<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>JSFSpringNoSecurityWebApp</display-name>
<!-- Spring configuration file location -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-business.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<!-- Let Spring handle all requests coming to the web application through this filter. -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<!-- All the requests to be handled by the above filter -->
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- To start/stop Spring framework automatically. -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
</web-app>
newly added applicationContext-security.xml
other files remain the same...
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!-- Method based security -->
<global-method-security>
<protect-pointcut access="ROLE_SPECIAL_USER"
expression="execution(* org.swview.springsecuritytestapp.logic.Calculator.add(..))"/>
<protect-pointcut access="ROLE_GENERAL_USER"
expression="execution(* org.swview.springsecuritytestapp.logic.Calculator.subtract(..))"/>
</global-method-security>
<!-- URL pattern based security -->
<http auto-config="true">
<intercept-url pattern="/**" access="ROLE_GENERAL_USER, ROLE_SPECIAL_USER" />
</http>
<!--
Usernames/Passwords are
kamal/swview
test/spring
-->
<authentication-manager>
<authentication-provider>
<password-encoder hash="md5"/>
<user-service>
<user name="kamal"
password="65dc70650690999922d7dcd99dbd4033" authorities="ROLE_SPECIAL_USER" />
<user name="test"
password="2a2d595e6ed9a0b24f027f2b63b134d6" authorities="ROLE_GENERAL_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!-- Method based security -->
<global-method-security>
<protect-pointcut access="ROLE_SPECIAL_USER"
expression="execution(* org.swview.springsecuritytestapp.logic.Calculator.add(..))"/>
<protect-pointcut access="ROLE_GENERAL_USER"
expression="execution(* org.swview.springsecuritytestapp.logic.Calculator.subtract(..))"/>
</global-method-security>
<!-- URL pattern based security -->
<http auto-config="true">
<intercept-url pattern="/**" access="ROLE_GENERAL_USER, ROLE_SPECIAL_USER" />
</http>
<!--
Usernames/Passwords are
kamal/swview
test/spring
-->
<authentication-manager>
<authentication-provider>
<password-encoder hash="md5"/>
<user-service>
<user name="kamal"
password="65dc70650690999922d7dcd99dbd4033" authorities="ROLE_SPECIAL_USER" />
<user name="test"
password="2a2d595e6ed9a0b24f027f2b63b134d6" authorities="ROLE_GENERAL_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
other files remain the same...
]]>
Sample applications were developed and deployed in the environment described below:
- JDK 1.6.11
- JBoss Application Server 5.1.0
- Spring Framework 3.0.3
- Spring Security 3.0.3
- Eclipse IDE 3.5 (Galileo)
- JavaServer Faces 1.2 (JSF) – No separate implementations were used other than what's found with JBoss 5.1.0
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>JSFSpringNoSecurityWebApp</display-name>
<!-- Spring configuration file location -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-business.xml
</param-value>
</context-param>
<!-- To start/stop Spring framework automatically. -->
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
</web-app> Spring config - applicationContext-business.xml:<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<bean id="calculatorBean" class="org.swview.springsecuritytestapp.logic.CalculatorIpml">
</bean>
</beans>JSF config - faces-config.xml<?xml version="1.0" encoding="UTF-8"?>
<faces-config
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-facesconfig_1_2.xsd"
version="1.2">
<application>
<el-resolver>
org.springframework.web.jsf.el.SpringBeanFacesELResolver
</el-resolver>
</application>
<managed-bean>
<managed-bean-name>calculatorController</managed-bean-name>
<managed-bean-class>
org.swview.springsecuritytestapp.jsf.CalculatorController
</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
<managed-property>
<property-name>calculator</property-name>
<value>#{calculatorBean}</value>
</managed-property>
</managed-bean>
</faces-config>
page file - calculator.jsp file
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="f" uri="http://java.sun.com/jsf/core"%>
<%@ taglib prefix="h" uri="http://java.sun.com/jsf/html"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Calculator</title>
</head>
<body>
<f:view>
<h:form>
<h:panelGrid border="1" columns="3">
<h:outputLabel value="Number 1:"></h:outputLabel>
<h:inputText value="#{calculatorController.number1}" id="number1Field">
<f:convertNumber />
</h:inputText>
<h:message for="number1Field"></h:message>
<h:outputText value="Number 2:"></h:outputText>
<h:inputText value="#{calculatorController.number2}" id="number2Field">
<f:convertNumber />
</h:inputText>
<h:message for="number2Field"></h:message>
<h:outputLabel value="Sum:"></h:outputLabel>
<h:outputLabel value="#{calculatorController.results}"></h:outputLabel>
</h:panelGrid>
<h:commandButton value="Add Again"
action="#{calculatorController.add}"></h:commandButton>
</h:form>
</f:view>
</body>
</html>Controller:
package org.swview.springsecuritytestapp.jsf;
import org.swview.springsecuritytestapp.logic.Calculator;
public class CalculatorController {
private double number1;
private double number2;
private double results;
private Calculator calculator;
public void setCalculator(Calculator calculator) {
this.calculator = calculator;
}
public double getNumber1() {
return number1;
}
public void setNumber1(double number1) {
this.number1 = number1;
}
public double getNumber2() {
return number2;
}
public void setNumber2(double number2) {
this.number2 = number2;
}
public double getResults() {
return results;
}
public void setResults(double results) {
this.results = results;
}
public String add() {
results = calculator.add(number1, number2);
return "success";
}
}
Spring bean implementationpackage org.swview.springsecuritytestapp.logic;
public class CalculatorIpml implements Calculator {
public double add(double a, double b) {
return a + b;
}
public double subtract(double a, double b) {
return a - b;
}
}---testing.. to be continue
]]>