|
[x]
Posted via EE Mobile
|
||
Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again. |
||
| Question |
|
[x]
Attachment Details
|
||
|
[x]
The Solution Rating System
|
||
With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.
Your Input Matters If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support. Thank you! |
||
1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: |
-----security-config.xml--------
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<!-- Put '@Secured( {"ROLE_SUPER"} )' over service methods ~ Not working causes error -->
<!--<global-method-security secured-annotations="enabled" /> -->
<http>
<intercept-url pattern='/dacsLogin.htm' filters='none'/>
<intercept-url pattern='/system/**' access='ROLE_SUPER' />
<intercept-url pattern='/admin/**' access='ROLE_ADMIN' />
<intercept-url pattern='/**' access='ROLE_BASIC' />
<form-login login-page='/dacsLogin.htm' default-target-url='/index.jsp' always-use-default-target='false' />
</http>
<authentication-provider user-service-ref='userDetailsService'/>
<beans:bean id="userDetailsService" class="com.cisco.btd.security.BtdUserDetailsService">
<beans:property name="userService" ref="userService"/>
</beans:bean>
</beans:beans>
------web.xml---------
..................
<!-- Spring security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
.........................
---------dacs authentication servlet -----------
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String dacsUsername;
try {
dacsUsername = DacsUtil.resolveUsername(DACS_BASE_URI, DACS_AUTH_JURIS, request);
if (dacsUsername == null) {
dacsUsername = "dacsuser";
logger.error("Authentication problem. Couldn't find dacsUsername");
}
// Set session info.
request.getSession(true).setAttribute(SESSION_USER_NAME, dacsUsername);
logger.info("DACS credentials set for : " + dacsUsername);
} catch (DacsException de) {
dacsUsername = "dacsuser";
logger.error("Failed authenticating with DACS: " + de.getMessage());
}
request.setAttribute("btdUser", dacsUsername);
request.setAttribute("btdPassword", "");
RequestDispatcher dispatcher;
dispatcher = request.getRequestDispatcher("localLogin.jsp");
dispatcher.forward(request, response);
}
--------------my hacked login jsp with auto-submit --------------
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Login Page</title>
</head>
<body>
<form name='loginForm' action='<%= request.getContextPath() %>/j_spring_security_check' method='POST'>
<input type='hidden' name='j_username' value='${btdUser}'>
<input type='hidden' name='j_password' value='${btdPassword}' />
</form>
<SCRIPT language="JavaScript">
document.loginForm.submit();
</SCRIPT>
</body>
</html>
------------my custom user authentication class - which works perfectly at this point -------------
public class BtdUserDetailsService implements UserDetailsService {
........................
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException, DataAccessException {
//find user - do the regular stuff.
checkDefaultRoles();
User user = userService.findByUserId(userName);
user = checkUser(user, userName);
return new BtdUserDetails(user);
}
............................
}
|
Advertisement
| Hall of Fame |