Junior Member
Spring Security 3.1.3
Hi all,
I am working on Web Project, and I am newbie on Spring Security..
I got everything working fine, but I would like to set role-prefix none...
It was role-prefix="ROLE_"
I set role-prefix="none"
I just set it, but the roles are still coming with prefix "none"...
tks
Glauter Lemos
Senior Member
Set it to none "" not "none"...
Next to that register a JIRA to mention that the documentation isn't conform the implementation.
Marten Deinum
Java Consultant / Pragmatist / Open Source Enthousiast / Author
Pro Spring MVC: With Web Flow
Conspect
Have you read the reference guide.
Use the [ code ] tags, young padawan
Junior Member
Here is the error if I let empty the role-prefix
if I set role-prefix="something" it works fineCode:Exception while loading the app : java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#0' while setting bean property 'sourceList' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0' while setting constructor argument with key [10]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [Administrador].
Last edited by Glauter; Feb 24th, 2013 at 08:26 AM.
Senior Member
Please use [ code][/code ] tags when posting code/xml/stacktraces that way it remains readable. lso please post the full stacktrace instead of a snippet.
You left out the configuration so it is hard to tell if it is your configuration or spring security.
Marten Deinum
Java Consultant / Pragmatist / Open Source Enthousiast / Author
Pro Spring MVC: With Web Flow
Conspect
Have you read the reference guide.
Use the [ code ] tags, young padawan
Junior Member
Hi Marten, sorry about [CODE]
This is my applicationContext.xml
Code:<?xml version="1.0" encoding="UTF-8"?> <b:beans xmlns="http://www.springframework.org/schema/security" xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <http auto-config="true" access-denied-page="/acessoNegado.jsf" > <form-login login-page="/login.jsf" authentication-failure-url="/login.jsf?erro=true"/> <intercept-url pattern="/template/sistema/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/login.jsf" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/acessoNegado.jsf" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/pages/sistema/index.jsf" access="ROLE_ADMINISTRADOR" /> <intercept-url pattern="/index.html" access="ROLE_ADMINISTRADOR" /> <intercept-url pattern="/index.jsf" access="ROLE_ADMINISTRADOR" /> <session-management> <concurrency-control max-sessions="1" /> </session-management> </http> <authentication-manager> <authentication-provider> <password-encoder hash="sha-256" /> <jdbc-user-service data-source-ref="dataSource" role-prefix="ROLE_" users-by-username-query="SELECT username, password, enable FROM usuario WHERE username=?" authorities-by-username-query="SELECT username, authority FROM usuario_role WHERE username=?"/> </authentication-provider> </authentication-manager> <b:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" > <b:property name="url" value="jdbc:postgresql://localhost:5432/MasterappBD" /> <b:property name="driverClassName" value="org.postgresql.Driver"/> <b:property name="username" value="postgres" /> <b:property name="password" value="d22m05" /> </b:bean> <b:bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl"> <b:property name="dataSource" ref="dataSource" /> </b:bean> </b:beans>
This is my web.xml
The project loads only if I set the role-prefix.. if I set it none or empty like role-prefix="" I for those erros..Code:<?xml version="1.0" encoding="UTF-8"?> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <context-param> <param-name>javax.faces.PROJECT_STAGE</param-name> <param-value>Development</param-value> </context-param> <context-param> <param-name>javax.faces.STATE_SAVING_METHOD</param-name> <param-value>server</param-value> <!-- server é o padrão --> </context-param> <servlet> <servlet-name>Faces Servlet</servlet-name> <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>Faces Servlet</servlet-name> <url-pattern>*.jsf</url-pattern> <url-pattern>*.xhtml</url-pattern> <url-pattern>*.html</url-pattern> </servlet-mapping> <session-config> <session-timeout> 30 </session-timeout> </session-config> <welcome-file-list> <welcome-file>/pages/sistema/index.jsf</welcome-file> </welcome-file-list> <context-param> <param-name>primefaces.THEME</param-name> <param-value>south-street</param-value> </context-param> <context-param> <param-name>javax.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE</param-name> <param-value>true</param-value> </context-param> <!--SPRING SECURITY--> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> </listener> <!--/ESSE FILTRO É QUE CONTROLAR O MAXIMO DE USUARIO LOGADO POR SESSAO--> <listener> <listener-class> org.springframework.security.web.session.HttpSessionEventPublisher </listener-class> </listener> <!--FECHA SPRING SECURITY--> </web-app>
Junior Member
I don't know what is happening.. I can't reply any post... I tried to post all my code.. but when I click on "Post Reply".. The forum redirect me to forum's main page.
Junior Member
This is my applicationContext.xml
Code:<?xml version="1.0" encoding="UTF-8"?> <b:beans xmlns="http://www.springframework.org/schema/security" xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <http auto-config="true" access-denied-page="/acessoNegado.jsf" > <form-login login-page="/login.jsf" authentication-failure-url="/login.jsf?erro=true"/> <intercept-url pattern="/template/sistema/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/login.jsf" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/acessoNegado.jsf" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/pages/sistema/index.jsf" access="ROLE_ADMINISTRADOR" /> <intercept-url pattern="/index.html" access="ROLE_ADMINISTRADOR" /> <intercept-url pattern="/index.jsf" access="ROLE_ADMINISTRADOR" /> <session-management> <concurrency-control max-sessions="1" /> </session-management> </http> <authentication-manager> <authentication-provider> <password-encoder hash="sha-256" /> <jdbc-user-service data-source-ref="dataSource" role-prefix="ROLE_" users-by-username-query="SELECT username, password, enable FROM usuario WHERE username=?" authorities-by-username-query="SELECT username, authority FROM usuario_role WHERE username=?"/> </authentication-provider> </authentication-manager> <b:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" > <b:property name="url" value="jdbc:postgresql://localhost:5432/MasterappBD" /> <b:property name="driverClassName" value="org.postgresql.Driver"/> <b:property name="username" value="postgres" /> <b:property name="password" value="d22m05" /> </b:bean> <b:bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl"> <b:property name="dataSource" ref="dataSource" /> </b:bean> </b:beans>
Junior Member
This is my web.xml
The project loads only if I set something on role-prefixCode:<?xml version="1.0" encoding="UTF-8"?> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <context-param> <param-name>javax.faces.PROJECT_STAGE</param-name> <param-value>Development</param-value> </context-param> <context-param> <param-name>javax.faces.STATE_SAVING_METHOD</param-name> <param-value>server</param-value> <!-- server é o padrão --> </context-param> <servlet> <servlet-name>Faces Servlet</servlet-name> <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>Faces Servlet</servlet-name> <url-pattern>*.jsf</url-pattern> <url-pattern>*.xhtml</url-pattern> <url-pattern>*.html</url-pattern> </servlet-mapping> <session-config> <session-timeout> 30 </session-timeout> </session-config> <welcome-file-list> <welcome-file>/pages/sistema/index.jsf</welcome-file> </welcome-file-list> <context-param> <param-name>primefaces.THEME</param-name> <param-value>south-street</param-value> </context-param> <context-param> <param-name>javax.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE</param-name> <param-value>true</param-value> </context-param> <!--SPRING SECURITY--> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> </listener> <!--/ESSE FILTRO É QUE CONTROLAR O MAXIMO DE USUARIO LOGADO POR SESSAO--> <listener> <listener-class> org.springframework.security.web.session.HttpSessionEventPublisher </listener-class> </listener> <!--FECHA SPRING SECURITY--> </web-app>
Senior Member
You might want to switch to expressions instead of the old style. The old style uses the prefix to detect is the access element contains a role or not.
Code:<http auto-config="true" access-denied-page="/acessoNegado.jsf" use-expressions="true"> <form-login login-page="/login.jsf" authentication-failure-url="/login.jsf?erro=true"/> <intercept-url pattern="/template/sistema/**" access="isAnonymous()" /> <intercept-url pattern="/login.jsf" access="isAnonymous() /> <intercept-url pattern="/acessoNegado.jsf" access="isAnonymous()" /> <intercept-url pattern="/pages/sistema/index.jsf" access="hasRole('ADMINISTRADOR')" /> <intercept-url pattern="/index.html" access="hasRole('ADMINISTRADOR')" /> <intercept-url pattern="/index.jsf" access="hasRole('ROLE_ADMINISTRADOR')" /> <session-management> <concurrency-control max-sessions="1" /> </session-management> </http>
Marten Deinum
Java Consultant / Pragmatist / Open Source Enthousiast / Author
Pro Spring MVC: With Web Flow
Conspect
Have you read the reference guide.
Use the [ code ] tags, young padawan
Junior Member
Still coming errors..
Unsupported configuration attributes: [isAnonymous(), hasRole('ADMINISTRADOR)].
to use these new tags like isAnonymous() or any else is necessary declare some namespace in the applicationContext.xml ?
Posting Permissions
Reply With Quote
