I am developing a spring web mvc application, which makes use of spring security. For my application I found that the standard authorization process does not fit my needs. To continue development I have created some custom spring security classes, and augmented my spring-security.xml
Everything is going fine, except when trying to use the <security:filter-chain-map>
I receive a dependency error that I can't seem to resolve.
The classes from the spring-security-web jar (or one of its dependencies) are not available. You need these to use
<filter-chain-map>
The most common solutions found on stackoverflow included adding javax.servlet api jar, and the jstl-1.2 jar. I have had those already. This is killing me. I've been adding different jars in-and-out and it's not comming together.
I have found this http://ift.tt/1OPddE4 but I'm not sure I understand the answer.
dependencies
<dependencies>
<!-- spring -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
<exclusions>
<!-- exclude commons-logging in favor of slf4j and logback -->
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- aop -->
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>1.8.6</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>1.8.6</version>
</dependency>
<!-- thymeleaf -->
<dependency>
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf-spring4</artifactId>
<version>2.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-tiles2-spring4</artifactId>
<version>2.1.1.RELEASE</version>
</dependency>
<!-- j2ee -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
<scope>provided</scope>
</dependency>
spring-security.xml
<!-- config -->
<security:http pattern="/css/**" security="none"/>
<security:http pattern="/js/**" security="none"/>
<security:http pattern="/img/**" security="none"/>
<!-- custom security chain filter -->
<security:filter-chain-map>
<security:filter-chain pattern="/**"
filters="
ConcurrentSessionFilterAdmin,
securityContextPersistenceFilter,
logoutFilterAdmin,
basicAuthenticationFilterAdmin,
requestCacheAwareFilter,
securityContextHolderAwareRequestFilter,
anonymousAuthenticationFilter,
sessionManagementFilterAdmin,
exceptionTranslationFilter,
filterSecurityInterceptorAdmin
springSecurityFilterChain"
/>
</security:filter-chain-map>
<!-- user roles security -->
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/user/**" access="hasRole('USER_ROLE')"/>
<security:intercept-url pattern="/oauth/callback**" access="permitAll"/>
<security:access-denied-handler error-page="/"/>
<security:form-login login-page="/"/>
<security:session-management invalid-session-url="/"/>
<security:csrf/>
</security:http>
<!-- spring security config -->
<security:authentication-manager id="authManager">
<security:authentication-provider user-service-ref="PUEUserDetailsService"/>
</security:authentication-manager>
<!-- method security -->
<bean id="pueMethodSecurity" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager" ref="authManager"/>
<property name="securityMetadataSource">
<!-- method security -->
<security:method-security-metadata-source>
<security:protect access="permitAll" method="abnd.pue.controller.UserController.index*"/>
<security:protect access="USER_ROLE" method="abnd.pue.controller.UserController.user*"/>
</security:method-security-metadata-source>
</property>
</bean>
relevant web.xml
<!-- spring security filter -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>abnd.pue.auth.PUEUsernameAuthFilterAdmin</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Aucun commentaire:
Enregistrer un commentaire