Pages

Thursday, December 11, 2014

spring security

Dans cet article nous allons montrer comment travailler avec spring security dans une application j2ee utilisant jsf et primefaces.

1)voici notre page d'authentification login.xhtml qui contient le formulaire suivant:

  




2)Dans ce qui le fichier spring_security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:security="http://www.springframework.org/schema/security"
        xsi:schemaLocation="
           http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-2.0.xsd">
   


    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
        <property name="driverClassName">
            <value>com.mysql.jdbc.Driver</value>
        </property>
        <property name="url">
            <value>jdbc:mysql://localhost/bd?useUnicode=true&amp;characterEncoding=UTF-8&amp;characterSetResults=UTF-8</value>
        </property>
        <property name="username">
            <value>root</value>
        </property>
        <property name="password">
            <value></value>
        </property>
        
    </bean>


<security:http access-denied-page="/faces/denied.xhtml" auto-config="true">
  <security:intercept-url pattern="/faces/login.xhtml" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none"/>
  <security:intercept-url pattern="/faces/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none"/>
  <security:intercept-url pattern="/faces/pages/**" access="ROLE_ADMIN"/>

   
  <security:form-login login-page="/faces/login.xhtml"  authentication-failure-url="/faces/login.xhtml?error=true" default-target-url="/faces/accueil.xhtml"   always-use-default-target="true"/>
 <security:remember-me />
</security:http>


    <!-- Configure the authentication provider -->
    <security:authentication-provider>
  <security:jdbc-user-service data-source-ref="dataSource" 
                              users-by-username-query="SELECT username,password,enabled FROM utilisateur WHERE username = ?"
                              authorities-by-username-query="SELECT username,role FROM profil WHERE username = ?"/>
</security:authentication-provider>
</beans>


-Ce fichier de configuration de spring doit etre visible pour notre application Web.
Pour cela nous devons le déclarer dans le fichier Web.xml



 <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
/WEB-INF/ spring_security.xml
        </param-value>
    </context-param>


et ajouter les listener suivant:


    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <listener>
        <listener-class>
org.springframework.web.context.request.RequestContextListener
        </listener-class>

    </listener>
et les filtressuivant:

 <filter>
        <filter-name>CharacterEncodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
        <init-param>
            <param-name>forceEncoding</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
    org.springframework.web.filter.DelegatingFilterProxy
  </filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>

    </filter-mapping>


Le fichier Web.xml complet est comme ceci:


<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
  <display-name></display-name>
  <welcome-file-list>
    <welcome-file>login.xhtml</welcome-file>
  </welcome-file-list>
  <context-param>
    <param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
    <param-value>false</param-value>
  </context-param>
  <context-param>
    <param-name>javax.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE</param-name>
    <param-value>true</param-value>
</context-param>
  <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>

     <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
/WEB-INF/spring_security.xml
        </param-value>
    </context-param>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <listener>
        <listener-class>
org.springframework.web.context.request.RequestContextListener
        </listener-class>
    </listener>
    <filter>
        <filter-name>CharacterEncodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
        <init-param>
            <param-name>forceEncoding</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
    org.springframework.web.filter.DelegatingFilterProxy
  </filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>
   

</web-app>

No comments:

Post a Comment