with ExtJS 3.3 working configuration

      I want to post my working configuration:

      Code:
      Spring-Security-Context.xml
      
      <?xml version="1.0" encoding="UTF-8"?>
      
      <beans xmlns="http://www.springframework.org/schema/beans"
      	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
      	xmlns:security="http://www.springframework.org/schema/security"
      	xmlns:tx="http://www.springframework.org/schema/tx"
      	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
      
      
      
      <!-- Locale Resolver -->
      
      	<bean id="localeResolver"
      		class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
      		<property name="defaultLocale" value="it" />
      	</bean>
      
      	<!-- Spring Security 3 -->
      
      	<security:global-method-security
      		pre-post-annotations="enabled" secured-annotations="enabled" />
      	<bean id="NSPUserDetailsService"
      		class="it.xxx.newstudentportal.security.NSPUserDetailsService" />
      
      
      
      	<security:authentication-manager alias="NSPauthenticationManager">
      		<!-- -->
      		<security:authentication-provider
      			user-service-ref="NSPUserDetailsService" />
      	</security:authentication-manager>
      
      
      
      
      	<alias name="filterChainProxy" alias="springSecurityFilterChain" />
      
      	<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
      		<security:filter-chain-map path-type="ant">
      			<security:filter-chain
      				filters="securityContextFilter, logoutFilter, formLoginFilter, requestCacheFilter,
                  servletApiFilter, anonFilter, sessionMgmtFilter, exceptionTranslator, filterSecurityInterceptor"
      				pattern="/**" />
      		</security:filter-chain-map>
      
      	</bean>
      
      	<bean id="securityContextFilter"
      		class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
      		<property name="securityContextRepository" ref="securityContextRepository" />
      	
      	</bean>
      	<bean id="securityContextRepository"
      		class="org.springframework.security.web.context.HttpSessionSecurityContextRepository" />
      
      	<bean id="logoutFilter"
      		class="org.springframework.security.web.authentication.logout.LogoutFilter">
      		<constructor-arg value="/logged_out.htm" />
      		<constructor-arg>
      			<list>
      				<bean
      					class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
      			</list>
      		</constructor-arg>
      	</bean>
      
      
      	<bean id="formLoginFilter"
      		class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
      		<property name="authenticationManager" ref="NSPauthenticationManager" />
      		<property name="authenticationSuccessHandler">
      			<bean
      				class="it.xxx.newstudentportal.security.NSPSavedRequestAwareAuthenticationSuccessHandler">
      				<property name="alwaysUseDefaultTargetUrl" value="false"></property>
      				<property name="defaultTargetUrl" value="/urtargetUrl" />
      			</bean>
      		</property>
      		<property name="authenticationFailureHandler">
      		<bean
      				class="it.xxx.newstudentportal.security.NSPAuthenticationFailureHandler">
      		</bean>
      		</property>
      		<property name="filterProcessesUrl" value="/j_spring_security_check"></property>
      
      		<property name="sessionAuthenticationStrategy">
      			<bean
      				class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" >
      				</bean>
      				
      		</property>
      	</bean>
      
      	<bean id="requestCacheFilter"
      		class="org.springframework.security.web.savedrequest.RequestCacheAwareFilter" >
      		
      		</bean>
      
      	<bean id="servletApiFilter"
      		class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter">
      	</bean>
      
      	<bean id="anonFilter"
      		class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
      		<property name="key" value="SomeUniqueKeyForThisApplication" />
      		<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS" />
      	</bean>
      
      	<bean id="sessionMgmtFilter"
      		class="org.springframework.security.web.session.SessionManagementFilter">
      		<constructor-arg ref="securityContextRepository" />
      	</bean>
      
      	<bean id="exceptionTranslator"
      		class="org.springframework.security.web.access.ExceptionTranslationFilter">
      		<property name="authenticationEntryPoint">
      			<bean
      				class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
      				<property name="loginFormUrl" value="/index.jsp" />
      				<property name="forceHttps" value="false"></property>
      				<!-- <property name="useForward" value="true"></property> -->
      			</bean>
      		</property>
      	</bean>
      
      	<bean id="filterSecurityInterceptor"
      		class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
      		<property name="securityMetadataSource">
      			<security:filter-security-metadata-source>
      				<!-- <sec:intercept-url pattern="/secure/extreme/*" access="ROLE_SUPERVISOR"/> -->
      				<security:intercept-url pattern="/XXX.html*"
      					access="IS_AUTHENTICATED_FULLY" />
      				<security:intercept-url pattern="/index.jsp"
      					access="IS_AUTHENTICATED_ANONYMOUSLY" />
      				<!-- <security:intercept-url pattern="/**" access="ROLE_USER" /> -->
      			</security:filter-security-metadata-source>
      		</property>
      		<property name="authenticationManager" ref="NSPauthenticationManager" />
      		<property name="accessDecisionManager" ref="accessDecisionManager" />
      	</bean>
      
      	<bean id="accessDecisionManager"
      		class="org.springframework.security.access.vote.AffirmativeBased">
      		<property name="decisionVoters">
      			<list>
      				<bean class="org.springframework.security.access.vote.RoleVoter" />
      				<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
      			</list>
      		</property>
      	</bean>
      </beans>
      And then the successHandler Class:

      Code:
      import java.io.IOException;
      import java.io.Writer;
      
      import javax.servlet.ServletException;
      import javax.servlet.http.HttpServletRequest;
      import javax.servlet.http.HttpServletResponse;
      import javax.servlet.http.HttpServletResponseWrapper;
      
      import org.springframework.security.core.Authentication;
      import org.springframework.security.web.RedirectStrategy;
      import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
      
      public class NSPSavedRequestAwareAuthenticationSuccessHandler extends
      		SavedRequestAwareAuthenticationSuccessHandler {
      
      	@Override
      	public void onAuthenticationSuccess(HttpServletRequest request,
      			HttpServletResponse response, Authentication authentication)
      			throws ServletException, IOException {
      		
      		this.setRedirectStrategy(new RedirectStrategy() {
      			
      			@Override
      			public void sendRedirect(HttpServletRequest request, HttpServletResponse response,
      					String s) throws IOException {
      				//do nothing, no redirect to make it working with extjs
      				
      			}
      		});
      		
      		super.onAuthenticationSuccess(request, response, authentication);
      
      		
      		
      		HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper(
      				response);
      
      
      		Writer out = responseWrapper.getWriter();
      
      		 out.write("{success:true}");
      		 out.flush();
      		 out.close();
      
      		
      		
      
      	}
      	
      	
      	
      
      }
      It's very important Overriding the sendRedirect Method to prevent Spring automatically returning page content in the output stream.
      You can use Json Libs too (like Jackson) to return complex types.

      Happy Coding

      On Behalf of NSP 2010 Team

      Comment

      Working...
      X