sexta-feira, 15 de janeiro de 2010

Spring Security 3.0

Opa,

de volta das festas, resolvi criar um projeto utilizando maven,
ja tinha visto alguma coisa na pos-graduaçao, mas o desafio
era maior agora, pois quero criar um projeto que vai utilizar
ibatis na parte de persistencia, e Spring MVC para camada web
e Spring Security para controlar as permissoes do usuario e seu login.

Inicialmente coloquei o plugin m2eclipse (http://docs.codehaus.org/display/M2ECLIPSE/Home),
com ele no eclipse eu ja crio o projeto com o artefact para web.

Uma vez criado o projeto, vamos ao famoso pom.xml. Como eu queria utilizar a ultima versao do Spring a 3.0 o arquivo ficou assim:


<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>br.com.mactus</groupId>
<artifactId>projectus</artifactId>
<packaging>war</packaging>
<version>0.0.1-SNAPSHOT</version>
<name>Gerenciador de Projetos da Mactus Infomatica</name>
<url>http://projectus.mactus.com.br</url>
<repositories>
<repository>
<id>spring-milestone</id>
<name>Spring Milestone Repository</name>
<url>s3://maven.springframework.org/milestone</url>
</repository>
<repository>
<id>ibatis</id>
<name>Ibatis repo</name>
<url>http://svn.apache.org/repos/asf/ibatis/java/ibatis-2/trunk/ibatis-2-core/</url>
</repository>
<repository>
<id>spring-maven-milestone</id>
<name>Springframework Maven Repository</name>
<url>http://s3.amazonaws.com/maven.springframework.org/milestone</url>
</repository>

</repositories>
<pluginRepositories>
</pluginRepositories>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>

<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>



<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.version}</version>
</dependency>

<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.version}</version>
</dependency>




<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>

<dependency>
<groupId>org.apache.ibatis</groupId>
<artifactId>ibatis-sqlmap</artifactId>
<version>2.3.4.726</version>
</dependency>


</dependencies>
<build>
<finalName>projectus</finalName>
</build>
<properties>
<spring.version>3.0.0.RELEASE</spring.version>
</properties>
</project>



O proximo passo foi colocar as configuraçoes certa em cada xml de configuracao do webproject

web.xml


<web-app>

<display-name>Archetype Created Web Application</display-name>

<welcome-file-list>
<welcome-file>index.htm</welcome-file>
</welcome-file-list>

<!-- Carrega as configuraçoes do Spring security-->

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext-security.xml</param-value>
</context-param>

<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<!-- Mapeamento para o String MVC-->

<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>

<!-- Adicionar filtro para Segurança-->

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>


<!-- Vincular httpsession com o esquema de segurança do Spring-->

<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>

</web-app>


applicationContex-security.xml


<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<http auto-config='true'>

<intercept-url pattern="/login.htm" filters="none" />
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login login-page="/login.htm" always-use-default-target="false"
authentication-failure-url="/login.htm?authfailed=true" />
<logout invalidate-session="true" logout-success-url="/login.htm?loggedout=true"/>

<session-management>
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
</session-management>

</http>

<!-- Aqui voce pode substituir por um bean que vai no banco de dados e verificao o usuario -->

<authentication-manager>
<authentication-provider>
<user-service>
<user name="user1" password="pass1" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="user2" password="pass2" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>

</beans:beans>


dispatcher-servlet.xml


<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">

<context:annotation-config />

<context:component-scan base-package="br.com.mactus.web"/>

<bean id="viewResolver"
class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>

</beans>


Com essas configuraçoes voce ja pode inicial um projeto com autenticacao
para continuar voce vai fazer a parte de dao e service mas dai voce pode escolher
como vai fazer, com jdbc simples, hibernate, toplink... tudo por conta do Spring

Para finalizar vou colocar um exemplo de controller



@Controller
public class MainController {


@RequestMapping(value="/index", method = RequestMethod.GET)
public String index() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication.getAuthorities().contains("ROLE_ADMIN")) {
return "redirect:homeAdmin.htm";
} else {
return "redirect:home.htm";
}
}

@RequestMapping(value="/login", method = RequestMethod.GET)
public void login() {

}

@RequestMapping(value="/home", method = RequestMethod.GET)
public void home() {

}

@RequestMapping(value="/homeAdmin", method = RequestMethod.GET)
public void homeAdmin() {

}

}




Pra comerçar a brincadeira e´ isso por enquanto..

Nenhum comentário:

Postar um comentário