custom message with acegi

Hi!

I have got the problem while define the custom message in acegi with spring.

 Reading the reference guide does not help me, since following code snip from it does not work:

<bean id=”messageSource” class=”org.springframework.context.support.Reloada bleResourceBundleMessageSource”>

<property name=”basename”><value>my/project/securitymessages</value></property>

</bean>

After reading the Source Code of Acegi, I have got the following idea:

<bean id=”messageSource” class=”org.acegisecurity.AcegiMessageSource”>

<property name=”basename”><value>my/project/securitymessages</value></property>

</bean>

This bean definition works. I have no idea, if the reference guide is wrong or I simply used the MessagesSource otherwise than expected, but since it works for now, it is fine for me and fine for you, too. I hope .

Integrate with struts2 and spring

 This post will describe how to do integrate with struts2 and spring. The only major step that needs to be done here is to override the default Struts 2.0 ObjectFactory. Changing the ObjectFactory to spring give control to spring framework to instantiate action instances etc. Most of the code is from the previous post, but I will list only the additional changes here.

1. Changing the default Object factory: In order to change the Ojbect factory to Spring, you have to add a declaration in the struts.properties file.

 

struts.objectFactory = spring struts.devMode = true struts.enable.DynamicMethodInvocation = false

 

src/struts.properties

1. The Action class: Here is the code for the action class

 

package actions;

 

import java.util.List;

import business.BusinessInterface;

import com.opensymphony.xwork2.ActionSupport;

 

public class SearchAction extends ActionSupport {

      private BusinessInterface businessInterface;

      private String minSalary;

      private String submit;

      private List data;

 

      public String getSubmit() {

            return submit;

      }

 

      public void setSubmit(String submit) {

            this.submit = submit;

      }

 

      public BusinessInterface getBusinessInterface() {

            return businessInterface;

      }

 

      public String execute() throws Exception {

            try {

                  long minSal = Long.parseLong(getMinSalary());

                  System.out.println(“Business Interface: “ + businessInterface

                              + “Minimum salary : “ + minSal);

                  data = businessInterface.getData(minSal);

                  System.out.println(“Data : “ + data);

            } catch (Exception e) {

                  e.printStackTrace();

            }

            return SUCCESS;

      }

 

      public void setBusinessInterface(BusinessInterface bi) {

            businessInterface = bi;

      }

 

      public String getMinSalary() {

            return minSalary;

      }

 

      public void setMinSalary(String minSalary) {

            this.minSalary = minSalary;

      }

 

      public List getData() {

            return data;

      }

 

      public void setData(List data) {

            this.data = data;

      }

}

SearchAction.java

1.  
   • The Action class here does not have access to the HttpServetRequest and HttpServletResponse. Hence the action class itself was changed to the session scope for this example (see below)
   • In order for the action class to be aware of the Http Session, the action class has to implement the ServletRequestAware interface, and define a setServletRequest method, which will be used to inject the ServletRequest into the action class.
   • The BusinessInterface property is injected by Spring framework.
2. The struts Configuration:

 

 

<!DOCTYPE struts PUBLIC      “-//Apache Software Foundation//DTD Struts Configuration 2.0//EN”      “http://struts.apache.org/dtds/struts-2.0.dtd”>

<struts>

      <package name=“Struts2Spring” namespace=“/actions”

            extends=“struts-default”>

            <action name=“search” class=“actions.SearchAction”>

                  <result>/search.jsp</result>

            </action>

      </package>

</struts>

src/struts.xml

1.  
   • The action’s class attribute has to map the id attribute of the bean defined in the spring bean factory definition.

The Spring bean factory definition

 

<?xml version=“1.0″ encoding=“UTF-8″?>

<beans xmlns=“http://www.springframework.org/schema/beans”

      xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”

      xsi:schemaLocation=“http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd”

      default-autowire=“autodetect”>

      <bean id=“dataSource”

            class=“org.apache.commons.dbcp.BasicDataSource”

            destroy-method=“close”>

            <property name=“driverClassName”>

                  <value>com.microsoft.jdbc.sqlserver.SQLServerDriver</value>

            </property>

            <property name=“url”>

                  <value>

                        jdbc:microsoft:sqlserver://WEBSERVER:1433;DatabaseName=EBOOK_TEST

                  </value>

            </property>

            <property name=“username”>

                  <value>sa</value>

            </property>

            <property name=“password”>

                  <value>sa</value>

            </property>

      </bean>

      <!– Configure DAO –>

      <bean id=“empDao” class=“data.DAO”>

            <property name=“dataSource”>

                  <ref bean=“dataSource”></ref>

            </property>

      </bean>

      <!– Configure Business Service –>

      <bean id=“businessInterface” class=“business.BusinessInterface”>

            <property name=“dao”>

                  <ref bean=“empDao”></ref>

            </property>

      </bean>

      <bean id=“actions.SearchAction” name=“search”

            class=“actions.SearchAction” scope=“session”>

            <property name=“businessInterface” ref=“businessInterface”/>

      </bean>

</beans>

 

 

WEB-INF/applicationContext.xml

1.  
   • The bean definition for the action class contains the id attribute which matches the class attribute of the action in struts.xml
   • Spring 2’s bean scope feature can be used to scope an Action instance to the session, application, or a custom scope, providing advanced customization above the default per-request scoping.

 

1. The web deployment descriptor

<?xml version=“1.0″ encoding=“UTF-8″?>

<web-app id=“WebApp_9″ version=“2.4″

      xmlns=“http://java.sun.com/xml/ns/j2ee”

      xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”

      xsi:schemaLocation=“http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd”>

      <display-name>Struts2Spring</display-name>

      <filter>

            <filter-name>struts2</filter-name>

            <filter-class>

                  org.apache.struts2.dispatcher.FilterDispatcher

            </filter-class>

      </filter>

      <filter-mapping>

            <filter-name>struts2</filter-name>

            <url-pattern>/*</url-pattern>

      </filter-mapping>

      <listener>

            <listener-class>

                  org.springframework.web.context.ContextLoaderListener

            </listener-class>

      </listener>

      <listener>

            <listener-class>

                  org.springframework.web.context.request.RequestContextListener

            </listener-class>

      </listener>

      <welcome-file-list>

            <welcome-file>index.html</welcome-file>

      </welcome-file-list>

</web-app>

 

web.xml

The only significant addition here is that of the RequestContextListener. This listener allows Spring framework, access to the HTTP session information.

 

 

 

 

spring acegi against with database

hi dude,

here I given acegi configuration with database. 

add applicationContext-acegi-security.xml into your web-inf folder.

<?xml version=“1.0″ encoding=“UTF-8″?>

<!DOCTYPE beans PUBLIC “-//SPRING//DTD BEAN//EN” “http://www.springframework.org/dtd/spring-beans.dtd”>

<beans>

 

<!– ======================== FILTER CHAIN ======================= –>

 

<bean id=“filterChainProxy”

class=“org.acegisecurity.util.FilterChainProxy”>

 

<property name=“filterInvocationDefinitionSource”>

 

<value>

CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON

 

PATTERN_TYPE_APACHE_ANT

 

 

/j_acegi_security_check*=httpSessionContextIntegrationFilter,authenticationProcessingFilter

 

 

/**/*=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor

 

 

</value>

 

</property>

 

</bean>

 

<!– ======================== AUTHENTICATION ======================= –>

 

<bean id=“httpSessionContextIntegrationFilter”

class=“org.acegisecurity.context.HttpSessionContextIntegrationFilter”>

 

</bean>

 

<bean id=“logoutFilter”

class=“org.acegisecurity.ui.logout.LogoutFilter”>

 

<constructor-arg value=“/index.jsp” />

 

<!– URL redirected to after logout –>

 

<constructor-arg>

 

<list>

 

<bean

class=“org.acegisecurity.ui.logout.SecurityContextLogoutHandler” />

 

</list>

 

</constructor-arg>

 

</bean>

 

<bean id=“authenticationProcessingFilter”

class=“org.acegisecurity.ui.webapp.AuthenticationProcessingFilter”>

 

<property name=“authenticationManager”>

 

<ref bean=“authenticationManager” />

 

</property>

 

<property name=“authenticationFailureUrl”>

 

<value>/login.jsp?login_error=1</value>

 

</property>

 

<property name=“defaultTargetUrl”>

 

<value>/</value>

 

</property>

 

<property name=“filterProcessesUrl”>

 

<value>/j_acegi_security_check</value>

 

</property>

 

</bean>

 

<bean id=“securityContextHolderAwareRequestFilter”

class=“org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter” />

 

<bean id=“anonymousProcessingFilter”

class=“org.acegisecurity.providers.anonymous.AnonymousProcessingFilter”>

 

<property name=“key”>

 

<value>foobar</value>

 

</property>

 

<property name=“userAttribute”>

 

<value>anonymousUser,ROLE_ANONYMOUS</value>

 

</property>

 

</bean>

 

<bean id=“exceptionTranslationFilter”

class=“org.acegisecurity.ui.ExceptionTranslationFilter”>

 

<property name=“authenticationEntryPoint”>

 

<ref local=“authenticationProcessingFilterEntryPoint” />

 

</property>

 

<property name=“accessDeniedHandler”>

 

<bean class=“org.acegisecurity.ui.AccessDeniedHandlerImpl”>

 

<property name=“errorPage” value=“/accessDenied.jsp” />

 

</bean>

 

</property>

 

</bean>

 

 

<!– Note the order that entries are placed against the objectDefinitionSource is critical.

The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.

 

Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last –>

 

 

 

<bean id=“filterInvocationInterceptor”

class=“org.acegisecurity.intercept.web.FilterSecurityInterceptor”>

 

<property name=“authenticationManager”>

 

<ref bean=“authenticationManager” />

 

</property>

 

<property name=“accessDecisionManager”>

 

<ref local=“httpRequestAccessDecisionManager” />

 

</property>

 

<property name=“objectDefinitionSource”>

 

<value>

PATTERN_TYPE_APACHE_ANT

 

/index.jsp=ROLE_ADMIN,ROLE_TECHNICIAN

 

/order/createOrder.jsp=ROLE_TECHNICIAN

 

/order/authorizeOrder.jsp=ROLE_ADMIN

 

/login.jsp=ROLE_ANONYMOUS,ROLE_TECHNICIAN,ROLE_ADMIN

 

 

</value>

 

</property>

 

</bean>

 

 

<!– =================Custom filterInvocationInterceptor implementation starts here ==================–>

 

<!–bean id=”filterInvocationInterceptor”

class=”org.acegisecurity.intercept.web.FilterSecurityInterceptor”>

 

<property name=”authenticationManager”>

 

<ref bean=”authenticationManager” />

 

</property>

 

<property name=”accessDecisionManager”>

 

<ref local=”httpRequestAccessDecisionManager” />

 

</property>

 

<property name=”objectDefinitionSource”>

 

<ref local=”dbdrivenFilterInvocationDefinitionSource” />

 

</property>

 

</bean>

 

 

<bean id=”dbdrivenFilterInvocationDefinitionSource”

 

class=”com.abc.security.authorization.DatabaseDrivenFilterInvocationDefinitionSource”>

 

<property name=”authorizationService”>

 

<ref local=”authorizationService” />

 

</property>

 

</bean>

 

 

<bean id=”authorizationService”

 

class=”com.abc.security.authorization.service.AuthorizationServiceImpl”>

 

<property name=”authDAO”>

 

<ref local=”authDAO” />

 

</property>

 

</bean>

 

<bean id=”authDAO”

 

class=”com.abc.security.authorization.dao.AuthorizationDAOImpl” /–>

 

 

 

<!– ==================Custom filterInvocationInterceptor implementation ends here ==================–>

 

 

<bean id=“authenticationManager”

class=“org.acegisecurity.providers.ProviderManager”>

 

<property name=“providers”>

 

<list>

 

<ref local=“daoAuthenticationProvider” />

 

<ref local=“anonymousAuthenticationProvider” />

 

</list>

 

</property>

 

</bean>

 

<bean id=“daoAuthenticationProvider”

class=“org.acegisecurity.providers.dao.DaoAuthenticationProvider”>

 

<property name=“userDetailsService” ref=“jdbcDaoImpl” />

 

<!– <property name=”userCache”>

<bean

 

class=”org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache”>

 

<property name=”cache”>

 

<bean

 

class=”org.springframework.cache.ehcache.EhCacheFactoryBean”>

 

<property name=”cacheManager”>

 

<bean

 

class=”org.springframework.cache.ehcache.EhCacheManagerFactoryBean” />

 

</property>

 

<property name=”cacheName” value=”userCache” />

 

</bean>

 

</property>

 

</bean>

 

</property> –>

 

 

</bean>

 

<!– ==================Custom AuthenticationProvider implementation begins here ==================–>

 

<!–bean id=”daoAuthenticationProvider”

class=”com.abc.security.authentication.ABCSecurityAuthenticationProvider”>

 

<property name=”authenticationService”>

 

<ref local=”userAuthenticationService” />

 

</property>

 

</bean>

 

 

<bean id=”userAuthenticationService”

 

class=”com.abc.security.authentication.service.UserAuthenticationServiceImpl”>

 

<property name=”authenticationDAO”>

 

<ref local=”userAuthenticationDAO” />

 

</property>

 

</bean>

 

 

<bean id=”userAuthenticationDAO”

 

class=”com.abc.security.authentication.dao.UserAuthenticationDAOImpl” /–>

 

 

<!– ==================Custom AuthenticationProvider implementation ends here ==================–>

 

 

<bean id=“userDetailsService”

class=“org.acegisecurity.userdetails.memory.InMemoryDaoImpl”>

 

<property name=“userProperties”>

 

<bean

class=“org.springframework.beans.factory.config.PropertiesFactoryBean”>

 

<property name=“location” value=“/WEB-INF/users.properties” />

 

</bean>

 

</property>

 

</bean>

 

<bean id=“anonymousAuthenticationProvider”

class=“org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider”>

 

<property name=“key”>

 

<value>foobar</value>

 

</property>

 

</bean>

 

<!– Automatically receives AuthenticationEvent messages –>

 

<bean id=“loggerListener”

class=“org.acegisecurity.event.authentication.LoggerListener” />

 

<!– ===================== HTTP REQUEST SECURITY ==================== –>

 

<bean id=“authenticationProcessingFilterEntryPoint”

class=“org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint”>

 

<property name=“loginFormUrl”>

 

<value>/login.jsp</value>

 

</property>

 

<property name=“forceHttps”>

 

<value>false</value>

 

</property>

 

</bean>

 

<bean id=“httpRequestAccessDecisionManager”

class=“org.acegisecurity.vote.AffirmativeBased”>

 

<property name=“allowIfAllAbstainDecisions”>

 

<value>false</value>

 

</property>

 

<property name=“decisionVoters”>

 

<list>

 

<ref bean=“roleVoter” />

 

</list>

 

</property>

 

</bean>

 

<bean id=“roleVoter” class=“org.acegisecurity.vote.RoleVoter” />

 

 

 

 

<!– datasource configuration begins here –>

 

 

<bean id=“dataSource”

class=“org.springframework.jdbc.datasource.DriverManagerDataSource”>

 

<property name=“driverClassName”>

 

<value>sun.jdbc.odbc.JdbcOdbcDriver</value>

 

</property>

 

<property name=“url”>

 

<value>jdbc:odbc:sqlserver</value>

 

</property>

 

<property name=“username”>

 

<value>sa</value>

 

</property>

 

<property name=“password”>

 

<value>sa</value>

 

</property>

 

</bean>

 

 

 

 

<bean id=“jdbcDaoImpl”

class=“org.acegisecurity.userdetails.jdbc.JdbcDaoImpl”>

<property name=“dataSource”>

<ref bean=“dataSource” />

</property>

<property name=“usersByUsernameQuery”>

<value>

select username,password, 1 as enabled from users where

username=?

</value>

</property>

<property name=“authoritiesByUsernameQuery”>

<value>

select username,rolename from users where username=?

</value>

</property>

</bean>

 

<!– datasource configuration end here –>

</beans>