Acegi integration
From OpenCms Wiki
Integrating Spring Acegi into OpenCms to restrict access for Web Users.
Contents |
Spring Framework
Spring Framework needs to be integrated before we can continue.
Create applicationContext-acegi-security.xml
<beans> <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref local="daoAuthenticationProvider"/> <ref local="jdbcDaoImpl"/> </list> </property> </bean> <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService"> <bean class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value> testUser=testUser,Administrators,Users test123=test123,Administrators,Tester </value> </property> </bean> </property> </bean> <!--<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="jdbcDaoImpl"/> <property name="passwordEncoder" ref="passwordEncoder"/> </bean>--> <!-- specify the JDBC DAO Impl, note the reference to "dataSource" --> <bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl"> <property name="dataSource"> <ref bean="dataSource"/> </property> <property name="usersByUsernameQuery"> <value> SELECT user_name, user_password FROM cms_users WHERE user_name = ? </value> </property> <property name="authoritiesByUsernameQuery"> <value> select u.user_name, g.group_name from cms_users u, cms_groups g, cms_groupusers gu where user_name = ? and u.user_id = gu.user_id and gu.group_id = g.group_id </value> </property> </bean> <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationFailureUrl"> <value>/opencms/tro/acegilogin.jsp?login_error=1</value> </property> <property name="defaultTargetUrl"> <value>/tro/index.html</value> </property> <property name="filterProcessesUrl"> <value>/opencms/tro/j_acegi_security_check</value> </property> </bean> <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor </value> </property> </bean> <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"> <property name="context"> <value>org.acegisecurity.context.SecurityContextImpl</value> </property> </bean> <bean id="securityRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/> <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"> <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl"> <value>/opencms/tro/acegilogin.jsp</value> </property> <property name="forceHttps"> <value>false</value> </property> </bean> </property> <property name="accessDeniedHandler"> <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl"> <property name="errorPage"> <value>/opencms/tro/acegilogin.jsp?login_error=1</value> </property> </bean> </property> </bean> <bean id="filterSecurityInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"> <ref bean="authenticationManager"/> </property> <property name="accessDecisionManager"> <bean class="org.acegisecurity.vote.UnanimousBased"> <property name="decisionVoters"> <list> <bean class="org.acegisecurity.vote.RoleVoter"> <!-- Reset the role prefix to "", default is ROLE_ --> <property name="rolePrefix"> <value></value> </property> </bean> </list> </property> </bean> </property> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /opencms/tro/stream/**=Tester /**/stream/**=Tester </value> </property> </bean> <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/> </beans>
modify opencms/WEB-INF/web.xml
<taglib> <taglib-uri>http://acegisecurity.org/authz</taglib-uri> <taglib-location>/WEB-INF/authz.tld</taglib-location> </taglib> <!-- =======================================================--> <!-- ACEGI Filter --> <!-- =======================================================--> <!-- Acegi Springframework Security Filter --> <!-- =======================================================--> <filter> <filter-name>Acegi Filter Chain Proxy</filter-name> <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class> <init-param> <param-name>targetClass</param-name> <param-value>org.acegisecurity.util.FilterChainProxy</param-value> </init-param> </filter> <filter-mapping> <filter-name>Acegi Filter Chain Proxy</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- - Loads the root application context of this web app at startup, - by default from "/WEB-INF/applicationContext.xml" (see above). - - Use WebApplicationContextUtils.getWebApplicationContext(servletContext) - to access it anywhere in the web application, outside of the framework. - Note that this will only work in Servlet 2.4 environments, or Servlet 2.3 - environments that follow the 2.4 initializaiton order (most of them). - Alternately, ContextLoaderServlet can be used for older environments. --> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <!-- - Specifies the context location for the root application context of - this web app. The value mentioned here is the default of the - ContextLoaderListener, but for clarity we're including it anyway. --> <context-param> <param-name>contextConfigLocations</param-name> <param-value> /WEB-INF/applicationContext.xml </param-value> </context-param>
create acegilogin.jsp in opencms workplace
<h1>Acegi Login</h1> <%-- this form-login-page form is also used as the form-error-page to ask for a login again. --%> <c:if test="${not empty param.login_error}"> <font color="red"> Your login attempt was not successful, try again.<BR><BR> Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %> </font> </c:if> <form id="loginForm" action="<c:url value='j_acegi_security_check'/>" method="POST"> <table> <tr><td>User:</td><td><input type='text' name='j_username' <c:if test="${not empty param.login_error}"> value='<%= session.getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_USERNAME_KEY) %>' </c:if>></td></tr> <tr><td>Password:</td><td><input type='password' name='j_password'></td></tr> <tr><td colspan='2'><input name="submit" type="submit"></td></tr> </table> </form>
opencms/WEB-INF/lib/*
Add the following jar's in the opencms/WEB-INF/lib/*
- acegi-security-1.0.3.jar
- aopalliance-1.0.jar
- asm-1.5.3.jar
- asm-all-2.2.3.jar
- asm-attrs-1.5.3.jar
- aspectjrt-1.5.2a.jar
- cglib-2.1_3.jar
- cglib-nodep-2.1_3.jar
- commons-lang-2.1.jar
- hibernate-3.2.1.ga.jar
- spring-2.0.jar
- standard-1.1.2.jar
