Maven, Spring Security 3.0.x and spring-portlet-security JAR == No luck!
Hi all,
I'm searching to integrate my portlet security within Liferay 6.0 and I've integrated spring-security 3.0.7 within my WAR and configured:
- Spring security XML context
- my portlet security definition
(see below for reference)
To cut it short: where can I find the spring-security-portlet (groupId) from org.springframework.security.extensions (groupId)? For now I've resorted to download and build the artifact locally using the code found here. According to the source code's POM, the artifact declaration should be:
Code:
<dependency>
<groupId>org.springframework.security.extensions</groupId>
<artifactId>spring-security-portlet</artifactId>
<version>1.0.0.CI-SNAPSHOT</version>
</dependency>
Are these codes actually built by some CI server? In which public repository I can found them? I've tried with the following:
My settings.xml file showing the repositories I'm using:
Code:
<repositories>
<repository>
<id>com.springsource.repository.bundles.snapshot</id>
<name>SpringSource Enterprise Bundle Repository - SpringSource Bundle Snapshot</name>
<url>http://repository.springsource.com/maven/bundles/snapshot</url>
</repository>
<repository>
<id>com.springsource.repository.bundles.release</id>
<name>SpringSource Enterprise Bundle Repository - SpringSource Bundle Releases</name>
<url>http://repository.springsource.com/maven/bundles/release</url>
</repository>
<repository>
<id>com.springsource.repository.bundle.external</id>
<name>SpringSource Enterprise Bundle Repository - External Bundle Releases</name>
<url>http://repository.springsource.com/maven/bundles/external</url>
</repository>
<repository>
<id>com.springsource.repository.bundle.milestone</id>
<name>SpringSource Enterprise Bundle Repository - SpringSource Bundle Milestones</name>
<url>http://repository.springsource.com/maven/bundles/milestone</url>
</repository>
<repository>
<id>com.springsource.repository.libraries.release</id>
<name>SpringSource Enterprise Bundle Repository - SpringSource Library Releases</name>
<url>http://repository.springsource.com/maven/libraries/release</url>
</repository>
<repository>
<id>com.springsource.repository.libraries.external</id>
<name>SpringSource Enterprise Bundle Repository - External Library Releases</name>
<url>http://repository.springsource.com/maven/libraries/external</url>
</repository>
<repository>
<id>com.springsource.repository.libraries.milestone</id>
<name>SpringSource Enterprise Bundle Repository - Milestone Library Releases</name>
<url>http://repository.springsource.com/maven/libraries/milestone</url>
</repository>
<repository>
<id>com.springsource.repository.libraries.snapshot</id>
<name>SpringSource Enterprise Bundle Repository - Snapshot Library Releases</name>
<url>http://repository.springsource.com/maven/libraries/snapshot</url>
</repository>
<repository>
<id>spring-maven-release</id>
<name>Spring Maven Release Repository</name>
<url>http://maven.springframework.org/release</url>
</repository>
<repository>
<id>spring-maven-milestone</id>
<name>Spring Maven Milestone Repository</name>
<url>http://maven.springframework.org/milestone</url>
</repository>
<repository>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
<id>com.springsource.repository.maven.snapshot</id>
<name>SpringSource Enterprise Bundle Maven Repository - SpringSource Snapshot Releases</name>
<url>http://maven.springframework.org/snapshot</url>
</repository>
</repositories>
More background follow
In order to integrate the portal security I',ve found that spring-security 2.x contains a spring-security-portlet JAR to be included within a portlet application. Since I'm using spring security 3.0 there is no such JAR. So, I've searched around the web and found this GIT repository, downloaded th she code, updated the dependencies within the POM to refer to the latest Spring version and "mvn clean install"-ed it with no error.
In order to configure the spring security and portlet context, I followed the portlet sample coming with the code. The application works: I can use @Secured annotations to protect methods and JSP security taglibs to conditionally show pieces of UI according to the portal user roles.
Spring security XML context
Code:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<security:global-method-security secured-annotations="enabled" pre-post-annotations="enabled" />
<security:http use-expressions="true" entry-point-ref="preAuthenticatedEntryPoint" />
<bean id="preAuthenticatedEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
<bean id="portletContextIntegrationInterceptor" class="org.springframework.security.extensions.portlet.PortletSessionContextIntegrationInterceptor"/>
<bean id="portletAuthenticationInterceptor" class="org.springframework.security.extensions.portlet.PortletProcessingInterceptor">
<property name="authenticationDetailsSource">
<bean class="org.springframework.security.extensions.portlet.PortletPreAuthenticatedAuthenticationDetailsSource">
<property name="mappableRolesRetriever">
<bean class="org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever">
<property name="mappableAttributes">
<set>
<!-- Some standard liferay roles -->
<value>Administrator</value>
<value>Guest</value>
<value>User</value>
<value>Power User</value>
</set>
</property>
</bean>
</property>
</bean>
</property>
<property name="authenticationManager" ref="authenticationManager"/>
<!-- Liferay doesn't seem to set the authType -->
<property name="useAuthTypeAsCredentials" value="false"/>
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="portletAuthProvider" />
</security:authentication-manager>
<bean id="portletAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService">
<bean class="org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
</property>
<property name="throwExceptionWhenTokenRejected" value="true"/>
</bean>
</beans>
fascicoloutente-portlet.xml
Code:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<import resource="common-portlet-context.xml"/>
<bean id="portletModeHandlerMapping" class="org.springframework.web.portlet.handler.PortletModeHandlerMapping">
<property name="interceptors">
<list>
<ref bean="portletContextIntegrationInterceptor"/>
<ref bean="portletAuthenticationInterceptor"/>
</list>
</property>
<property name="portletModeMap">
<map>
<entry key="view" value-ref="fascicoloUtentePortletController"/>
</map>
</property>
</bean>
<context:component-scan base-package="it.osapulie.web.portlet.fascicoloutente" />
</beans>
