Spring security

From Null-pointer

Jump to: navigation, search

Contents

web.xml

<context-param>
	<param-name>contextConfigLocation</param-name>
	<param-value>
		classpath*:spring/security.xml 
		classpath*:spring/applicationContext.xml
         </param-value>
</context-param>
<filter>
	<filter-name>springSecurityFilterChain</filter-name>
	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
	<filter-name>springSecurityFilterChain</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

security.xml

<security:http>
		<security:intercept-url pattern="/**" access="ROLE_APP"/>
		<security:x509 subject-principal-regex="(CN=.*?)," user-service-ref="certificateUserDetailsService"/>
	</security:http>
 
	<security:authentication-manager>
		<security:authentication-provider ref='certificateUserDetailsService'/>
	</security:authentication-manager>

certificateUserDetailsService

@Service("certificateUserDetailsService")
public class CertificateUserDetailsService implements UserDetailsService {
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
      return null;
    }
}

Security tag library

if you wish to use the tags: 

<body>
<sec:authorize access="hasRole('ROLE_ADMIN')">
 admin content
</sec:authorize>
</body>

make sure you set use-expressions="true" in your security content, e.g.: 

<security:http auto-config="true"  use-expressions="true">
  <security:intercept-url pattern="/admin/controlpanel/*" access="hasRole('ROLE_ADMIN')"/>
</security:http>


Retrieved from "http://www.null-pointer.co.uk/wiki/index.php/Spring_security"
Personal tools