Tags
People
Badges
Help-
CORE FRAMEWORK
FEATURED COMPONENTS
-
RESOURCES
-
LEARN ZK
RESOURCES
Hi
I would like to restrict access of some file of my web application to the ROLE_ADMIN.
I have downloaded the project " ZappWeb a secured ZK web framework" which is exactly what I was looking for.
But I always get You are not allowed to access to the requested ressource !
this is the user detail information
username: a enabled: false accountExpired: false credentialsExpired: false accountLocked: false Granted Authorities: ROLE_ADMIN
Please i would really appreiate your help .
Thanks
You have to provide the sample code i.e your xml file
thank you for trying to help.
Below my xml file that I downloaded from http://books.zkoss.org/wiki/Small_Talks/2009/June/ZappWeb_a_secured_ZK_web_framework
applicationContext-jpa.xml
applicationContext-security.xml
applicationContext.xml
Source CodeapplicationContext-jpa.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
Application context definition for WebAppZk on JPA.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-2.5.xsd
http://www.springframework.org/schema/jee
http://www.springframework.org/schema/jee/spring-jee-2.5.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-2.5.xsd">
<!--
========================= RESOURCE DEFINITIONS
=========================
-->
<!--
Activates a load-time weaver for the context. Any bean within the
context that implements LoadTimeWeaverAware (such as
LocalContainerEntityManagerFactoryBean) will receive a reference to
the autodetected load-time weaver. <bean
class="org.springframework.instrument.classloading.InstrumentationLoadTimeWeaver"/>
<context:load-time-weaver/
-->
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/lms" />
<property name="username" value="root" />
<property name="password" value="" />
</bean>
<bean id="entityManagerFactory"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="jpaVendorAdapter">
<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
<property name="generateDdl" value="true" />
<property name="database" value="MYSQL" />
<property name="showSql" value="true" />
</bean>
</property>
<property name="loadTimeWeaver">
<bean
class="org.springframework.instrument.classloading.InstrumentationLoadTimeWeaver" />
</property>
</bean>
<!--
Transaction manager for a single JPA EntityManagerFactory (alternative
to JTA)
-->
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory" />
</bean>
<!-- post-processors for all standard config annotations -->
<bean
class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" />
<!--
Instruct Spring to perform declarative transaction management
automatically on annotated classes.
-->
<tx:annotation-driven transaction-manager="transactionManager" />
<!--
Activates various annotations to be detected in bean classes: Spring's
@Required and @Autowired, as well as JSR 250's @PostConstruct,
@PreDestroy and @Resource (if available) and JPA's @PersistenceContext
and @PersistenceUnit (if available).
-->
<context:annotation-config />
</beans>
applicationContext-security.xml <?xml version="1.0" encoding="UTF-8"?> <!-- - Spring namespace-based configuration --> <beans:beans xmlns:security="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <security:http auto-config="true"> <security:intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <security:intercept-url pattern="/login.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/privatesection.zul" access="ROLE_ADMIN" /> <security:form-login login-page="/login.zul" default-target-url="/privatesection.zul" authentication-failure-url="/accessDenied.zul"/> <security:remember-me/> <security:logout logout-success-url="/login.zul"/> </security:http> <security:authentication-manager> <security:authentication-provider user-service-ref="myUserDao"> </security:authentication-provider> </security:authentication-manager> </beans:beans>
applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
<bean id="myUserDao" class="ca.dms.webapp.dao.impl.UserDaoJpaImpl" />
<bean id="myRoleDao" class="ca.dms.webapp.dao.impl.RoleDaoJpaImpl" />
<bean id="userService" class="ca.dms.webapp.service.impl.UserManagerImpl">
<property name="dao" ref="myUserDao" />
</bean>
<bean id="roleService" class="ca.dms.webapp.service.impl.RoleManagerImpl">
<property name="dao" ref="myRoleDao" />
</bean>
</beans>
Think about it. This is very old stuff
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
I am an expert in spring, just a beginner. One of my current project they have handled this. Check this
SecurityContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<security:global-method-security secured-annotations="enabled" />
<security:http auto-config="true">
<!-- Restrict URLs based on role -->
<security:intercept-url pattern="/login.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/hl7Upload/*" filters="none" />
<security:intercept-url pattern="/sessionTimeOut.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/ccd/*" access="IS_AUTHENTICATED_REMEMBERED" />
<security:intercept-url pattern="/forgot-password.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/userAgreementDetails.zul" filters="none" />
<security:intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/css/*.css" filters="none" />
<security:intercept-url pattern="/images/*.css" filters="none" />
<security:intercept-url pattern="/images/*.jpg" filters="none" />
<security:intercept-url pattern="/images/*.gif" filters="none" />
<security:intercept-url pattern="/images/*.png" filters="none" />
<security:intercept-url pattern="/*.js" filters="none" />
<security:intercept-url pattern="/*.zul" access="IS_AUTHENTICATED_REMEMBERED" />
<security:intercept-url pattern="/zk/*" access="IS_AUTHENTICATED_REMEMBERED" />
<!-- Override default login and logout pages -->
<security:form-login login-page="/login.zul" default-target-url="/home.zul"
authentication-success-handler-ref="authenticationSuccessHandler" authentication-failure-handler-ref="authenticationFailureHandler"
authentication-failure-url="/login.zul?login_error=1" />
<security:logout logout-url="/logout" invalidate-session="true" success-handler-ref="authenticationSuccessHandler" />
</security:http>
<bean id="authenticationSuccessHandler" class="com.ecosmos.security.AuthenticationSuccessHandler">
<property name="userLoginService" ref="userLoginService" />
<property name="commonCrudService" ref="commonCrudService" />
<property name="passwordCheckStrategies">
<list>
<bean class="com.ecosmos.security.passwordcheck.ExpiredPasswordStrategy" />
<bean class="com.ecosmos.security.passwordcheck.ExpirationWarningPasswordStrategy" />
</list>
</property>
</bean>
<bean id="authenticationFailureHandler" class="com.ecosmos.security.AuthenticationFailureHandler">
<property name="sessionFactory" ref="sessionFactory"></property>
<property name="passwordPolicyService" ref="passwordPolicyService"></property>
<property name="practiceService" ref="practiceService"></property>
<property name="defaultFailureUrl" value="/login.zul?login_error=1"></property>
</bean>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userLoginService" />
</security:authentication-manager>
</beans>
The user you're using is disabled.
username: a enabled: false accountExpired: false credentialsExpired: false accountLocked: false Granted Authorities: ROLE_ADMIN
enabled should be true instead of false.
Hope this helps.
Hi
thanks for trying to help!
i have enabled the account but it's still not working.
username: aenabled: trueaccountExpired: falsecredentialsExpired: falseaccountLocked: falseGranted Authorities: ROLE_ADMIN
I had to make some change in the application-context because i get these tw error; do you think that's the pb?
cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'security:authentication-provider'.
cvc-complex-type.2.4.a: Invalid content was found starting with element 'security:concurrent-session-control'. One of '{"http://www.springframework.org/schema/security":intercept-url, "http://www.springframework.org/schema/security":access-denied-handler, "http://www.springframework.org/schema/security":form-login, "http://www.springframework.org/schema/security":openid-login, "http://www.springframework.org/schema/security":x509, "http://www.springframework.org/schema/security":http-basic, "http://www.springframework.org/schema/security":logout, "http://www.springframework.org/schema/security":session-management, "http://www.springframework.org/schema/security":remember-me, "http://www.springframework.org/schema/security":anonymous, "http://www.springframework.org/schema/security":port-mappings, "http://www.springframework.org/schema/security":custom-filter, "http://www.springframework.org/schema/security":request-cache}' is expected.
Asked: 2012-08-08 14:39:33 +0800
Seen: 234 times
Last updated: Aug 17 '12
