Versions Compared

Old Version 18

changes.mady.by.user Unknown User (kaig)

Saved on

compared with

New Version 19

changes.mady.by.user Alexander Cherednichenko

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
xml
xml
titleweb.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
	version="2.4">

        <!-- Only needed to secure resources...
	<filter>
		<filter-name>spring.securityFilterChain<name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
		<init-param>
			<param-name>targetBeanName</param-name>
			<param-value>filterChainProxy</param-value>
		</init-param>
	</filter>
        -->

	<filter>
		<filter-name>wicket.filter</filter-name>
		<filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
	</filter>
        
        <!--
	<filter-mapping>
		<filter-name>spring.securityFilterChain<name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
        -->

	<filter-mapping>
		<filter-name>wicket.filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
</web-app>

Adding the spring.securityFilterChain is only necessary if you also want to secure static resourcesIt is important to add springSecurityFilterChain mapping higher in code than the Wicket filter mappin. Wicket filter is only passing filter call down by filter chain if it is unable to handle request itself.

Spring security version 3 and wicket 1.4

...

Code Block
xml
xml
1applicationContext-security.xml
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

	
	<security:http create-session="never" auto-config="true" >
		<security:remember-me/>
		<security:intercept-url pattern="/**"/>
	</security:http>


	<security:authentication-manager alias="authenticationManager">
		<security:authentication-provider>

			<!--  TODO change this to reference our real user service -->
			<security:user-service>
				<security:user name="admin" password="admin"
					authorities="ROLE_ADMIN, ROLE_USER" />
				<security:user name="user" password="user"
					authorities="ROLE_USER" />

			</security:user-service>
		</security:authentication-provider>

	</security:authentication-manager>

	<security:global-method-security secured-annotations="enabled" />
</beans>

...

Code Block
tileMyAuthenticatedWebSession
public class MyAuthenticatedWebSession extends AuthenticatedWebSession {
    
    private static final Logger logger = Logger.getLogger(MyAuthenticatedWebSession.class);

    @SpringBean(name="authenticationManager")
    private AuthenticationManager authenticationManager;

    public MyAuthenticatedWebSession(Request request) {
        super(request);
        injectDependencies();
        ensureDependenciesNotNull();
    }

    private void ensureDependenciesNotNull() {
        if (authenticationManager == null) {
            throw new IllegalStateException("AdminSession requires an authenticationManager.");
        }
    }

    private void injectDependencies() {
        InjectorHolder.getInjector().inject(this);
    }

    @Override
    public boolean authenticate(String username, String password) {
        boolean authenticated = false;
        try {
            Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
            SecurityContextHolder.getContext().setAuthentication(authentication);
            authenticated = authentication.isAuthenticated();
        } catch (AuthenticationException e) {
            logger.warn(format("User '%s' failed to login. Reason: %s", username, e.getMessage()));
            authenticated = false;
        }
        return authenticated;
    }

    @Override
    public Roles getRoles() {
        Roles roles = new Roles();
        getRolesIfSignedIn(roles);
        return roles;
    }

    private void getRolesIfSignedIn(Roles roles) {
        if (isSignedIn()) {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            addRolesFromAuthentication(roles, authentication);
        }
    }

    private void addRolesFromAuthentication(Roles roles, Authentication authentication) {
        for (GrantedAuthority authority : authentication.getAuthorities()) {
            roles.add(authority.getAuthority());
        }
    }

}

...

Code Block
titleMyWebApplicationSpring3.java
public class MyWebApplicationSpring3 extends AuthenticatedWebApplication {
   
    boolean isInitialized = false;

    @Override
    protected void init() {
        if (!isInitialized) {
            super.init();
            setListeners();
            isInitialized = true;
        }
    }

    private void setListeners() {
        addComponentInstantiationListener(new SpringComponentInjector(this));
    }

    @Override
    public Class<?> getHomePage() {
        return HomePage.class;
    }

    @Override
    protected Class<? extends WebPage> getSignInPageClass() {
        return LoginPage.class;
    }

    @Override
    protected Class<? extends AuthenticatedWebSession> getWebSessionClass() {
        return MyAuthenticatedWebSession.class;
    }
}

...