Enhance tutorial to also demonstrate Spring Security method

authorization, and add a services layer accordingly.
2007-12-14 02:26:27 +00:00 · 2007-12-14 02:26:27 +00:00 · 77d286c36f
parent fa510b3187
commit 77d286c36f
4 changed files with 46 additions and 12 deletions
--- a/samples/tutorial/pom.xml
+++ b/samples/tutorial/pom.xml
@ -11,15 +11,25 @@
    <name>Spring Security - Tutorial sample</name>
    <packaging>war</packaging>
    <dependencies>
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-core</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-web</artifactId>
-        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core-tiger</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-webmvc</artifactId>
+	        <version>${spring.version}</version>
+        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-jdbc</artifactId>
--- a/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security-ns.xml
+++ b/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security-ns.xml
@ -12,9 +12,15 @@
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">

+	<annotation-driven/>
+
    <http auto-config="true">
        <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
        <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
+		<!-- Disable web URI authorization, as we're using <annotation-driven> and have @Secured the services layer instead
+        <intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />
+        <intercept-url pattern="/post.html" access="ROLE_TELLER" /> 
+        -->
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

 		<!-- All of this is unnecessary if auto-config="true"
@ -32,8 +38,8 @@

 	<repository>
 	    <user-service hash="md5-hex">
-	        <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR,ROLE_USER" /> <!--  koala -->
-	        <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER" /> <!--  emu -->
+	        <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR,ROLE_USER,ROLE_TELLER" /> <!--  koala -->
+	        <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" /> <!--  emu -->
 	        <user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" /> <!--  wombat -->
 	        <user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" /> <!--  opal -->
 	    </user-service>
--- a/samples/tutorial/src/main/webapp/WEB-INF/web.xml
+++ b/samples/tutorial/src/main/webapp/WEB-INF/web.xml
@ -11,7 +11,7 @@

 <web-app>

-    <display-name>Acegi Security Tutorial Application</display-name>
+    <display-name>Spring Security Tutorial Application</display-name>

 	<!--
 	  - Location of the XML file that defines the root application context
@ -20,6 +20,7 @@
 	<context-param>
 		<param-name>contextConfigLocation</param-name>
 		<param-value>
+			classpath:applicationContext-business.xml
 			/WEB-INF/applicationContext-security-ns.xml
 		</param-value>
 	</context-param>
@ -50,6 +51,20 @@
    <listener>
      <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
    </listener>
+
+  <!--
+	- Provides core MVC application controller. See contacts-servlet.xml.
+    -->
+	<servlet>
+		<servlet-name>bank</servlet-name>
+		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+		<load-on-startup>1</load-on-startup>
+	</servlet>
+
+	<servlet-mapping>
+    	<servlet-name>bank</servlet-name>
+    	<url-pattern>*.html</url-pattern>
+ 	</servlet-mapping>

     <welcome-file-list>
 		<welcome-file>index.jsp</welcome-file>
--- a/samples/tutorial/src/main/webapp/index.jsp
+++ b/samples/tutorial/src/main/webapp/index.jsp
@ -3,6 +3,9 @@
 <h1>Home Page</h1>
 Anyone can view this page.<br><br>

+If you're logged in, you can <a href="listAccounts.html">list accounts</a>.<br><br>
+
+
 Your principal object is....: <%= request.getUserPrincipal() %><br><br>

 <p><a href="secure/index.jsp">Secure page</a>