Databases
StackOverflow2013
Postsdbo
POSecurize Struts2 namespaces with Spring Security
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POSecurize Struts2 namespaces with Spring Security
    primarykey
    data
    text
    <p>I try to secure my struts 2 application with Spring Security 3.0.5.</p> <p>I declare this in the web.xml :</p> <pre><code> &lt;!-- Tiles --&gt; &lt;context-param&gt; &lt;param-name&gt; org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG &lt;/param-name&gt; &lt;param-value&gt;/WEB-INF/conf/tiles.xml&lt;/param-value&gt; &lt;/context-param&gt; &lt;listener&gt; &lt;listener-class&gt;org.apache.struts2.tiles.StrutsTilesListener&lt;/listener-class&gt; &lt;/listener&gt; &lt;!-- Files defining SPRING ApplicationContext --&gt; &lt;context-param&gt; &lt;param-name&gt;contextConfigLocation&lt;/param-name&gt; &lt;param-value&gt;/WEB-INF/conf/spring-security.xml,/WEB-INF/conf/application.xml&lt;/param-value&gt; &lt;/context-param&gt; &lt;context-param&gt; &lt;param-name&gt;locatorFactorySelector&lt;/param-name&gt; &lt;param-value&gt;classpath:/model/config/beans.xml&lt;/param-value&gt; &lt;/context-param&gt; &lt;context-param&gt; &lt;param-name&gt;parentContextKey&lt;/param-name&gt; &lt;param-value&gt;context&lt;/param-value&gt; &lt;/context-param&gt; &lt;!-- Filter for security --&gt; &lt;filter&gt; &lt;filter-name&gt;springSecurityFilterChain&lt;/filter-name&gt; &lt;filter-class&gt;org.springframework.web.filter.DelegatingFilterProxy&lt;/filter-class&gt; &lt;/filter&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;springSecurityFilterChain&lt;/filter-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;/filter-mapping&gt; &lt;!-- Struts 2 --&gt; &lt;filter&gt; &lt;filter-name&gt;struts2&lt;/filter-name&gt; &lt;filter-class&gt;org.apache.struts2.dispatcher.FilterDispatcher&lt;/filter-class&gt; &lt;/filter&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;struts2&lt;/filter-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;/filter-mapping&gt; &lt;!-- Spring --&gt; &lt;!-- Open session filter - binds a Hibernate Session to the thread for the entire processing of the request --&gt; &lt;filter&gt; &lt;filter-name&gt;HibernateFilter&lt;/filter-name&gt; &lt;filter-class&gt;org.springframework.orm.hibernate3.support.OpenSessionInViewFilter&lt;/filter-class&gt; &lt;init-param&gt; &lt;param-name&gt;sessionFactoryBeanName&lt;/param-name&gt; &lt;param-value&gt;hibernateSessionFactory&lt;/param-value&gt; &lt;/init-param&gt; &lt;/filter&gt; &lt;!-- Filter for Character Encoding --&gt; &lt;filter&gt; &lt;filter-name&gt;CharacterEncodingFilter&lt;/filter-name&gt; &lt;filter-class&gt;org.springframework.web.filter.CharacterEncodingFilter&lt;/filter-class&gt; &lt;init-param&gt; &lt;param-name&gt;encoding&lt;/param-name&gt; &lt;param-value&gt;UTF-8&lt;/param-value&gt; &lt;/init-param&gt; &lt;/filter&gt; &lt;!-- Mapping for pages to filter --&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;HibernateFilter&lt;/filter-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;/filter-mapping&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;CharacterEncodingFilter&lt;/filter-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;/filter-mapping&gt; &lt;listener&gt; &lt;listener-class&gt;org.springframework.web.context.ContextLoaderListener&lt;/listener-class&gt; &lt;/listener&gt; &lt;listener&gt; &lt;listener-class&gt;org.springframework.web.context.request.RequestContextListener&lt;/listener-class&gt; &lt;/listener&gt; &lt;welcome-file-list&gt; &lt;welcome-file&gt;index.html&lt;/welcome-file&gt; &lt;/welcome-file-list&gt; </code></pre> <p>Then in my struts.xml:</p> <pre><code>&lt;struts&gt; &lt;!-- internationalisation --&gt; &lt;constant name="struts.custom.i18n.resources" value="messages" /&gt; &lt;!-- intégration Spring --&gt; &lt;constant name="struts.objectFactory.spring.autoWire" value="name" /&gt; &lt;package name="searchMandate" namespace="/search" extends="struts-default, tiles-default"&gt; &lt;action name="MandateSearchActionInit" class="web.action.mandate.SearchAction" method="initSearch"&gt; &lt;result name="input" type="tiles"&gt;search&lt;/result&gt; &lt;result name="success" type="tiles"&gt;search&lt;/result&gt; &lt;/action&gt; &lt;/package&gt; &lt;package name="userProfile" namespace="/profile" extends="struts-default, tiles-default"&gt; &lt;action name="ChangeProfileInit" class="web.action.user.ProfileAction" method="loadProfile"&gt; &lt;result name="input" type="tiles"&gt;updateProfile&lt;/result&gt; &lt;/action&gt; &lt;/package&gt; &lt;/struts&gt; </code></pre> <p>My spring-security.xml :</p> <pre><code> &lt;beans:bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy"&gt; &lt;filter-chain-map path-type="ant"&gt; &lt;filter-chain pattern="/**" filters="sif"/&gt; &lt;/filter-chain-map&gt; &lt;/beans:bean&gt; &lt;http use-expressions="true"&gt; &lt;intercept-url pattern="/profile*" access="isAuthenticated()" /&gt; &lt;intercept-url pattern="/search*" access="hasRole('SEARCH')"/&gt; &lt;form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed" /&gt; &lt;logout logout-success-url="/logout" /&gt; &lt;/http&gt; &lt;authentication-manager&gt; &lt;authentication-provider&gt; &lt;password-encoder ref="passwordEncoder" /&gt; &lt;jdbc-user-service data-source-ref="dataSource" users-by-username-query=" select login,password, isactive from tuser where LOGIN=?" authorities-by-username-query=" select u.login, ur.name from tuser u,tgroup g, trolegroup rg, trole ur where u.groupid = g.groupid and g.groupid=rg.groupid and rg.roleid=ur.roleid and u.login =? " /&gt; &lt;/authentication-provider&gt; &lt;/authentication-manager&gt; </code></pre> <p>I thought the security were in place reading "INFO 20-10 23:26:55,620 - Creating access control expression attribute 'hasRole('SEARCH')' for /search*" as server startup. But when I access search/MandateSearchActionInit url, I go to the action without having been routed to the login page. Has somebody the key?</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. This table or related slice is empty.
    1. USRydermark
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POSecurize Struts2 namespaces with Spring Security
      1. USAndrea Ligios
      1. VTFavorite
    1. COSorry fot that. Forget this stupid question. Everything is OK but the pattern of the intercept-url. Nothing to do with Struts.
      singulars
      1. POSecurize Struts2 namespaces with Spring Security
      1. USRydermark
    2. CO/search/** and /profile/** work better
      singulars
      1. POSecurize Struts2 namespaces with Spring Security
      1. USRydermark
    3. COIf you find the answer, answer yourself it will be useful to others.
      singulars
      1. POSecurize Struts2 namespaces with Spring Security
      1. USMohanaRao SV
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload