Commit Acegi Security, projet ok mais des bugs dans la securite (a voir)

YACOSWeb/WebContent/WEB-INF/applicationContextAcegi.xml

@@ -0,0 +1,140 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="
+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
+
+<!--  CONFIGURATION AUTHENTICATION -->
+<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
+  <property name="filterInvocationDefinitionSource">
+    <value>
+      CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+      PATTERN_TYPE_APACHE_ANT
+      /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
+    </value>
+  </property>
+</bean>
+
+<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
+  <property name="authenticationEntryPoint">
+    <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+      <property name="loginFormUrl" value="/login.jsp"/>
+      <property name="forceHttps" value="false"/>
+    </bean>
+  </property>
+  <property name="accessDeniedHandler">
+    <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
+      <property name="errorPage" value="/denied.jsp"/>
+    </bean>
+  </property>
+</bean>
+
+<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
+  <property name="authenticationManager" ref="authenticationManager"/>
+  <property name="authenticationFailureUrl" value="/jsp/login.jsp?errorId=1"/>
+  <property name="defaultTargetUrl" value="/"/>
+  <property name="filterProcessesUrl" value="/j_acegi_security_check"/>
+  <property name="rememberMeServices" ref="rememberMeServices"/>
+</bean>
+
+<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
+  <property name="providers">
+    <list>
+      <ref local="daoAuthenticationProvider"/>
+      <bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
+        <property name="key" value="changeThis"/>
+      </bean>
+      <bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
+        <property name="key" value="changeThis"/>
+      </bean>
+    </list>
+  </property>
+</bean>
+
+<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
+  <property name="userDetailsService" ref="userDetailsService"/>
+  <property name="userCache">
+    <bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
+      <property name="cache">
+        <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
+          <property name="cacheManager">
+            <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
+          </property>
+          <property name="cacheName" value="userCache"/>
+        </bean>
+      </property>
+    </bean>
+  </property>
+</bean>
+
+<bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
+  <property name="userProperties">
+    <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
+      <property name="location" value="/WEB-INF/users.properties"/>
+    </bean>
+  </property>
+</bean>
+
+
+
+<!-- AUTHORIZATION SERVICES -->
+<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
+  <property name="authenticationManager" ref="authenticationManager"/>
+  <property name="accessDecisionManager">
+    <bean class="org.acegisecurity.vote.AffirmativeBased">
+      <property name="allowIfAllAbstainDecisions" value="false"/>
+      <property name="decisionVoters">
+        <list>
+          <bean class="org.acegisecurity.vote.RoleVoter"/>
+          <bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
+        </list>
+      </property>
+    </bean>
+  </property>
+  <property name="objectDefinitionSource">
+    <value>
+      CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+      PATTERN_TYPE_APACHE_ANT
+      /secure/**=ROLE_ADMIN,ROLE_AUTHOR,ROLE_MEMBER
+      /secure/**=IS_AUTHENTICATED_REMEMBERED
+      /**=IS_AUTHENTICATED_ANONYMOUSLY
+    </value>
+  </property>
+</bean>
+
+<!-- LOGOUT -->
+<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
+  <constructor-arg value="/index.jsp"/>
+  <constructor-arg>
+    <list>
+      <ref bean="rememberMeServices"/>
+      <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
+    </list>
+  </constructor-arg>
+</bean>
+
+<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
+  <property name="userDetailsService" ref="userDetailsService"/>
+  <property name="tokenValiditySeconds" value="1800"></property>
+  <property name="key" value="changeThis"/>
+</bean>
+
+<!-- OTHERS -->
+<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
+
+<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
+
+<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
+  <property name="authenticationManager" ref="authenticationManager"/>
+  <property name="rememberMeServices" ref="rememberMeServices"/>
+</bean>
+
+<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
+  <property name="key" value="changeThis"/>
+  <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
+</bean>
+
+<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
+
+</beans>

YACOSWeb/WebContent/WEB-INF/classes/messages.properties

@@ -5,16 +5,8 @@ title=Yacos
 disclaimer.text=Copyrights <20> 2008. Yacos Team. All rights reserved.
 disclaimer.link.about=About
 
-submission.title=Article's submission
+###################
-
+# REGISTRATION USER
-form.submission.article.title=Article's title
-form.submission.article.theme=Article's theme
-form.submission.article.abstractText=Abstract
-form.submission.listauthor=Article's author
-form.submission.mainauthor=Main author
-form.submission.secondaryauthor=Secondary author
-form.submission.file=File
-
 register.title=User Registration
 form.register.user.login=Login
 form.register.user.email=eMail
@@ -31,6 +23,19 @@ form.register.error.lastNameEmpty=Last name is required
 form.register.error.passwordEmpty=The password can't be empty
 form.register.error.alreadyExists=A user with this login already exists. Please check you haven't already registered or change your login. 
 
+
+submission.title=Article's submission
+
+form.submission.article.title=Article's title
+form.submission.article.theme=Article's theme
+form.submission.article.abstractText=Abstract
+form.submission.listauthor=Article's author
+form.submission.mainauthor=Main author
+form.submission.secondaryauthor=Secondary author
+form.submission.file=File
+
+
+
 button.add=Add
 button.browse=Browse
 button.reset=Reset

YACOSWeb/WebContent/WEB-INF/decorators/include.jsp

@@ -1,3 +1,4 @@
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="fmt" uri="http://java.sun.com/jstl/fmt" %>
 <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
+<%@ taglib prefix="authz" uri="http://acegisecurity.org/authz" %> 

YACOSWeb/WebContent/WEB-INF/decorators/main.jsp

@@ -21,7 +21,9 @@
 		<div id="logotexte"><img src="./images/logo-yacos-texte.png" alt="Logo Yacos Texte" /></div>
 		
 		<!-- User Information -->
-		<page:applyDecorator name="empty" page="/WEB-INF/decorators/headeruser.jsp" />
+		<div id="userlogin">
+			<page:applyDecorator name="empty" page="/WEB-INF/jsp/login.jsp" />
+		</div>
 		
 		<!-- headermenu -->
 		<page:applyDecorator name="empty" page="/WEB-INF/decorators/headerchoose.jsp" />

YACOSWeb/WebContent/WEB-INF/decorators/usermenu.jsp

@@ -5,8 +5,9 @@
 <body>
 
 <div id="mainmenu">
+
 	<div id="mainmenubloc">
-		<h4>Bloc 1</h4>
+		<h4>Debug Menu</h4>
 			<ul>
 				<li><a href="<c:url value="listArticle.htm"/>"><fmt:message key="listarticle.title" /></a></li>
 				<li><a href="<c:url value="submissionArticle.htm"/>"><fmt:message key="submission.title" /></a></li>
@@ -17,14 +18,18 @@
 			</ul>
 	</div>
 
+
+<authz:authorize ifAllGranted="ROLE_AUTHOR">
 	<div id="mainmenubloc">
-		<h4>Bloc 2</h4>
+		<h4>Author</h4>
 			<ul>
 				<li><a href="#">Lien 1</a></li>
 				<li><a href="#">Lien 2</a></li>
 				<li><a href="#">Lien 3</a></li>
 			</ul>
 	</div>
+</authz:authorize>
+	
 </div><!--mainmenu-->
 
 </body>

YACOSWeb/WebContent/WEB-INF/jsp/denied.jsp

@@ -4,10 +4,7 @@
 <head></head>
 <body>
 
-<!-- User Information -->
+Acces denied. Sorry for this inconvenience.
-		<div id="userlogin">
 
-	User Login
-</div><!-- User Information -->
 </body>
 </html>

YACOSWeb/WebContent/WEB-INF/jsp/login.jsp

@@ -0,0 +1,42 @@
+<%@ include file="/WEB-INF/decorators/include.jsp"%>
+<%@ page import="org.acegisecurity.context.SecurityContextHolder" %>
+
+
+<html>
+<head></head>
+<body>
+
+
+<form action="<c:url value='j_acegi_security_check'/>" method="POST">
+
+  <table>
+    <tr>
+      <td>User:</td>
+       <td><input type='text' name='j_username' />
+      </td>
+    </tr>
+    <tr>
+      <td>Password:</td>
+      <td><input type='password' name='j_password' /></td>
+    </tr>
+    <tr>
+      <td><input type="checkbox" name="_acegi_security_remember_me" /></td>
+      <td>Se souvenir de moi</td>
+    </tr>
+    <tr>
+    	<td><input name="submit" type="submit" /></td>
+    	<td><input name="reset" type="reset" /></td>
+    </tr>
+
+  </table>
+</form>
+ <authz:authentication operation="username"></authz:authentication>
+<authz:authorize ifAllGranted="ROLE_AUTHOR"> 
+
+ <h1>Welcome: <%= SecurityContextHolder.getContext().getAuthentication().getName() %></h1> 
+ </authz:authorize>
+
+
+
+</body>
+</html>

YACOSWeb/WebContent/WEB-INF/jsp/main.jsp

@@ -1,4 +1,5 @@
 <%@ include file="/WEB-INF/decorators/include.jsp"%>
+<%@ page import="org.acegisecurity.context.SecurityContextHolder" %>
 
 <html>
 <head></head>
@@ -8,7 +9,13 @@ ${user}
 ${conference}
 Page d'accueil <20> changer de place (controller dans system et non dans author)
 Si conf active : page d'intro de la conf
-si pas de conf active : page d'intro du site (visiteur)
+si pas de conf active : page d'intro du site (visiteur)<br/><br/>
+
+<b> UserName : </b><authz:authentication operation="username"></authz:authentication><br/>
+Seulement si ROLE_AUTHOR :
+<authz:authorize ifAllGranted="ROLE_AUTHOR"> 
+ <h1>Bienvenue: <%= SecurityContextHolder.getContext().getAuthentication().getName() %></h1> 
+</authz:authorize>
 
   </body>
 </html>

YACOSWeb/WebContent/WEB-INF/jsp/secure/authenticatedusers.jsp

@@ -0,0 +1,14 @@
+<%@ include file="/WEB-INF/decorators/include.jsp"%>
+<%@ page import="org.acegisecurity.context.SecurityContextHolder" %>
+
+<html>
+<head></head>
+<body>
+
+
+<h1>Welcome: <%= SecurityContextHolder.getContext().getAuthentication().getName() %></h1>
+<p><a href="../../">Home</a>
+<p><a href="../../j_acegi_logout">Logout</a>
+
+</body>
+</html>

YACOSWeb/WebContent/WEB-INF/users.properties

@@ -0,0 +1,3 @@
+maxime=maxime,ROLE_AUTHOR
+fred=fred,ROLE_MEMBER
+jialin=jialin,ROLE_ADMIN

YACOSWeb/WebContent/WEB-INF/web.xml

@@ -51,4 +51,32 @@
 	</filter-mapping>
 	<!-- SiteMesh Integration declaration End -->
 	
+	<!-- Acegi Security declaration Start -->
+	<filter>
+       <filter-name>Acegi Filter Chain Proxy</filter-name>
+       <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
+       <init-param>
+           <param-name>targetClass</param-name>
+           <param-value>org.acegisecurity.util.FilterChainProxy</param-value>
+       </init-param>
+   </filter>
+   
+   <filter-mapping>
+   		<filter-name>Acegi Filter Chain Proxy</filter-name>
+  		<url-pattern>/*</url-pattern>
+  </filter-mapping>
+  
+  	<!-- Load Context for Acegi security -->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
+
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>/WEB-INF/applicationContextAcegi.xml</param-value>
+	</context-param>
+	<!-- Acegi Security declaration End -->
+	
+
+
 </web-app>

YACOSWeb/WebContent/stylesheets/base.css

@@ -142,7 +142,7 @@ body {
 	margin: 18px auto;
 	position: relative;
 	color: #b8b8b8;
-	font-size: 8px;
+	font-size: 10px;
 	text-align: center;
 }