Acegi integration

From OpenCms Wiki
(Difference between revisions)
Jump to: navigation, search
 
 
(3 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== Integrating Spring Acegi into OpenCms to restrict access for Web Users. ==
+
Integrating Spring Acegi into OpenCms to restrict access for Web Users.
  
 +
== Spring Framework ==
 +
Spring Framework needs to be integrated before we can continue.
  
1. Spring Framework needs to be integrated before we can continue. [link to another page here]
+
== Create applicationContext-acegi-security.xml ==
 
+
<code lang="xml">
2. Crate applicationContext-acegi-security.xml
+
 
+
<code>
+
 
+
 
   <beans>
 
   <beans>
 
     <bean id="authenticationManager"
 
     <bean id="authenticationManager"
Line 14: Line 12:
 
             <list>
 
             <list>
 
                 <ref local="daoAuthenticationProvider"/>
 
                 <ref local="daoAuthenticationProvider"/>
 +
                <ref local="jdbcDaoImpl"/>
 
             </list>
 
             </list>
 
         </property>
 
         </property>
Line 39: Line 38:
 
         </property>
 
         </property>
 
         <property name="usersByUsernameQuery">
 
         <property name="usersByUsernameQuery">
             <value>SELECT user_name, user_password FROM cms_users WHERE user_name = ?
+
             <value>
 +
                SELECT user_name, user_password FROM cms_users WHERE user_name = ?
 
             </value>
 
             </value>
 
         </property>
 
         </property>
 
         <property name="authoritiesByUsernameQuery">
 
         <property name="authoritiesByUsernameQuery">
 
             <value>
 
             <value>
                 SELECT a.USER_ID AS USERNAME, ROLE_ID AS AUTHORITY FROM USER a, CMS_GROUPusers b, CMS_GROUPS c WHERE
+
                 select u.user_name, g.group_name from cms_users u,
                 b.USER_KEY = a.USER_KEY AND USER_NAME = ?
+
                cms_groups g, cms_groupusers gu
 +
                 where user_name = ? and u.user_id = gu.user_id
 +
                and gu.group_id = g.group_id
 
             </value>
 
             </value>
 
         </property>
 
         </property>
Line 67: Line 69:
 
                 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
 
                 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
 
                 PATTERN_TYPE_APACHE_ANT
 
                 PATTERN_TYPE_APACHE_ANT
                /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
+
                  /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
 
             </value>
 
             </value>
 
         </property>
 
         </property>
Line 127: Line 129:
 
           class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
 
           class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
 
     </beans>
 
     </beans>
 
 
</code>
 
</code>
  
  
3. modify opencms/WEB-INF/web.xml
+
== modify opencms/WEB-INF/web.xml ==
 
+
<code lang="xml">
<code>
+
 
     <taglib>
 
     <taglib>
 
         <taglib-uri>http://acegisecurity.org/authz</taglib-uri>
 
         <taglib-uri>http://acegisecurity.org/authz</taglib-uri>
Line 185: Line 185:
 
</code>
 
</code>
  
4. create acegilogin.jsp in opencms workplace
+
== create acegilogin.jsp in opencms workplace ==
 
+
<code lang="xml">
<nowiki>
+
<code>
+
 
+
 
     <h1>Acegi Login</h1>
 
     <h1>Acegi Login</h1>
 
     <%-- this form-login-page form is also used as the  
 
     <%-- this form-login-page form is also used as the  
Line 210: Line 207:
 
       </table>
 
       </table>
 
     </form>
 
     </form>
 
 
</code>
 
</code>
</nowiki>
 
  
 
+
== opencms/WEB-INF/lib/* ==
5. Add the following jar's in the opencms/WEB-INF/lib/*
+
Add the following jar's in the opencms/WEB-INF/lib/*
 
* acegi-security-1.0.3.jar
 
* acegi-security-1.0.3.jar
 
* aopalliance-1.0.jar
 
* aopalliance-1.0.jar
Line 229: Line 224:
 
* standard-1.1.2.jar
 
* standard-1.1.2.jar
  
 
+
[[Category:Extending OpenCms]]
 
+
----
+
 
+
 
+
*** Will update this page soon and often as I finalize acegi in my current project...
+
I still need to work out the InMemoryDaoImpl verse the JdbcDaoImpl implementation into the existing opencms data structure.
+
 
+
'''Specifically, I need help with these 2 queries:'''
+
 
+
<code>
+
        <property name="usersByUsernameQuery">
+
            <value>SELECT user_name, user_password, ENABLED_FLAG FROM cms_users WHERE user_name = ?
+
            </value>
+
        </property>
+
        <property name="authoritiesByUsernameQuery">
+
            <value>SELECT a.USER_ID AS USERNAME, ROLE_ID AS AUTHORITY FROM USER a, CMS_GROUPusers b, CMS_GROUPS c WHERE b.USER_KEY =
+
                a.USER_KEY AND USER_ID = ?
+
            </value>
+
        </property>
+
</code>
+

Latest revision as of 15:10, 26 June 2008

Integrating Spring Acegi into OpenCms to restrict access for Web Users.

Contents

Spring Framework

Spring Framework needs to be integrated before we can continue.

Create applicationContext-acegi-security.xml

   <beans>
    <bean id="authenticationManager"
          class="org.acegisecurity.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref local="daoAuthenticationProvider"/>
                <ref local="jdbcDaoImpl"/>
            </list>
        </property>
    </bean>
    <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
        <property name="userDetailsService">
            <bean class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
                <property name="userMap">
                    <value>
                        testUser=testUser,Administrators,Users
                        test123=test123,Administrators,Tester
                    </value>
                </property>
            </bean>
        </property>
    </bean>
    <!--<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">

        <property name="userDetailsService" ref="jdbcDaoImpl"/>
        <property name="passwordEncoder" ref="passwordEncoder"/>
    </bean>-->
    <!-- specify the JDBC DAO Impl, note the reference to "dataSource" -->
    <bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
        <property name="dataSource">
            <ref bean="dataSource"/>
        </property>
        <property name="usersByUsernameQuery">
            <value>
                SELECT user_name, user_password FROM cms_users WHERE user_name = ?
            </value>
        </property>
        <property name="authoritiesByUsernameQuery">
            <value>
                select u.user_name, g.group_name from cms_users u,
                cms_groups g, cms_groupusers gu
                where user_name = ? and u.user_id = gu.user_id
                and gu.group_id = g.group_id
            </value>
        </property>
    </bean>
    <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureUrl">
            <value>/opencms/tro/acegilogin.jsp?login_error=1</value>
        </property>
        <property name="defaultTargetUrl">
            <value>/tro/index.html</value>
        </property>
        <property name="filterProcessesUrl">
            <value>/opencms/tro/j_acegi_security_check</value>
        </property>
    </bean>
    <bean id="filterChainProxy"
          class="org.acegisecurity.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                  /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
            </value>
        </property>
    </bean>
    <bean id="httpSessionContextIntegrationFilter"
          class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
        <property name="context">
            <value>org.acegisecurity.context.SecurityContextImpl</value>
        </property>
    </bean>
    <bean id="securityRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
    <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint">
            <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                <property name="loginFormUrl">
                    <value>/opencms/tro/acegilogin.jsp</value>
                </property>
                <property name="forceHttps">
                    <value>false</value>
                </property>
            </bean>
        </property>
        <property name="accessDeniedHandler">
            <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
                <property name="errorPage">
                    <value>/opencms/tro/acegilogin.jsp?login_error=1</value>
                </property>
            </bean>
        </property>
    </bean>
    <bean id="filterSecurityInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        </property>
        <property name="accessDecisionManager">
            <bean class="org.acegisecurity.vote.UnanimousBased">
                <property name="decisionVoters">
                    <list>
                        <bean class="org.acegisecurity.vote.RoleVoter">
                            <!--  Reset the role prefix to "", default is ROLE_ -->
                            <property name="rolePrefix">
                                <value></value>
                            </property>
                        </bean>
                    </list>
                </property>
            </bean>
        </property>
        <property name="objectDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /opencms/tro/stream/**=Tester
                /**/stream/**=Tester
            </value>
        </property>
    </bean>
    <bean id="passwordEncoder"
          class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
    </beans>


modify opencms/WEB-INF/web.xml

    <taglib>
        <taglib-uri>http://acegisecurity.org/authz</taglib-uri>
        <taglib-location>/WEB-INF/authz.tld</taglib-location>
    </taglib>
    <!-- =======================================================-->
    <!-- ACEGI Filter -->
    <!-- =======================================================-->
    <!--
        Acegi Springframework Security Filter
    -->
    <!-- =======================================================-->
    <filter>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
        <init-param>
            <param-name>targetClass</param-name>
            <param-value>org.acegisecurity.util.FilterChainProxy</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!--
         - Loads the root application context of this web app at startup,
         - by default from "/WEB-INF/applicationContext.xml" (see above).
         -
         - Use WebApplicationContextUtils.getWebApplicationContext(servletContext)
         - to access it anywhere in the web application, outside of the framework.
         - Note that this will only work in Servlet 2.4 environments, or Servlet 2.3
         - environments that follow the 2.4 initializaiton order (most of them).
         - Alternately, ContextLoaderServlet can be used for older environments.
    -->
    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>
    <!--
        - Specifies the context location for the root application context of
        - this web app. The value mentioned here is the default of the
        - ContextLoaderListener, but for clarity we're including it anyway.
    -->
    <context-param>
        <param-name>contextConfigLocations</param-name>
        <param-value>
            /WEB-INF/applicationContext.xml
        </param-value>
    </context-param>

create acegilogin.jsp in opencms workplace

    <h1>Acegi Login</h1>
    <%-- this form-login-page form is also used as the 
         form-error-page to ask for a login again.
         --%>
    <c:if test="${not empty param.login_error}">
      <font color="red">
        Your login attempt was not successful, try again.<BR><BR>
        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
      </font>
    </c:if>
    <form id="loginForm" action="<c:url value='j_acegi_security_check'/>" method="POST">
      <table>
        <tr><td>User:</td><td><input type='text' name='j_username' 
        <c:if test="${not empty param.login_error}">
              value='<%= session.getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_USERNAME_KEY) %>'
       </c:if>></td></tr>
        <tr><td>Password:</td><td><input type='password' name='j_password'></td></tr>
        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
      </table>
    </form>

opencms/WEB-INF/lib/*

Add the following jar's in the opencms/WEB-INF/lib/*

  • acegi-security-1.0.3.jar
  • aopalliance-1.0.jar
  • asm-1.5.3.jar
  • asm-all-2.2.3.jar
  • asm-attrs-1.5.3.jar
  • aspectjrt-1.5.2a.jar
  • cglib-2.1_3.jar
  • cglib-nodep-2.1_3.jar
  • commons-lang-2.1.jar
  • hibernate-3.2.1.ga.jar
  • spring-2.0.jar
  • standard-1.1.2.jar
Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox