I have a web application with spring security 3.2.5. My configuration is done in web.xml and spring-security.xml. I want to upgrade to spring security 4.0.1 but using java config. How can I integrate this in my application ? I want to follow this example.. [http://websystique.com/spring-security/spring-security-4-custom-login-form-annotation-example/][1]
I'm going to post my current configuration file in xml:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oauth="http://www.springframework.org/schema/security/oauth2" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd"> <!-- Spring security --> <security:http auto-config="false" authentication-manager-ref="authenticationManager" use-expressions="true" > <!-- Override default login and logout pages --> <security:form-login authentication-failure-handler-ref="loginFailed" authentication-success-handler-ref="loginSuccess" login-page="/login.xhtml" default-target-url="/dashboard.xhtml" /> <security:logout invalidate-session="true" logout-url="/j_spring_security_logout" success-handler-ref="logoutAction" /> <security:session-management> <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /> </security:session-management> <security:intercept-url pattern="/jsf/**" access="isAuthenticated()" /> <security:intercept-url pattern="/run**" access="isAuthenticated()" /> <security:intercept-url pattern="/login.xhtml" access="permitAll" /> </security:http> <bean id="success" class="com.car.loginSuccess"/> <bean id="failure" class="com.car.loginFailed" > <property name="defaultFailureUrl" value="/?login_error=true"/> </bean> <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" /> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider user-service-ref="userDetailsService" > <security:password-encoder ref="passwordEncoder" hash="sha"/> </security:authentication-provider> </security:authentication-manager> </beans> web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> <context-param> <param-name>javax.faces.DEFAULT_SUFFIX</param-name> <param-value>.xhtml</param-value> </context-param> <context-param> <param-name>javax.faces.VALIDATE_EMPTY_FIELDS</param-name> <param-value>false</param-value> </context-param> <welcome-file-list> <welcome-file>login.xhtml</welcome-file> </welcome-file-list> <servlet> <servlet-name>Faces Servlet</servlet-name> <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>Faces Servlet</servlet-name> <url-pattern>*.xhtml</url-pattern> </servlet-mapping> <context-param> <param-name>com.sun.faces.expressionFactory</param-name> <param-value>com.sun.el.ExpressionFactoryImpl</param-value> </context-param> <servlet> <description>generated-servlet</description> <servlet-name>CAR Servlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:CAR-web-context.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <listener> <listener-class> org.springframework.security.web.session.HttpSessionEventPublisher </listener-class> </listener> <listener> <listener-class> org.springframework.web.context.request.RequestContextListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <filter> <description> generated-spring-security-session-integration-filter </description> <filter-name>SpringSecuritySessionIntegrationFilter</filter-name> <filter-class> org.springframework.security.web.context.SecurityContextPersistenceFilter</filter-class> </filter> <filter> <description>generated-persistence-filter</description> <filter-name>CARFilter</filter-name> <filter-class> org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class> <init-param> <param-name>entityManagerFactoryBeanName</param-name> <param-value>CAR</param-value> </init-param> </filter> <filter> <description>generated-sitemesh-filter</description> <filter-name>Sitemesh Filter</filter-name> <filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class> </filter> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>contextAttribute</param-name> <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher</param-value> </init-param> </filter> <filter-mapping> <filter-name>SpringSecuritySessionIntegrationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>HRBFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>Sitemesh Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <persistence-unit-ref> <persistence-unit-ref-name>persistence/CAR</persistence-unit-ref-name> <persistence-unit-name>CAR</persistence-unit-name> </persistence-unit-ref> <persistence-context-ref> <persistence-context-ref-name>persistence/CAR</persistence-context-ref-name> <persistence-unit-name>CAR</persistence-unit-name> </persistence-context-ref> Anyone can guide me? I also want to know what should I remove from my web.xml. Based on the link I have provided above, it does not used web.xml. So I want to know how to do this in my web app.
No comments:
Post a Comment