java - Spring security without spring mvc -


i trying implement spring security without using spring mvc,

below snippets

web.xml

<?xml version="1.0" encoding="utf-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"     xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"     xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_5.xsd"     id="webapp_id" version="2.5">      <display-name>cxf</display-name>         <welcome-file-list>         <welcome-file>/web-inf/dcd-html/index.jsp</welcome-file>     </welcome-file-list>      <init-param>         <param-name>javax.ws.rs.core.application</param-name>         <param-value>images</param-value>       </init-param>         <filter>         <filter-name>springsecurityfilterchain</filter-name>         <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class>     </filter>      <filter-mapping>         <filter-name>springsecurityfilterchain</filter-name>         <url-pattern>/*</url-pattern>     </filter-mapping>          <listener>         <listener-class>org.springframework.web.context.contextloaderlistener</listener-class>     </listener>          <filter>         <filter-name>cors</filter-name>         <filter-class>com.thetransactioncompany.cors.corsfilter</filter-class>         <init-param>             <param-name>cors.supportedmethods</param-name>             <param-value>get, post, head, put, delete</param-value>         </init-param>     </filter>      <filter-mapping>         <filter-name>cors</filter-name>         <url-pattern>/*</url-pattern>     </filter-mapping>       <listener>     <listener-class>         org.springframework.web.context.request.requestcontextlistener     </listener-class>    </listener>     <servlet>         <servlet-name>cxf</servlet-name>         <description>apache cxf endpoint</description>         <servlet-class>org.apache.cxf.transport.servlet.cxfservlet</servlet-class>         <load-on-startup>1</load-on-startup>     </servlet>      <servlet-mapping>         <servlet-name>cxf</servlet-name>         <url-pattern>/*</url-pattern>     </servlet-mapping>      <session-config>         <session-timeout>60</session-timeout>     </session-config>      <servlet>         <servlet-name>javax.ws.rs.core.application</servlet-name>         <load-on-startup>1</load-on-startup>     </servlet>     <servlet-mapping>         <servlet-name>javax.ws.rs.core.application</servlet-name>         <url-pattern>/images/*</url-pattern>     </servlet-mapping>       <servlet>         <servlet-name>applicationcontext</servlet-name>         <servlet-class>org.springframework.web.servlet.dispatcherservlet</servlet-class>         <init-param>             <param-name>contextconfiglocation</param-name>             <param-value>/web-inf/applicationcontext.xml</param-value>         </init-param>         <load-on-startup>1</load-on-startup>     </servlet>      <servlet-mapping>         <servlet-name>applicationcontext</servlet-name>         <url-pattern>/</url-pattern>     </servlet-mapping>  </web-app>

applicationcontext.xml

<?xml  version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans"     xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:jaxrs="http://cxf.apache.org/jaxrs"     xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context"     xmlns:jee="http://www.springframework.org/schema/jee" xmlns:lang="http://www.springframework.org/schema/lang"     xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"     xmlns:util="http://www.springframework.org/schema/util" xmlns:mail="http://www.springframework.org/schema/integration/mail"     xmlns:int="http://www.springframework.org/schema/integration"     xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd         http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd         http://cxf.apache.org/bindings/soap http://cxf.apache.org/schemas/configuration/soap.xsd          http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd          http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd         http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd         http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd         http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd         http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd         http://www.springframework.org/schema/integration/mail http://www.springframework.org/schema/tx/spring-tx-3.1.xsd             http://www.springframework.org/schema/integration/mail/spring-integration-mail-2.1.xsd">        <context:annotation-config />     <context:component-scan base-package="com.smart.city.*"></context:component-scan>      <import resource="/spring/securitycontext.xml" />  </beans>

securitycontext.xml

<?xml version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans"        xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"        xmlns:security="http://www.springframework.org/schema/security"        xmlns:context="http://www.springframework.org/schema/context"        xsi:schemalocation="            http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd            http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd  http://www.springframework.org/schema/security             http://www.springframework.org/schema/security/spring-security.xsd">  <security:http auto-config="false" use-expressions="true">       <security:intercept-url pattern="/**" access="hasrole('priv_admin')" />      <security:http-basic />       <security:form-login login-page="/login"             authentication-failure-handler-ref="loginfailurehandler"             authentication-success-handler-ref="loginsuccesshandler" />         <!-- <security:logout logout-success-url="/logout.htm" logout-url="/j_spring_security_logout"             invalidate-session="true"/> -->  </security:http>  <security:authentication-manager>      <security:authentication-provider user-service-ref="userdetailsservicetx">             <security:password-encoder ref="custompasswordencoder" />         </security:authentication-provider> </security:authentication-manager> </beans>

my problem if use login-page="/login" not getting redirected jsp, , if dont use attribute, can see spring's default log in page.

please assist.

there 2 things wrong configuration:

  1. you redirecting /login highly doubt there mapping.
  2. you have protected urls hence login page, current solution finish in redirect loop.

first change login-page property /login.jsp redirected login page. 

<security:form-login login-page="/login.jsp"         authentication-failure-handler-ref="loginfailurehandler"         authentication-success-handler-ref="loginsuccesshandler" />

secondly permit access /login.jsp prevent redirect loop.

<security:intercept-url pattern="/login.jsp" access="permitall" />

another suggestion, free of charge, aren't using spring mvc don't need dispatcherservlet, reloads beans , loading application twice.


Comments

Post a Comment

Popular posts from this blog

javascript - Google App Script ContentService downloadAsFile not working -

i have web app developed using google app script htmlservice , html form, populating excel sheet in google drive using spreadsheetapp . , 1 section calling contentservice download data excel file. function doget(e) { // read excel sheet //getappfile(); // render application html template return htmlservice.createtemplatefromfile('index').evaluate() .settitle('go smart') .setsandboxmode(htmlservice.sandboxmode.iframe); } function downloaddoublequatecsvfile() { var sheetid = propertiesservice.getscriptproperties().getproperty('sheetid'); var ss = spreadsheetapp.openbyid(sheetid).getactivesheet(); //var ss = spreadsheetapp.getactivespreadsheet().getactivesheet(); var maxcolumn = ss.getlastcolumn(); var maxrow = ss.getlastrow(); var data = ss.getrange(1, 1, maxrow, maxcolumn).getvalues(); if (data.length > 1) { var csv = ""; (var row = 0; row < data.length; row++) { (var c...
Read more

javascript - Function overwritting -

is there way overwrite function or event handling in function? using addeventlistener, can have many event handlers on element want var test=document.getelementbyid("div"); test.addeventlistener("click",function(){alert("im first");},false); test.addeventlistener("click",function(){alert("im second");},false); // alerts "im first" , after "im second" but if want overwrite function/event example based on client width example this function one() { alert("first"); } function two() { alert("second"); } window.onresize = function() { var test = document.getelementbyid("div"); if (window.innerwidth > 500) { test.onclick = 1 } else { test.onclick = two; } } is possible in javascript? in case use effective little known approach. addeventlistener can accept object property handleevent event handler. in case it's easy overwr...
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more