Acegi integration

From OpenCms Wiki
Revision as of 01:58, 19 June 2008 by Thowland (Talk | contribs)
Jump to: navigation, search

Integrating Spring Acegi into OpenCms to restrict access for Web Users.

1. Spring Framework needs to be integrated before we can continue. [link to another page here]

2. Crate applicationContext-acegi-security.xml


   <beans>
    <bean id="authenticationManager"
          class="org.acegisecurity.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref local="daoAuthenticationProvider"/>
                <ref local="jdbcDaoImpl"/>
            </list>
        </property>
    </bean>
    <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
        <property name="userDetailsService">
            <bean class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
                <property name="userMap">
                    <value>
                        testUser=testUser,Administrators,Users
                        test123=test123,Administrators,Tester
                    </value>
                </property>
            </bean>
        </property>
    </bean>
    <!--<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="jdbcDaoImpl"/>
        <property name="passwordEncoder" ref="passwordEncoder"/>
    </bean>-->
    <!-- specify the JDBC DAO Impl, note the reference to "dataSource" -->
    <bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
        <property name="dataSource">
            <ref bean="dataSource"/>
        </property>
        <property name="usersByUsernameQuery">
            <value>
                SELECT user_name, user_password FROM cms_users WHERE user_name = ?
            </value>
        </property>
        <property name="authoritiesByUsernameQuery">
            <value>
                select u.user_name, g.group_name from cms_users u,
                cms_groups g, cms_groupusers gu
                where user_name = ? and u.user_id = gu.user_id
                and gu.group_id = g.group_id
            </value>
        </property>
    </bean>
    <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureUrl">
            <value>/opencms/tro/acegilogin.jsp?login_error=1</value>
        </property>
        <property name="defaultTargetUrl">
            <value>/tro/index.html</value>
        </property>
        <property name="filterProcessesUrl">
            <value>/opencms/tro/j_acegi_security_check</value>
        </property>
    </bean>
    <bean id="filterChainProxy"
          class="org.acegisecurity.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                  /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
            </value>
        </property>
    </bean>
    <bean id="httpSessionContextIntegrationFilter"
          class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
        <property name="context">
            <value>org.acegisecurity.context.SecurityContextImpl</value>
        </property>
    </bean>
    <bean id="securityRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
    <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint">
            <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                <property name="loginFormUrl">
                    <value>/opencms/tro/acegilogin.jsp</value>
                </property>
                <property name="forceHttps">
                    <value>false</value>
                </property>
            </bean>
        </property>
        <property name="accessDeniedHandler">
            <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
                <property name="errorPage">
                    <value>/opencms/tro/acegilogin.jsp?login_error=1</value>
                </property>
            </bean>
        </property>
    </bean>
    <bean id="filterSecurityInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        </property>
        <property name="accessDecisionManager">
            <bean class="org.acegisecurity.vote.UnanimousBased">
                <property name="decisionVoters">
                    <list>
                        <bean class="org.acegisecurity.vote.RoleVoter">
                            <!--  Reset the role prefix to "", default is ROLE_ -->
                            <property name="rolePrefix">
                                <value></value>
                            </property>
                        </bean>
                    </list>
                </property>
            </bean>
        </property>
        <property name="objectDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /opencms/tro/stream/**=Tester
                /**/stream/**=Tester
            </value>
        </property>
    </bean>
    <bean id="passwordEncoder"
          class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
    </beans>

 


3. modify opencms/WEB-INF/web.xml

    <taglib>
        <taglib-uri>http://acegisecurity.org/authz</taglib-uri>
        <taglib-location>/WEB-INF/authz.tld</taglib-location>
    </taglib>
    <!-- =======================================================-->
    <!-- ACEGI Filter -->
    <!-- =======================================================-->
    <!--
        Acegi Springframework Security Filter
    -->
    <!-- =======================================================-->
    <filter>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
        <init-param>
            <param-name>targetClass</param-name>
            <param-value>org.acegisecurity.util.FilterChainProxy</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!--
         - Loads the root application context of this web app at startup,
         - by default from "/WEB-INF/applicationContext.xml" (see above).
         -
         - Use WebApplicationContextUtils.getWebApplicationContext(servletContext)
         - to access it anywhere in the web application, outside of the framework.
         - Note that this will only work in Servlet 2.4 environments, or Servlet 2.3
         - environments that follow the 2.4 initializaiton order (most of them).
         - Alternately, ContextLoaderServlet can be used for older environments.
    -->
    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>
    <!--
        - Specifies the context location for the root application context of
        - this web app. The value mentioned here is the default of the
        - ContextLoaderListener, but for clarity we're including it anyway.
    -->
    <context-param>
        <param-name>contextConfigLocations</param-name>
        <param-value>
            /WEB-INF/applicationContext.xml
        </param-value>
    </context-param>
 

4. create acegilogin.jsp in opencms workplace

 <code>

    <h1>Acegi Login</h1>
    <%-- this form-login-page form is also used as the 
         form-error-page to ask for a login again.
         --%>
    <c:if test="${not empty param.login_error}">
      <font color="red">
        Your login attempt was not successful, try again.<BR><BR>
        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
      </font>
    </c:if>
    <form id="loginForm" action="<c:url value='j_acegi_security_check'/>" method="POST">
      <table>
        <tr><td>User:</td><td><input type='text' name='j_username' 
        <c:if test="${not empty param.login_error}">
              value='<%= session.getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_USERNAME_KEY) %>'
       </c:if>></td></tr>
        <tr><td>Password:</td><td><input type='password' name='j_password'></td></tr>
        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
      </table>
    </form>

 </code>
 


5. Add the following jar's in the opencms/WEB-INF/lib/*

  • acegi-security-1.0.3.jar
  • aopalliance-1.0.jar
  • asm-1.5.3.jar
  • asm-all-2.2.3.jar
  • asm-attrs-1.5.3.jar
  • aspectjrt-1.5.2a.jar
  • cglib-2.1_3.jar
  • cglib-nodep-2.1_3.jar
  • commons-lang-2.1.jar
  • hibernate-3.2.1.ga.jar
  • spring-2.0.jar
  • standard-1.1.2.jar



Contact me on the OpenCms mailing list if you have questions... Mick Knutson

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox