* web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <display-name>springweb</display-name> <servlet> <servlet-name>dispatcher</servlet-name> <servlet-class> org.springframework.web.servlet.DispatcherServlet </servlet-class> <load-on-startup>1</load-on-startup> </servlet> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/dispatcher-servlet.xml</param-value> </context-param> <servlet-mapping> <servlet-name>dispatcher</servlet-name> <url-pattern>*.htm</url-pattern> </servlet-mapping> <filter> <filter-name>Acegi Filter Chain Proxy</filter-name> <filter-class> org.acegisecurity.util.FilterToBeanProxy </filter-class> <init-param> <param-name>targetBean</param-name> <param-value>filterChainProxy</param-value> </init-param> </filter> <filter-mapping> <filter-name>Acegi Filter Chain Proxy</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <welcome-file-list> <welcome-file>redirect.jsp</welcome-file> </welcome-file-list> <taglib> <taglib-uri>http://java.sun.com/jstl/fmt</taglib-uri> <taglib-location>/WEB-INF/tlds/fmt.tld</taglib-location> </taglib> <taglib> <taglib-uri>http://java.sun.com/jstl/fmt-rt</taglib-uri> <taglib-location>/WEB-INF/tlds/fmt-rt.tld</taglib-location> </taglib> <taglib> <taglib-uri>http://java.sun.com/jstl/core</taglib-uri> <taglib-location>/WEB-INF/tlds/c.tld</taglib-location> </taglib> <taglib> <taglib-uri>http://java.sun.com/jstl/core-rt</taglib-uri> <taglib-location>/WEB-INF/tlds/c-rt.tld</taglib-location> </taglib> <taglib> <taglib-uri>http://java.sun.com/jstl/sql</taglib-uri> <taglib-location>/WEB-INF/tlds/sql.tld</taglib-location> </taglib> <taglib> <taglib-uri>http://java.sun.com/jstl/sql-rt</taglib-uri> <taglib-location>/WEB-INF/tlds/sql-rt.tld</taglib-location> </taglib> <taglib> <taglib-uri>http://java.sun.com/jstl/x</taglib-uri> <taglib-location>/WEB-INF/tlds/x.tld</taglib-location> </taglib> <taglib> <taglib-uri>http://java.sun.com/jstl/x-rt</taglib-uri> <taglib-location>/WEB-INF/tlds/x-rt.tld</taglib-location> </taglib> <taglib> <taglib-uri>http://java.sun.com/jstl/fn</taglib-uri> <taglib-location>/WEB-INF/tlds/fn.tld</taglib-location> </taglib> <taglib> <taglib-uri>http://www.springframework.org/spring</taglib-uri> <taglib-location>/WEB-INF/tlds/spring.tld</taglib-location> </taglib> </web-app>
* dispatcher-servlet.xml
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> <beans> <!-- Controller definitions --> <bean id="indexController" class="springweb.controller.IndexController"> <property name="greeting"> <value>Welcome to the Demo App!!</value> </property> </bean> <bean id="logoutController" class="springweb.controller.LogoutController" /> <bean id="initParamSubmitController" class="springweb.controller.InitParamSubmitController" /> <bean id="paramSubmitController" class="springweb.controller.ParamSubmitController"> <property name="sessionForm"> <value>false</value> </property> <property name="commandName"> <value>simplePersonForm</value> </property> <property name="commandClass"> <value>springweb.form.SimplePersonForm</value> </property> <property name="validator"> <bean class="springweb.form.validator.SimplePersonFormValidator" /> </property> <property name="formView"> <value>initparamsubmit</value> </property> <property name="successView"> <value>/secure/app/paramsubmit.htm</value> </property> </bean> <bean id="initAdminController" class="springweb.controller.InitAdminController" /> <!-- URL Mapping definition --> <bean id="simpleUrlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping"> <property name="mappings"> <props> <prop key="/index.htm">indexController</prop> <prop key="/logout.htm">logoutController</prop> <prop key="/secure/app/initparamsubmit.htm"> initParamSubmitController </prop> <prop key="/secure/app/paramsubmit.htm"> paramSubmitController </prop> <prop key="/secure/admin/initadmin.htm"> initAdminController </prop> </props> </property> </bean> <!-- View Resolver definition --> <bean id="xmlViewResolver" class="org.springframework.web.servlet.view.XmlViewResolver"> <property name="location"> <value>/WEB-INF/springweb-views.xml</value> </property> </bean> <!-- ****** START ACEGI Security Configuration *******--> <!-- ======================== FILTER CHAIN ======================= --> <!-- if you wish to use channel security, add "channelProcessingFilter," in front of "httpSessionContextIntegrationFilter" in the list below --> <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,formAuthenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor </value> </property> </bean> <!-- Start Security filter config --> <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"> <ref bean="formLoginAuthenticationEntryPoint" /> </property> </bean> <!-- Define filter to handle BASIC authentication --> <bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter"> <property name="authenticationManager"> <ref bean="authenticationManager" /> </property> <property name="authenticationEntryPoint"> <ref bean="authenticationEntryPoint" /> </property> </bean> <!-- Define realm for BASIC login--> <bean id="authenticationEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint"> <property name="realmName"> <value>Spring Web Realm</value> </property> </bean> <!-- Define filter to handle FORM authentication --> <bean id="formAuthenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="filterProcessesUrl"> <value>/j_acegi_security_check</value> </property> <property name="authenticationFailureUrl"> <value>/loginFailed.html</value> </property> <property name="defaultTargetUrl"> <value>/</value> </property> <property name="authenticationManager"> <ref bean="authenticationManager" /> </property> </bean> <!-- Define realm for FORM login--> <bean id="formLoginAuthenticationEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl"> <value>/login.jsp</value> </property> <property name="forceHttps"> <value>false</value> </property> </bean> <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"> </bean> <!-- End Security filter config --> <!-- Start Security interceptor config --> <!-- Define authentication manager, decision manager and secure URL patterns --> <bean id="filterSecurityInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"> <ref bean="authenticationManager" /> </property> <property name="accessDecisionManager"> <ref bean="accessDecisionManager" /> </property> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /secure/admin/*=ROLE_ADMIN /secure/app/*=ROLE_USER </value> </property> </bean> <!-- End Security interceptor config --> <!-- Start authentication config --> <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref bean="daoAuthenticationProvider" /> </list> </property> </bean> <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService"> <ref bean="userDetailsService" /> </property> </bean> <!-- Authentication using In-memory Dao --> <bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value> jklaassen=4moreyears,ROLE_ADMIN bouerj=ineedsleep,ROLE_USER </value> </property> </bean> <!-- Authentication using JDBC Dao --> <!-- <bean id="userDetailsService" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl"> <property name="dataSource"> <ref bean="dataSource"/> </property> </bean> --> <!-- End authentication config --> <!-- Start authorization config --> <bean id="accessDecisionManager" class="org.acegisecurity.vote.UnanimousBased"> <property name="decisionVoters"> <list> <ref bean="roleVoter" /> </list> </property> </bean> <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"> <property name="rolePrefix"> <value>ROLE_</value> </property> </bean> <!-- End authorization config --> <!-- ****** END ACEGI Security Configuration *******--> <!-- DataSource definition --> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName"> <value>com.mysql.jdbc.Driver</value> </property> <property name="url"> <value>jdbc:mysql://localhost:3306/springweb_auth_db</value> </property> <property name="username"> <value>j2ee</value> </property> <property name="password"> <value>password</value> </property> </bean> </beans>
