-
FEATURED COMPONENTS
First time here? Check out the FAQ!
Hi
I would like to restrict access of some file of my web application to the ROLE_ADMIN.
I have downloaded the project " ZappWeb a secured ZK web framework" which is exactly what I was looking for.
But I always get You are not allowed to access to the requested ressource !
this is the user detail information
username: a enabled: false accountExpired: false credentialsExpired: false accountLocked: false Granted Authorities: ROLE_ADMIN
Please i would really appreiate your help .
Thanks
You have to provide the sample code i.e your xml file
thank you for trying to help.
Below my xml file that I downloaded from http://books.zkoss.org/wiki/Small_Talks/2009/June/ZappWeb_a_secured_ZK_web_framework
applicationContext-jpa.xml
applicationContext-security.xml
applicationContext.xml
Source CodeapplicationContext-jpa.xml <?xml version="1.0" encoding="UTF-8"?> <!-- Application context definition for WebAppZk on JPA. --> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context" xmlns:jee="http://www.springframework.org/schema/jee" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.5.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd"> <!-- ========================= RESOURCE DEFINITIONS ========================= --> <!-- Activates a load-time weaver for the context. Any bean within the context that implements LoadTimeWeaverAware (such as LocalContainerEntityManagerFactoryBean) will receive a reference to the autodetected load-time weaver. <bean class="org.springframework.instrument.classloading.InstrumentationLoadTimeWeaver"/> <context:load-time-weaver/ --> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="com.mysql.jdbc.Driver" /> <property name="url" value="jdbc:mysql://localhost:3306/lms" /> <property name="username" value="root" /> <property name="password" value="" /> </bean> <bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> <property name="dataSource" ref="dataSource" /> <property name="jpaVendorAdapter"> <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"> <property name="generateDdl" value="true" /> <property name="database" value="MYSQL" /> <property name="showSql" value="true" /> </bean> </property> <property name="loadTimeWeaver"> <bean class="org.springframework.instrument.classloading.InstrumentationLoadTimeWeaver" /> </property> </bean> <!-- Transaction manager for a single JPA EntityManagerFactory (alternative to JTA) --> <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager"> <property name="entityManagerFactory" ref="entityManagerFactory" /> </bean> <!-- post-processors for all standard config annotations --> <bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" /> <!-- Instruct Spring to perform declarative transaction management automatically on annotated classes. --> <tx:annotation-driven transaction-manager="transactionManager" /> <!-- Activates various annotations to be detected in bean classes: Spring's @Required and @Autowired, as well as JSR 250's @PostConstruct, @PreDestroy and @Resource (if available) and JPA's @PersistenceContext and @PersistenceUnit (if available). --> <context:annotation-config /> </beans>
applicationContext-security.xml <?xml version="1.0" encoding="UTF-8"?> <!-- - Spring namespace-based configuration --> <beans:beans xmlns:security="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <security:http auto-config="true"> <security:intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <security:intercept-url pattern="/login.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/privatesection.zul" access="ROLE_ADMIN" /> <security:form-login login-page="/login.zul" default-target-url="/privatesection.zul" authentication-failure-url="/accessDenied.zul"/> <security:remember-me/> <security:logout logout-success-url="/login.zul"/> </security:http> <security:authentication-manager> <security:authentication-provider user-service-ref="myUserDao"> </security:authentication-provider> </security:authentication-manager> </beans:beans>
applicationContext.xml <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd"> <bean id="myUserDao" class="ca.dms.webapp.dao.impl.UserDaoJpaImpl" /> <bean id="myRoleDao" class="ca.dms.webapp.dao.impl.RoleDaoJpaImpl" /> <bean id="userService" class="ca.dms.webapp.service.impl.UserManagerImpl"> <property name="dao" ref="myUserDao" /> </bean> <bean id="roleService" class="ca.dms.webapp.service.impl.RoleManagerImpl"> <property name="dao" ref="myRoleDao" /> </bean> </beans>
Think about it. This is very old stuff
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
I am an expert in spring, just a beginner. One of my current project they have handled this. Check this
SecurityContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<security:global-method-security secured-annotations="enabled" />
<security:http auto-config="true">
<!-- Restrict URLs based on role -->
<security:intercept-url pattern="/login.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/hl7Upload/*" filters="none" />
<security:intercept-url pattern="/sessionTimeOut.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/ccd/*" access="IS_AUTHENTICATED_REMEMBERED" />
<security:intercept-url pattern="/forgot-password.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/userAgreementDetails.zul" filters="none" />
<security:intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/css/*.css" filters="none" />
<security:intercept-url pattern="/images/*.css" filters="none" />
<security:intercept-url pattern="/images/*.jpg" filters="none" />
<security:intercept-url pattern="/images/*.gif" filters="none" />
<security:intercept-url pattern="/images/*.png" filters="none" />
<security:intercept-url pattern="/*.js" filters="none" />
<security:intercept-url pattern="/*.zul" access="IS_AUTHENTICATED_REMEMBERED" />
<security:intercept-url pattern="/zk/*" access="IS_AUTHENTICATED_REMEMBERED" />
<!-- Override default login and logout pages -->
<security:form-login login-page="/login.zul" default-target-url="/home.zul"
authentication-success-handler-ref="authenticationSuccessHandler" authentication-failure-handler-ref="authenticationFailureHandler"
authentication-failure-url="/login.zul?login_error=1" />
<security:logout logout-url="/logout" invalidate-session="true" success-handler-ref="authenticationSuccessHandler" />
</security:http>
<bean id="authenticationSuccessHandler" class="com.ecosmos.security.AuthenticationSuccessHandler">
<property name="userLoginService" ref="userLoginService" />
<property name="commonCrudService" ref="commonCrudService" />
<property name="passwordCheckStrategies">
<list>
<bean class="com.ecosmos.security.passwordcheck.ExpiredPasswordStrategy" />
<bean class="com.ecosmos.security.passwordcheck.ExpirationWarningPasswordStrategy" />
</list>
</property>
</bean>
<bean id="authenticationFailureHandler" class="com.ecosmos.security.AuthenticationFailureHandler">
<property name="sessionFactory" ref="sessionFactory"></property>
<property name="passwordPolicyService" ref="passwordPolicyService"></property>
<property name="practiceService" ref="practiceService"></property>
<property name="defaultFailureUrl" value="/login.zul?login_error=1"></property>
</bean>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userLoginService" />
</security:authentication-manager>
</beans>
The user you're using is disabled.
username: a enabled: false accountExpired: false credentialsExpired: false accountLocked: false Granted Authorities: ROLE_ADMIN
enabled should be true instead of false.
Hope this helps.
Hi
thanks for trying to help!
i have enabled the account but it's still not working.
username: aenabled: trueaccountExpired: falsecredentialsExpired: falseaccountLocked: falseGranted Authorities: ROLE_ADMIN
I had to make some change in the application-context because i get these tw error; do you think that's the pb?
cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'security:authentication-provider'.
cvc-complex-type.2.4.a: Invalid content was found starting with element 'security:concurrent-session-control'. One of '{"http://www.springframework.org/schema/security":intercept-url, "http://www.springframework.org/schema/security":access-denied-handler, "http://www.springframework.org/schema/security":form-login, "http://www.springframework.org/schema/security":openid-login, "http://www.springframework.org/schema/security":x509, "http://www.springframework.org/schema/security":http-basic, "http://www.springframework.org/schema/security":logout, "http://www.springframework.org/schema/security":session-management, "http://www.springframework.org/schema/security":remember-me, "http://www.springframework.org/schema/security":anonymous, "http://www.springframework.org/schema/security":port-mappings, "http://www.springframework.org/schema/security":custom-filter, "http://www.springframework.org/schema/security":request-cache}' is expected.
Asked: 2012-08-08 14:39:33 +0800
Seen: 234 times
Last updated: Aug 17 '12