From 0cad89b645859f0ce9df06542ff58e8f3126cc23 Mon Sep 17 00:00:00 2001
From: Fernando Bellas Permuy <fbellas@udc.es>
Date: Thu, 19 Nov 2009 14:53:59 +0100
Subject: [PATCH] ItEr35S11ArquitecturaServidorItEr34S11: First version of the
 authentication system.

It uses a basic integration with Spring Security to provide authentication to thhe Web application (Web services are not protected yet). Currently, two in-memory users have been created: "user" (with password "user") and "admin" (with password "admin"). The first one can access any page except the folder "Administration" and its contents. The last one can access any page.
---
 navalplanner-webapp/pom.xml                   | 18 +++++
 ...lplanner-webapp-spring-security-config.xml | 38 +++++++++++
 .../src/main/webapp/WEB-INF/web.xml           | 18 ++++-
 .../src/main/webapp/WEB-INF/zk.xml            | 13 ++++
 .../main/webapp/common/layout/login_v01.zul   | 22 +++++--
 .../main/webapp/common/layout/template.zul    |  2 +-
 pom.xml                                       | 66 +++++++++++++++++++
 7 files changed, 171 insertions(+), 6 deletions(-)
 create mode 100644 navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml

diff --git a/navalplanner-webapp/pom.xml b/navalplanner-webapp/pom.xml
index ee6bb8fba..e1f8ba15e 100644
--- a/navalplanner-webapp/pom.xml
+++ b/navalplanner-webapp/pom.xml
@@ -64,6 +64,24 @@
             <groupId>org.springframework</groupId>
             <artifactId>spring-test</artifactId>
         </dependency>
+        <!--  Spring security -->
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-acl</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core-tiger</artifactId>
+        </dependency>
+        <!--  AspectJ (required by Spring Security) -->
+        <dependency>
+            <groupId>org.aspectj</groupId>
+            <artifactId>aspectjrt</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.beanshell</groupId>
             <artifactId>bsh</artifactId>
diff --git a/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml b/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml
new file mode 100644
index 000000000..cae179236
--- /dev/null
+++ b/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+    xmlns:beans="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
+
+    <global-method-security secured-annotations="enabled"/>
+
+    <http auto-config="true" >
+
+        <!-- Web services -->
+        <intercept-url pattern="/ws/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+
+        <!--  Web application -->
+        <intercept-url pattern="/common/img/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+        <intercept-url pattern="/common/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+        <intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+        <intercept-url pattern="/common/layout/login_v01.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+        <intercept-url pattern="/advance/**" access="ROLE_ADMIN" />
+        <intercept-url pattern="/resources/criterions/**" access="ROLE_ADMIN" />
+        <intercept-url pattern="/calendars/**" access="ROLE_ADMIN" />
+        <intercept-url pattern="/labels/**" access="ROLE_ADMIN" />
+        <intercept-url pattern="/common/configuration.zul" access="ROLE_ADMIN" />
+        <intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED" />
+        <form-login login-page="/common/layout/login_v01.zul" authentication-failure-url="/common/layout/login_v01.zul?login_error=x"/>
+
+    </http>
+
+    <authentication-provider>
+        <user-service>
+            <user name="user" password="user" authorities="ROLE_BASIC_USER" />
+            <user name="admin" password="admin" authorities="ROLE_ADMIN, ROLE_BASIC_USER" />
+        </user-service>
+    </authentication-provider>
+
+</beans:beans>
diff --git a/navalplanner-webapp/src/main/webapp/WEB-INF/web.xml b/navalplanner-webapp/src/main/webapp/WEB-INF/web.xml
index f265c7170..90773ac82 100644
--- a/navalplanner-webapp/src/main/webapp/WEB-INF/web.xml
+++ b/navalplanner-webapp/src/main/webapp/WEB-INF/web.xml
@@ -14,7 +14,12 @@
     -->
     <context-param>
         <param-name>contextConfigLocation</param-name>
-        <param-value>classpath*:/navalplanner-business-spring-config.xml classpath:/navalplanner-webapp-spring-config.xml classpath*:/navalplanner-override-spring-config.xml</param-value>
+        <param-value>
+            classpath*:/navalplanner-business-spring-config.xml
+            classpath:/navalplanner-webapp-spring-config.xml
+            classpath*:/navalplanner-override-spring-config.xml
+            classpath:/navalplanner-webapp-spring-security-config.xml
+        </param-value>
     </context-param>
 
 
@@ -41,6 +46,17 @@
     </servlet-mapping>
     <!-- /// -->
 
+    <!-- Spring security -->
+    <filter>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
     <!-- //// -->
     <!-- ZK -->
     <listener>
diff --git a/navalplanner-webapp/src/main/webapp/WEB-INF/zk.xml b/navalplanner-webapp/src/main/webapp/WEB-INF/zk.xml
index 0dc63a480..f6c990169 100644
--- a/navalplanner-webapp/src/main/webapp/WEB-INF/zk.xml
+++ b/navalplanner-webapp/src/main/webapp/WEB-INF/zk.xml
@@ -8,4 +8,17 @@
         <location>/common/event_error.zul</location>
     </error-page>
 
+    <!--  Spring Security -->
+    <listener>
+	   <description>ThreadLocal Synchronization Listener</description>
+	   <listener-class>org.zkoss.zkplus.util.ThreadLocalListener</listener-class>
+    </listener>
+
+	<preference>
+		<name>ThreadLocal</name>
+		<value>
+			org.springframework.security.context.ThreadLocalSecurityContextHolderStrategy=contextHolder
+		</value>
+	</preference>
+
 </zk>
diff --git a/navalplanner-webapp/src/main/webapp/common/layout/login_v01.zul b/navalplanner-webapp/src/main/webapp/common/layout/login_v01.zul
index 5faefed9c..b16f6b679 100644
--- a/navalplanner-webapp/src/main/webapp/common/layout/login_v01.zul
+++ b/navalplanner-webapp/src/main/webapp/common/layout/login_v01.zul
@@ -24,7 +24,7 @@
 <div xmlns:n="http://www.zkoss.org/2005/zk/native">
 <n:table width="850" border="0" align="center" cellpadding="0" cellspacing="0">
   <n:tr>
-    <n:td background="img/flechitas.gif"></n:td>
+    <n:td background="/navalplanner-webapp/common/img/flechitas.gif"></n:td>
   </n:tr>
 </n:table>
 <n:table width="850" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
@@ -37,6 +37,17 @@
     <n:td class="identificacion">${i18n:_('AUTHENTICATE')}</n:td>
   </n:tr>
 </n:table>
+
+<html if="${not empty param.login_error}">
+  <![CDATA[
+  <div class="message_ERROR">
+    ${i18n:_('Incorrect authentication')}
+  </div>
+  ]]>
+</html>
+
+<n:form action="/navalplanner-webapp/j_spring_security_check" method="POST">
+
 <n:table width="850" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" class="fondo_identificacion">
   <n:tr>
     <n:td height="165" valign="top"><n:table width="450" border="0" align="center" cellpadding="0" cellspacing="0">
@@ -49,7 +60,7 @@
         <n:tr>
           <n:td><n:label> </n:label>
               <n:div align="center">
-                <n:input name="textfield" type="text" class="campotexto" id="textfield" size="30" />
+                <n:input name="j_username" type="text" class="campotexto" id="textfield" size="30" />
             </n:div></n:td>
         </n:tr>
         <n:tr>
@@ -57,7 +68,7 @@
         </n:tr>
         <n:tr>
           <n:td><n:div align="center">
-              <n:input name="textfield2" type="password" class="campotexto" id="textfield2" size="30" />
+              <n:input name="j_password" type="password" class="campotexto" id="textfield2" size="30" />
           </n:div></n:td>
         </n:tr>
         <n:tr>
@@ -72,9 +83,12 @@
     </n:table></n:td>
   </n:tr>
 </n:table>
+
+</n:form>
+
 <n:table width="850" border="0" align="center" cellpadding="0" cellspacing="0" class="tabla_inferior">
   <n:tr>
-    <n:td height="40" background="img/linea_pie_login.gif"></n:td>
+    <n:td height="40" background="/navalplanner-webapp/common/img/linea_pie_login.gif"></n:td>
   </n:tr>
   <n:tr>
     <n:td></n:td>
diff --git a/navalplanner-webapp/src/main/webapp/common/layout/template.zul b/navalplanner-webapp/src/main/webapp/common/layout/template.zul
index e1af69cff..5ab3278ed 100644
--- a/navalplanner-webapp/src/main/webapp/common/layout/template.zul
+++ b/navalplanner-webapp/src/main/webapp/common/layout/template.zul
@@ -37,7 +37,7 @@
           <n:td height="20" align="right"><n:table border="0" cellspacing="0" cellpadding="0">
             <n:tr>
               <n:td class="usuario">${i18n:_('user: admin')}</n:td>
-              <n:td><n:a href="/navalplanner-webapp/common/layout/login_v01.zul" class="cerrar_sesion">${i18n:_('SIGN OUT')}</n:a></n:td>
+              <n:td><n:a href="/navalplanner-webapp/j_spring_security_logout" class="cerrar_sesion">${i18n:_('SIGN OUT')}</n:a></n:td>
             <n:td><n:a href="https://naval.igalia.com/fileadmin/templates/doc/index.html"><n:img src="/navalplanner-webapp/common/img/axuda.gif" alt="Axuda" width="23" height="24" border="0" /></n:a></n:td>
             </n:tr>
           </n:table></n:td>
diff --git a/pom.xml b/pom.xml
index defa07a75..5d7808c69 100644
--- a/pom.xml
+++ b/pom.xml
@@ -261,6 +261,72 @@
                 <artifactId>spring-test</artifactId>
                 <version>2.5.6</version>
                 <scope>test</scope>
+            </dependency>
+             <!--  Spring security -->
+            <dependency>
+                <groupId>org.springframework.security</groupId>
+                <artifactId>spring-security-core</artifactId>
+                <version>2.0.5.RELEASE</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-core</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-beans</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-context</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-aop</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-support</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework.security</groupId>
+                <artifactId>spring-security-acl</artifactId>
+                <version>2.0.5.RELEASE</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-core</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-beans</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-context</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-dao</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-jdbc</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework.security</groupId>
+                <artifactId>spring-security-core-tiger</artifactId>
+                <version>2.0.5.RELEASE</version>
+            </dependency>
+            <!--  AspectJ (required by Spring Security) -->
+            <dependency>
+                <groupId>org.aspectj</groupId>
+                <artifactId>aspectjrt</artifactId>
+                <version>1.5.4</version>
             </dependency>
             <dependency>
                 <groupId>net.sf.json-lib</groupId>