Commit Acegi Security, projet ok mais des bugs dans la securite (a voir)

2008-01-27 19:53:45 +00:00
parent fb9b5349d2
commit 41f2c4d54a
15 changed files with 265 additions and 21 deletions
--- a/YACOSWeb/WebContent/WEB-INF/applicationContextAcegi.xml
+++ b/YACOSWeb/WebContent/WEB-INF/applicationContextAcegi.xml
@@ -0,0 +1,140 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="
+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
+
+<!--  CONFIGURATION AUTHENTICATION -->
+<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
+  <property name="filterInvocationDefinitionSource">
+    <value>
+      CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+      PATTERN_TYPE_APACHE_ANT
+      /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
+    </value>
+  </property>
+</bean>
+
+<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
+  <property name="authenticationEntryPoint">
+    <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+      <property name="loginFormUrl" value="/login.jsp"/>
+      <property name="forceHttps" value="false"/>
+    </bean>
+  </property>
+  <property name="accessDeniedHandler">
+    <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
+      <property name="errorPage" value="/denied.jsp"/>
+    </bean>
+  </property>
+</bean>
+
+<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
+  <property name="authenticationManager" ref="authenticationManager"/>
+  <property name="authenticationFailureUrl" value="/jsp/login.jsp?errorId=1"/>
+  <property name="defaultTargetUrl" value="/"/>
+  <property name="filterProcessesUrl" value="/j_acegi_security_check"/>
+  <property name="rememberMeServices" ref="rememberMeServices"/>
+</bean>
+
+<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
+  <property name="providers">
+    <list>
+      <ref local="daoAuthenticationProvider"/>
+      <bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
+        <property name="key" value="changeThis"/>
+      </bean>
+      <bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
+        <property name="key" value="changeThis"/>
+      </bean>
+    </list>
+  </property>
+</bean>
+
+<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
+  <property name="userDetailsService" ref="userDetailsService"/>
+  <property name="userCache">
+    <bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
+      <property name="cache">
+        <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
+          <property name="cacheManager">
+            <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
+          </property>
+          <property name="cacheName" value="userCache"/>
+        </bean>
+      </property>
+    </bean>
+  </property>
+</bean>
+
+<bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
+  <property name="userProperties">
+    <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
+      <property name="location" value="/WEB-INF/users.properties"/>
+    </bean>
+  </property>
+</bean>
+
+
+
+<!-- AUTHORIZATION SERVICES -->
+<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
+  <property name="authenticationManager" ref="authenticationManager"/>
+  <property name="accessDecisionManager">
+    <bean class="org.acegisecurity.vote.AffirmativeBased">
+      <property name="allowIfAllAbstainDecisions" value="false"/>
+      <property name="decisionVoters">
+        <list>
+          <bean class="org.acegisecurity.vote.RoleVoter"/>
+          <bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
+        </list>
+      </property>
+    </bean>
+  </property>
+  <property name="objectDefinitionSource">
+    <value>
+      CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+      PATTERN_TYPE_APACHE_ANT
+      /secure/**=ROLE_ADMIN,ROLE_AUTHOR,ROLE_MEMBER
+      /secure/**=IS_AUTHENTICATED_REMEMBERED
+      /**=IS_AUTHENTICATED_ANONYMOUSLY
+    </value>
+  </property>
+</bean>
+
+<!-- LOGOUT -->
+<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
+  <constructor-arg value="/index.jsp"/>
+  <constructor-arg>
+    <list>
+      <ref bean="rememberMeServices"/>
+      <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
+    </list>
+  </constructor-arg>
+</bean>
+
+<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
+  <property name="userDetailsService" ref="userDetailsService"/>
+  <property name="tokenValiditySeconds" value="1800"></property>
+  <property name="key" value="changeThis"/>
+</bean>
+
+<!-- OTHERS -->
+<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
+
+<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
+
+<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
+  <property name="authenticationManager" ref="authenticationManager"/>
+  <property name="rememberMeServices" ref="rememberMeServices"/>
+</bean>
+
+<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
+  <property name="key" value="changeThis"/>
+  <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
+</bean>
+
+<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
+
+</beans>
--- a/YACOSWeb/WebContent/WEB-INF/classes/messages.properties
+++ b/YACOSWeb/WebContent/WEB-INF/classes/messages.properties
@@ -5,16 +5,8 @@ title=Yacos
 disclaimer.text=Copyrights <20> 2008. Yacos Team. All rights reserved.
 disclaimer.link.about=About

-submission.title=Article's submission
-
-form.submission.article.title=Article's title
-form.submission.article.theme=Article's theme
-form.submission.article.abstractText=Abstract
-form.submission.listauthor=Article's author
-form.submission.mainauthor=Main author
-form.submission.secondaryauthor=Secondary author
-form.submission.file=File
-
+###################
+# REGISTRATION USER
 register.title=User Registration
 form.register.user.login=Login
 form.register.user.email=eMail
@@ -31,6 +23,19 @@ form.register.error.lastNameEmpty=Last name is required
 form.register.error.passwordEmpty=The password can't be empty
 form.register.error.alreadyExists=A user with this login already exists. Please check you haven't already registered or change your login. 

+
+submission.title=Article's submission
+
+form.submission.article.title=Article's title
+form.submission.article.theme=Article's theme
+form.submission.article.abstractText=Abstract
+form.submission.listauthor=Article's author
+form.submission.mainauthor=Main author
+form.submission.secondaryauthor=Secondary author
+form.submission.file=File
+
+
+
 button.add=Add
 button.browse=Browse
 button.reset=Reset
--- a/YACOSWeb/WebContent/WEB-INF/decorators/include.jsp
+++ b/YACOSWeb/WebContent/WEB-INF/decorators/include.jsp
@@ -1,3 +1,4 @@
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="fmt" uri="http://java.sun.com/jstl/fmt" %>
 <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
+<%@ taglib prefix="authz" uri="http://acegisecurity.org/authz" %> 
--- a/YACOSWeb/WebContent/WEB-INF/decorators/main.jsp
+++ b/YACOSWeb/WebContent/WEB-INF/decorators/main.jsp
@@ -21,7 +21,9 @@
 		<div id="logotexte"><img src="./images/logo-yacos-texte.png" alt="Logo Yacos Texte" /></div>
 		
 		<!-- User Information -->
-		<page:applyDecorator name="empty" page="/WEB-INF/decorators/headeruser.jsp" />
+		<div id="userlogin">
+			<page:applyDecorator name="empty" page="/WEB-INF/jsp/login.jsp" />
+		</div>
 		
 		<!-- headermenu -->
 		<page:applyDecorator name="empty" page="/WEB-INF/decorators/headerchoose.jsp" />
--- a/YACOSWeb/WebContent/WEB-INF/decorators/usermenu.jsp
+++ b/YACOSWeb/WebContent/WEB-INF/decorators/usermenu.jsp
@@ -5,8 +5,9 @@
 <body>

 <div id="mainmenu">
+
 	<div id="mainmenubloc">
-		<h4>Bloc 1</h4>
+		<h4>Debug Menu</h4>
 			<ul>
 				<li><a href="<c:url value="listArticle.htm"/>"><fmt:message key="listarticle.title" /></a></li>
 				<li><a href="<c:url value="submissionArticle.htm"/>"><fmt:message key="submission.title" /></a></li>
@@ -16,15 +17,19 @@
 				<li><a href="<c:url value="evaluation.htm"/>"><fmt:message key="evaluation.title" /></a></li>
 			</ul>
 	</div>
-	
+
+
+<authz:authorize ifAllGranted="ROLE_AUTHOR">
 	<div id="mainmenubloc">
-		<h4>Bloc 2</h4>
+		<h4>Author</h4>
 			<ul>
 				<li><a href="#">Lien 1</a></li>
 				<li><a href="#">Lien 2</a></li>
 				<li><a href="#">Lien 3</a></li>
 			</ul>
 	</div>
+</authz:authorize>
+	
 </div><!--mainmenu-->

 </body>
--- a/YACOSWeb/WebContent/WEB-INF/decorators/headeruser.jsp
+++ b/YACOSWeb/WebContent/WEB-INF/decorators/headeruser.jsp
@@ -4,10 +4,7 @@
 <head></head>
 <body>

-<!-- User Information -->
-		<div id="userlogin">
-		
-	User Login
-</div><!-- User Information -->
+Acces denied. Sorry for this inconvenience.
+
 </body>
 </html>
--- a/YACOSWeb/WebContent/WEB-INF/jsp/login.jsp
+++ b/YACOSWeb/WebContent/WEB-INF/jsp/login.jsp
@@ -0,0 +1,42 @@
+<%@ include file="/WEB-INF/decorators/include.jsp"%>
+<%@ page import="org.acegisecurity.context.SecurityContextHolder" %>
+
+
+<html>
+<head></head>
+<body>
+
+
+<form action="<c:url value='j_acegi_security_check'/>" method="POST">
+
+  <table>
+    <tr>
+      <td>User:</td>
+       <td><input type='text' name='j_username' />
+      </td>
+    </tr>
+    <tr>
+      <td>Password:</td>
+      <td><input type='password' name='j_password' /></td>
+    </tr>
+    <tr>
+      <td><input type="checkbox" name="_acegi_security_remember_me" /></td>
+      <td>Se souvenir de moi</td>
+    </tr>
+    <tr>
+    	<td><input name="submit" type="submit" /></td>
+    	<td><input name="reset" type="reset" /></td>
+    </tr>
+
+  </table>
+</form>
+ <authz:authentication operation="username"></authz:authentication>
+<authz:authorize ifAllGranted="ROLE_AUTHOR"> 
+
+ <h1>Welcome: <%= SecurityContextHolder.getContext().getAuthentication().getName() %></h1> 
+ </authz:authorize>
+
+
+
+</body>
+</html>
--- a/YACOSWeb/WebContent/WEB-INF/jsp/main.jsp
+++ b/YACOSWeb/WebContent/WEB-INF/jsp/main.jsp
@@ -1,4 +1,5 @@
 <%@ include file="/WEB-INF/decorators/include.jsp"%>
+<%@ page import="org.acegisecurity.context.SecurityContextHolder" %>

 <html>
 <head></head>
@@ -8,7 +9,13 @@ ${user}
 ${conference}
 Page d'accueil <20> changer de place (controller dans system et non dans author)
 Si conf active : page d'intro de la conf
-si pas de conf active : page d'intro du site (visiteur)
+si pas de conf active : page d'intro du site (visiteur)<br/><br/>
+
+<b> UserName : </b><authz:authentication operation="username"></authz:authentication><br/>
+Seulement si ROLE_AUTHOR :
+<authz:authorize ifAllGranted="ROLE_AUTHOR"> 
+ <h1>Bienvenue: <%= SecurityContextHolder.getContext().getAuthentication().getName() %></h1> 
+</authz:authorize>

  </body>
 </html>
--- a/YACOSWeb/WebContent/WEB-INF/jsp/secure/authenticatedusers.jsp
+++ b/YACOSWeb/WebContent/WEB-INF/jsp/secure/authenticatedusers.jsp
@@ -0,0 +1,14 @@
+<%@ include file="/WEB-INF/decorators/include.jsp"%>
+<%@ page import="org.acegisecurity.context.SecurityContextHolder" %>
+
+<html>
+<head></head>
+<body>
+
+
+<h1>Welcome: <%= SecurityContextHolder.getContext().getAuthentication().getName() %></h1>
+<p><a href="../../">Home</a>
+<p><a href="../../j_acegi_logout">Logout</a>
+
+</body>
+</html>
--- a/YACOSWeb/WebContent/WEB-INF/lib/acegi-security-1.0.6.jar
+++ b/YACOSWeb/WebContent/WEB-INF/lib/acegi-security-1.0.6.jar
--- a/YACOSWeb/WebContent/WEB-INF/lib/commons-codec-1.3.jar
+++ b/YACOSWeb/WebContent/WEB-INF/lib/commons-codec-1.3.jar
--- a/YACOSWeb/WebContent/WEB-INF/lib/ehcache-1.2.4.jar
+++ b/YACOSWeb/WebContent/WEB-INF/lib/ehcache-1.2.4.jar
--- a/YACOSWeb/WebContent/WEB-INF/users.properties
+++ b/YACOSWeb/WebContent/WEB-INF/users.properties
@@ -0,0 +1,3 @@
+maxime=maxime,ROLE_AUTHOR
+fred=fred,ROLE_MEMBER
+jialin=jialin,ROLE_ADMIN
--- a/YACOSWeb/WebContent/WEB-INF/web.xml
+++ b/YACOSWeb/WebContent/WEB-INF/web.xml
@@ -50,5 +50,33 @@
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
 	<!-- SiteMesh Integration declaration End -->
+	
+	<!-- Acegi Security declaration Start -->
+	<filter>
+       <filter-name>Acegi Filter Chain Proxy</filter-name>
+       <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
+       <init-param>
+           <param-name>targetClass</param-name>
+           <param-value>org.acegisecurity.util.FilterChainProxy</param-value>
+       </init-param>
+   </filter>
+   
+   <filter-mapping>
+   		<filter-name>Acegi Filter Chain Proxy</filter-name>
+  		<url-pattern>/*</url-pattern>
+  </filter-mapping>
+  
+  	<!-- Load Context for Acegi security -->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
+
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>/WEB-INF/applicationContextAcegi.xml</param-value>
+	</context-param>
+	<!-- Acegi Security declaration End -->
+	
+

 </web-app>
--- a/YACOSWeb/WebContent/stylesheets/base.css
+++ b/YACOSWeb/WebContent/stylesheets/base.css
@@ -142,7 +142,7 @@ body {
 	margin: 18px auto;
 	position: relative;
 	color: #b8b8b8;
-	font-size: 8px;
+	font-size: 10px;
 	text-align: center;
 }