Internationalization in zk with spring security

[galgavu]

Hi.
I have probably a small problem. I'm working on project with zk and I want custom login form created with zk. The problem is that files which are responsible for language are in WEB-INF folder with names like:
- i3-label.properties
- i3-label_de.properties.

And of course with such configuration of spring security:

Code:

<http auto-config="true">
            <intercept-url pattern="/zul/login.zul*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
            <intercept-url pattern="/**" access="ROLE_USER"/>
            <form-login login-page='/zul/login.zul'/>
</http>

I'm having infinite loop on login page. So I'm suspecting that problem lies in that login.zul doesn't have access to i3-label files.
Can you advice me is there any good why to filter those files in WEB-INF folder because something like:

Code:

<intercept-url pattern="/WEB-INF/*.properties" filters="none"/>

doesn't work. If you need anymore information I can provide.

[tviegut]

Can you clarify your configuration further?

From the information you've provided is your reference to login.zul an alias to a servlet that processes/serves up your login form? Given your reference to your resource bundles being located within /WEB-INF/* the use of the:

<intercept-url pattern="/WEB-INF/*.properties" filters="none"/>

wouldn't be applicable in this context as you wouldn't be serving up content from /WEB-INF/ as your configuration suggestion would indicate.

Those locales specific resource files within /WEB-INF/* would simply be available and accessed via the classpath. It shouldn't be an issue where spring security would be denying access to them.

If you can provide greater detail as to how/what type of implementation you're using for you form-based authentication that would be helpful. If you have a simple login page perhaps you can provide the contents as well as you full set of intercept-url specifications in your security configuration. It should be obvious if there are other resources (such as *.js, or images) that your primary login page is dependent on and which would not be granted access.

Todd

[galgavu]

login.zul is not an alias.
From web.xml I'm pointing exactly my welcome file:

Code:

<!-- Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>


    <!-- Session management -->
    <session-config>
        <session-timeout>1</session-timeout>
    </session-config>


    <!-- welcome file -->
    <welcome-file-list>
        <welcome-file>/zul/login.zul</welcome-file>
    </welcome-file-list>

Then from login.zul:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<?taglib uri="http://www.zkoss.org/dsp/web/core" prefix="c" ?>
<?page id="login" title="${c:l('login_page')}"?>
<?variable-resolver class="org.zkoss.zkplus.spring.DelegatingVariableResolver"?>
<zk xmlns="http://www.zkoss.org/2005/zul"
    xmlns:h="http://www.w3.org/1999/xhtml"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.zkoss.org/2005/zul http://www.zkoss.org/2005/zul/zul.xsd">

    <window id="loginwin" title="${c:l('login_form')}" border="normal" width="400px" position="center"
            mode="overlapped">
        <!-- this form-login-page form is also used as the
 form-error-page to ask for a login again. -->
        <html style="color:red" if="${not empty param.login_error}">
        <![CDATA[
        Your login attempt was not successful, try again.<br/><br/>
        Reason: ${SPRING_SECURITY_LAST_EXCEPTION.message}
       ]]>
        </html>

        <groupbox>

            <h:form id="f" name="f" action="j_spring_security_check" method="POST"
                    xmlns:h="native">
                <grid>
                    <rows>
                        <row>${c:l('user')}
                            <textbox id="u" name="j_username"/>
                        </row>
                        <row>${c:l('password')}
                            <textbox id="p" type="password" name="j_password"/>
                        </row>
                        <row>
                            <checkbox id="r" name="j_spring_security_remember_me"/>
                            ${c:l('remember_me')}
                        </row>
                        <row spans="2">
                            <hbox>
                                <h:input type="submit" value="${c:l('sign_in')}"/>
                                <h:input type="reset" value="${c:l('reset')}"/>
                            </hbox>
                        </row>
                    </rows>
                </grid>
            </h:form>
        </groupbox>
    </window>

The ${c:l} tags indicated to i3-label.properties files (I have 3: default, en, de).
No lets say my security looks like this:

Code:

 <http auto-config="true">
        <intercept-url pattern="/css/**" filters="none"/>
        <intercept-url pattern="/images/**" filters="none"/>
        <intercept-url pattern="/zul/login.zul*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/zul/**" access="ROLE_USER"/>
        <intercept-url pattern="/**" access="ROLE_ADMIN"/>

        <form-login login-page="/zul/login.zul" default-target-url="/zul/test.zul"
                    authentication-failure-url="/zul/login.zul?login_error=1"/>
  </http>

So I want everyone to be able to access: /css/* , /images/*, /zul/login.zul*. I don't want them to access any other catalogs from / path so that's why I added:

Code:

<intercept-url pattern="/**" access="ROLE_ADMIN"/>

But my i3-label files are in /WEB-INF folder. Structure of webapp:
|-images
|-css
|-temp
|-zul (here is login.zul)
|-WEB-INF (here are i3-label files)

I can provide more if it's needed.

[apalpan]

xxxxxxxxxxxxxxxx