ItEr35S11ArquitecturaServidorItEr34S11: First version of the authentication system.

It uses a basic integration with Spring Security to provide authentication to thhe Web application (Web services are not protected yet). Currently, two in-memory users have been created: "user" (with password "user") and "admin" (with password "admin"). The first one can access any page except the folder "Administration" and its contents. The last one can access any page.
2009-11-19 14:53:59 +01:00 · 2009-11-19 14:53:59 +01:00 · 0cad89b645
commit 0cad89b645
parent 60b32e852c
7 changed files with 171 additions and 6 deletions
--- a/navalplanner-webapp/pom.xml
+++ b/navalplanner-webapp/pom.xml
@ -64,6 +64,24 @@
            <groupId>org.springframework</groupId>
            <artifactId>spring-test</artifactId>
        </dependency>
+        <!--  Spring security -->
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-acl</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core-tiger</artifactId>
+        </dependency>
+        <!--  AspectJ (required by Spring Security) -->
+        <dependency>
+            <groupId>org.aspectj</groupId>
+            <artifactId>aspectjrt</artifactId>
+        </dependency>
        <dependency>
            <groupId>org.beanshell</groupId>
            <artifactId>bsh</artifactId>
--- a/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml
+++ b/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml
@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+    xmlns:beans="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
+
+    <global-method-security secured-annotations="enabled"/>
+
+    <http auto-config="true" >
+
+        <!-- Web services -->
+        <intercept-url pattern="/ws/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+
+        <!--  Web application -->
+        <intercept-url pattern="/common/img/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+        <intercept-url pattern="/common/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+        <intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+        <intercept-url pattern="/common/layout/login_v01.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+        <intercept-url pattern="/advance/**" access="ROLE_ADMIN" />
+        <intercept-url pattern="/resources/criterions/**" access="ROLE_ADMIN" />
+        <intercept-url pattern="/calendars/**" access="ROLE_ADMIN" />
+        <intercept-url pattern="/labels/**" access="ROLE_ADMIN" />
+        <intercept-url pattern="/common/configuration.zul" access="ROLE_ADMIN" />
+        <intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED" />
+        <form-login login-page="/common/layout/login_v01.zul" authentication-failure-url="/common/layout/login_v01.zul?login_error=x"/>
+
+    </http>
+
+    <authentication-provider>
+        <user-service>
+            <user name="user" password="user" authorities="ROLE_BASIC_USER" />
+            <user name="admin" password="admin" authorities="ROLE_ADMIN, ROLE_BASIC_USER" />
+        </user-service>
+    </authentication-provider>
+
+</beans:beans>
--- a/navalplanner-webapp/src/main/webapp/WEB-INF/web.xml
+++ b/navalplanner-webapp/src/main/webapp/WEB-INF/web.xml
@ -14,7 +14,12 @@
    -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
-        <param-value>classpath*:/navalplanner-business-spring-config.xml classpath:/navalplanner-webapp-spring-config.xml classpath*:/navalplanner-override-spring-config.xml</param-value>
+        <param-value>
+            classpath*:/navalplanner-business-spring-config.xml
+            classpath:/navalplanner-webapp-spring-config.xml
+            classpath*:/navalplanner-override-spring-config.xml
+            classpath:/navalplanner-webapp-spring-security-config.xml
+        </param-value>
    </context-param>


@ -41,6 +46,17 @@
    </servlet-mapping>
    <!-- /// -->

+    <!-- Spring security -->
+    <filter>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
    <!-- //// -->
    <!-- ZK -->
    <listener>
--- a/navalplanner-webapp/src/main/webapp/WEB-INF/zk.xml
+++ b/navalplanner-webapp/src/main/webapp/WEB-INF/zk.xml
@ -8,4 +8,17 @@
        <location>/common/event_error.zul</location>
    </error-page>

+    <!--  Spring Security -->
+    <listener>
+	   <description>ThreadLocal Synchronization Listener</description>
+	   <listener-class>org.zkoss.zkplus.util.ThreadLocalListener</listener-class>
+    </listener>
+
+	<preference>
+		<name>ThreadLocal</name>
+		<value>
+			org.springframework.security.context.ThreadLocalSecurityContextHolderStrategy=contextHolder
+		</value>
+	</preference>
+
 </zk>
--- a/navalplanner-webapp/src/main/webapp/common/layout/login_v01.zul
+++ b/navalplanner-webapp/src/main/webapp/common/layout/login_v01.zul
@ -24,7 +24,7 @@
 <div xmlns:n="http://www.zkoss.org/2005/zk/native">
 <n:table width="850" border="0" align="center" cellpadding="0" cellspacing="0">
  <n:tr>
-    <n:td background="img/flechitas.gif"></n:td>
+    <n:td background="/navalplanner-webapp/common/img/flechitas.gif"></n:td>
  </n:tr>
 </n:table>
 <n:table width="850" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
@ -37,6 +37,17 @@
    <n:td class="identificacion">${i18n:_('AUTHENTICATE')}</n:td>
  </n:tr>
 </n:table>
+
+<html if="${not empty param.login_error}">
+  <![CDATA[
+  <div class="message_ERROR">
+    ${i18n:_('Incorrect authentication')}
+  </div>
+  ]]>
+</html>
+
+<n:form action="/navalplanner-webapp/j_spring_security_check" method="POST">
+
 <n:table width="850" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" class="fondo_identificacion">
  <n:tr>
    <n:td height="165" valign="top"><n:table width="450" border="0" align="center" cellpadding="0" cellspacing="0">
@ -49,7 +60,7 @@
        <n:tr>
          <n:td><n:label> </n:label>
              <n:div align="center">
-                <n:input name="textfield" type="text" class="campotexto" id="textfield" size="30" />
+                <n:input name="j_username" type="text" class="campotexto" id="textfield" size="30" />
            </n:div></n:td>
        </n:tr>
        <n:tr>
@ -57,7 +68,7 @@
        </n:tr>
        <n:tr>
          <n:td><n:div align="center">
-              <n:input name="textfield2" type="password" class="campotexto" id="textfield2" size="30" />
+              <n:input name="j_password" type="password" class="campotexto" id="textfield2" size="30" />
          </n:div></n:td>
        </n:tr>
        <n:tr>
@ -72,9 +83,12 @@
    </n:table></n:td>
  </n:tr>
 </n:table>
+
+</n:form>
+
 <n:table width="850" border="0" align="center" cellpadding="0" cellspacing="0" class="tabla_inferior">
  <n:tr>
-    <n:td height="40" background="img/linea_pie_login.gif"></n:td>
+    <n:td height="40" background="/navalplanner-webapp/common/img/linea_pie_login.gif"></n:td>
  </n:tr>
  <n:tr>
    <n:td></n:td>
--- a/navalplanner-webapp/src/main/webapp/common/layout/template.zul
+++ b/navalplanner-webapp/src/main/webapp/common/layout/template.zul
@ -37,7 +37,7 @@
          <n:td height="20" align="right"><n:table border="0" cellspacing="0" cellpadding="0">
            <n:tr>
              <n:td class="usuario">${i18n:_('user: admin')}</n:td>
-              <n:td><n:a href="/navalplanner-webapp/common/layout/login_v01.zul" class="cerrar_sesion">${i18n:_('SIGN OUT')}</n:a></n:td>
+              <n:td><n:a href="/navalplanner-webapp/j_spring_security_logout" class="cerrar_sesion">${i18n:_('SIGN OUT')}</n:a></n:td>
            <n:td><n:a href="https://naval.igalia.com/fileadmin/templates/doc/index.html"><n:img src="/navalplanner-webapp/common/img/axuda.gif" alt="Axuda" width="23" height="24" border="0" /></n:a></n:td>
            </n:tr>
          </n:table></n:td>
--- a/pom.xml
+++ b/pom.xml
@ -261,6 +261,72 @@
                <artifactId>spring-test</artifactId>
                <version>2.5.6</version>
                <scope>test</scope>
+            </dependency>
+             <!--  Spring security -->
+            <dependency>
+                <groupId>org.springframework.security</groupId>
+                <artifactId>spring-security-core</artifactId>
+                <version>2.0.5.RELEASE</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-core</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-beans</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-context</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-aop</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-support</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework.security</groupId>
+                <artifactId>spring-security-acl</artifactId>
+                <version>2.0.5.RELEASE</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-core</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-beans</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-context</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-dao</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-jdbc</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework.security</groupId>
+                <artifactId>spring-security-core-tiger</artifactId>
+                <version>2.0.5.RELEASE</version>
+            </dependency>
+            <!--  AspectJ (required by Spring Security) -->
+            <dependency>
+                <groupId>org.aspectj</groupId>
+                <artifactId>aspectjrt</artifactId>
+                <version>1.5.4</version>
            </dependency>
            <dependency>
                <groupId>net.sf.json-lib</groupId>