spring security authentication and authorization using database
Question
My web application is using spring security for authentication and authorization based on database. I have configured this like: This is my web.xml file which i introduced applicationContext.xml and applicationContext- security.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>Struts2Example14</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
this is my applicationContextSecurity.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="oracle.jdbc.driver.OracleDriver"/>
<property name="url" value="jdbc:oracle:thin:@10.60.2.4:1521:agribase"/>
<property name="username" value="sabka"/>
<property name="password" value="sabka"/>
</bean>
<sec:http use-expressions="true">
<sec:intercept-url pattern="/secured/**" access="ROLE_USER"/>
<sec:intercept-url pattern="/admin/*" access="ROLE_ADMIN"/>
<sec:form-login login-page="/jsp/homePage.jsp"
authentication-failure-url="/jsp/homePage.jsp"
default-target-url="/jsp/homePage.jsp"/>
</sec:http>
<sec:authentication-manager>
<sec:authentication-provider>
<sec:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="
SELECT username,password, enabled FROM users WHERE username=?"
authorities-by-username-query="
SELECT u.username, ur.authority
FROM users u, user_roles ur WHERE u.user_id = ur.user_id AND u.username=?"/>
</sec:authentication-provider>
</sec:authentication-manager>
</beans>
when I run It it eclipse this error appears:
Unexpected exception parsing XML document from ServletContext resource [/WEB- INF/applicationContext-security.xml];
nested exception is org.springframework.beans.BeanInstantiationException:Could not instantiate bean class
[org.springframework.security.config.SecurityNamespaceHandler]:Constructor threw exception;
nested exception is java.lang.NoClassDefFoundError: org/springframework/aop/config/AbstractInterceptorDrivenBeanDefinitionDecorator
this is my classpath:
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" path="src"/>
<classpathentry kind="src" path="WebContent/WEB-INF"/>
<classpathentry exported="true" kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.St andardVMType/jre6">
<attributes>
<attribute name="owner.project.facets" value="java"/>
</attributes>
</classpathentry>
<classpathentry exported="true" kind="con" path="org.eclipse.jst.server.core.container/org.eclipse.jst.server.tomcat.runtimeTarget/Apache Tomcat v6.0">
<attributes>
<attribute name="owner.project.facets" value="jst.web"/>
</attributes>
</classpathentry>
<classpathentry exported="true" kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
<classpathentry exported="true" kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
<classpathentry exported="true" kind="lib" path="//10.60.2.7/Sabka/lib/ojdbc14.jar"/>
<classpathentry exported="true" kind="lib" path="//10.60.2.7/Sabka/lib/ojdbc14dms.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/antlr-runtime-3.0.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/commons-fileupload-1.2.1.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/commons-io-1.3.2.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/commons-logging-1.1.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/freemarker-2.3.13.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/junit-3.8.1.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/ognl-2.6.11.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/org.springframework.asm-3.0.0.M3.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/org.springframework.beans-3.0.0.M3.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/org.springframework.context-3.0.0.M3.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/org.springframework.core-3.0.0.M3.jar"/>
2 answers
solution1
3 2013-08-13 11:53:14
This example will demonstrate the use of spring 3.2 with Spring Security 3.1 and Hibernate 4.1.9.
include following dependency in your pom.xml
<!-- spring dependency-->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>${spring.framework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>${spring.framework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.framework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.framework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.framework.version}</version>
</dependency>
<!-- START: Spring security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.version}</version>
</dependency>
<!-- END: Spring security -->
in web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml,/WEB-INF/spring/spring-security.xml</param-value>
</context-param>
<!-- START: Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- END: Spring Security -->
spring-security.xml
<http auto-config="true" access-denied-page="/denied">
<intercept-url pattern="/role1/*" access="ROLE1" />
<intercept-url pattern="/role2/*" access="ROLE2" />
<intercept-url pattern="/role3/*" access="ROLE3" />
<intercept-url pattern="/home" access="ROLE1,ROLE2,ROLE3"/>
<form-login login-page="/login" default-target-url="/home"
authentication-failure-url="/loginfailed" />
<logout
invalidate-session="true"
delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE"
logout-success-url="/index"></logout>
</http>
<beans:bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
<authentication-manager >
<authentication-provider ref="authProvider"></authentication-provider>
</authentication-manager>
<beans:bean id="authProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsServiceImpl" />
<beans:property name="passwordEncoder" ref="encoder" />
</beans:bean>
<!-- For hashing and salting user passwords -->
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
In mvc.xml
<security:global-method-security secured-annotations="enabled"/>
<bean id="userDetailsServiceImpl" class="com.service.UserDetailsServiceImpl">
<property name="sessionFactory" ref="sessionFactory"></property>
</bean>
in UserDetailsServiceImpl
@Service
@Transactional(readOnly = true)
public class UserDetailsServiceImpl implements UserDetailsService {
UserDao userDAO = new UserDaoImpl();
public UserDetails loadUserByUsername(String userName)
throws UsernameNotFoundException {
Users domainUser = userDAO.getUser(userName);
Roles role = domainUser.getRoles();
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
return new User(domainUser.getUsername(),
domainUser.getUsersPassword(), enabled, accountNonExpired,
credentialsNonExpired, accountNonLocked,
getAuthorities(role.getRoleName()));
}
public Collection<? extends GrantedAuthority> getAuthorities(String role) {
List<GrantedAuthority> authList = getGrantedAuthorities(getRoles(role));
return authList;
}
public List<String> getRoles(String role) {
List<String> roles = new ArrayList<String>();
if ("ROLE1".equals(role)) {
roles.add("ROLE1");
} else if ("ROLE2".equals(role)) {
roles.add("ROLE2");
}
else if ("ROLE3".equals(role)) {
roles.add("ROLE3");
}
return roles;
}
public static List<GrantedAuthority> getGrantedAuthorities(
List<String> roles) {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
return authorities;
}
Now you need to make one method in dao to get user pojo based on username. Then it will work fine
solution2
1 ACCPTED 2013-03-05 07:30:08
你在类路径中包含了spring aop jar文件吗?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
No Authentication and authorization using Spring Security
Spring Security 3 Active Directory Authentication, Database Authorization
Spring security Authentication with cas but Authorization with database
Spring security with AD Authentication and Database Authorization
Authorization and Authentication with Spring Security
Spring security authentication using database
How to do LDAP authentication and DataBase authorization in Spring Security
How to do LDAP authentication and database Authorization in Spring security?
Spring security authorization without authentication
Authorization using Spring Security
Related Tags