Announcement Announcement Module
Collapse
No announcement yet.
Spring Webflow 2.0.8 and Spring Security 3.0.0.M1 incompatibility Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Webflow 2.0.8 and Spring Security 3.0.0.M1 incompatibility

    Hi,
    I've already post a message here concerning a compatibility problem due to a spring security refactor.

    Anybody know about a new version to be compiled with a more recent version of spring security?

    Do I have to compile Spring Webflow it on my own?

    Thanks for help.

  • #2
    Originally posted by echavet View Post
    Hi,
    I've already post a message here concerning a compatibility problem due to a spring security refactor.

    Anybody know about a new version to be compiled with a more recent version of spring security?

    Do I have to compile Spring Webflow it on my own?

    Thanks for help.
    see here to solve

    Comment


    • #3
      just for anyone who runs into the same problem

      here is a simpler fix than recompiling all the classes and building a new webflow jar...

      just create somewhere a java file called com.mypackage.SecurityFlowExecutionListener

      copy the following code:

      Code:
      package commypackage;
      
      /*
       * Copyright 2004-2008 the original author or authors.
       *
       * Licensed under the Apache License, Version 2.0 (the "License");
       * you may not use this file except in compliance with the License.
       * You may obtain a copy of the License at
       *
       *      http://www.apache.org/licenses/LICENSE-2.0
       *
       * Unless required by applicable law or agreed to in writing, software
       * distributed under the License is distributed on an "AS IS" BASIS,
       * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
       * See the License for the specific language governing permissions and
       * limitations under the License.
       */
      import java.util.ArrayList;
      import java.util.Iterator;
      import java.util.List;
      
      import org.springframework.security.access.AccessDecisionManager;
      import org.springframework.security.access.AccessDecisionVoter;
      import org.springframework.security.access.ConfigAttribute;
      import org.springframework.security.access.SecurityConfig;
      import org.springframework.security.access.vote.AbstractAccessDecisionManager;
      import org.springframework.security.access.vote.AffirmativeBased;
      import org.springframework.security.access.vote.RoleVoter;
      import org.springframework.security.access.vote.UnanimousBased;
      import org.springframework.security.core.Authentication;
      import org.springframework.security.core.context.SecurityContextHolder;
      import org.springframework.webflow.definition.FlowDefinition;
      import org.springframework.webflow.definition.StateDefinition;
      import org.springframework.webflow.definition.TransitionDefinition;
      import org.springframework.webflow.execution.EnterStateVetoException;
      import org.springframework.webflow.execution.FlowExecutionListenerAdapter;
      import org.springframework.webflow.execution.RequestContext;
      import org.springframework.webflow.security.SecurityRule;
      
      /**
       * Flow security integration with Spring Security
       * 
       * @author Scott Andrews
       */
      public class SecurityFlowExecutionListener extends FlowExecutionListenerAdapter {
      
      	private AccessDecisionManager accessDecisionManager;
      
      	/**
      	 * Get the access decision manager that makes flow authorization decisions.
      	 * @return the decision manager
      	 */
      	public AccessDecisionManager getAccessDecisionManager() {
      		return accessDecisionManager;
      	}
      
      	/**
      	 * Set the access decision manager that makes flow authorization decisions.
      	 * @param accessDecisionManager the decision manager to user
      	 */
      	public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
      		this.accessDecisionManager = accessDecisionManager;
      	}
      
      	public void sessionCreating(RequestContext context, FlowDefinition definition) {
      		SecurityRule rule = (SecurityRule) definition.getAttributes().get(SecurityRule.SECURITY_ATTRIBUTE_NAME);
      		if (rule != null) {
      			decide(rule, definition);
      		}
      	}
      
      	public void stateEntering(RequestContext context, StateDefinition state) throws EnterStateVetoException {
      		SecurityRule rule = (SecurityRule) state.getAttributes().get(SecurityRule.SECURITY_ATTRIBUTE_NAME);
      		if (rule != null) {
      			decide(rule, state);
      		}
      	}
      
      	public void transitionExecuting(RequestContext context, TransitionDefinition transition) {
      		SecurityRule rule = (SecurityRule) transition.getAttributes().get(SecurityRule.SECURITY_ATTRIBUTE_NAME);
      		if (rule != null) {
      			decide(rule, transition);
      		}
      	}
      
      	/**
      	 * Performs a Spring Security authorization decision. Decision will use the provided AccessDecisionManager. If no
      	 * AccessDecisionManager is provided a role based manager will be selected according to the comparison type of the
      	 * rule.
      	 * @param rule the rule to base the decision
      	 * @param object the execution listener phase
      	 */
      	protected void decide(SecurityRule rule, Object object) {
      		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
      		List<ConfigAttribute> config = getConfigAttributes(rule);
      		if (accessDecisionManager != null) {
      			accessDecisionManager.decide(authentication, object, config);
      		} else {
      			AbstractAccessDecisionManager abstractAccessDecisionManager;
      			List<AccessDecisionVoter> voters = new ArrayList<AccessDecisionVoter>();
      			voters.add(new RoleVoter());
      			if (rule.getComparisonType() == SecurityRule.COMPARISON_ANY) {
      				abstractAccessDecisionManager = new AffirmativeBased();
      			} else if (rule.getComparisonType() == SecurityRule.COMPARISON_ALL) {
      				abstractAccessDecisionManager = new UnanimousBased();
      			} else {
      				throw new IllegalStateException("Unknown SecurityRule match type: " + rule.getComparisonType());
      			}
      			abstractAccessDecisionManager.setDecisionVoters(voters);
      			abstractAccessDecisionManager.decide(authentication, object, config);
      		}
      	}
      
      	/**
      	 * Convert SecurityRule into a form understood by Spring Security
      	 * @param rule the rule to convert
      	 * @return list of ConfigAttributes for Spring Security
      	 */
      	@SuppressWarnings("unchecked")
      	protected List<ConfigAttribute> getConfigAttributes(SecurityRule rule) {
      		List<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>();
      		Iterator<String> attributeIt = rule.getAttributes().iterator();
      		while (attributeIt.hasNext()) {
      			configAttributes.add(new SecurityConfig(attributeIt.next()));
      		}
      		return configAttributes;
      	}
      }
      in your flow-config.xml just change the bean from

      Code:
      <bean id="securityFlowExecutionListener"
      		class="org.springframework.webflow.security.SecurityFlowExecutionListener" />

      to

      Code:
      <bean id="securityFlowExecutionListener"
      		class="com.myPackage.SecurityFlowExecutionListener" />
      hope this helps... its a simpler easier fix

      Chris

      Comment

      Working...
      X