Results 1 to 3 of 3

Thread: getting taglibs wrapper to work in velocity views?

  1. Nov 18th, 2008, 01:21 AM #1
    macwire
    macwire is offline Junior Member
    Join Date
    Nov 2008
    Posts
    2

    Default getting taglibs wrapper to work in velocity views?

    Is there anyone succesfully using
    org.springframework.security.taglibs.velocity.Auth zImpl
    with spring security 2.0.4 and spring 2.5.5?

    Here's what's in my spring-servlet.xml:
    Code:
    <bean class="org.springframework.web.servlet.view.velocity.VelocityViewResolver"
          p:prefix="/"
          p:suffix=".vm"
          p:cache="true"
          p:exposeSpringMacroHelpers="true">
        <property name="attributesMap">
            <map>             
                <entry key="authz" value-ref="authzImpl"/>
            </map>
        </property>
    </bean>

    <bean id="authzImpl" class="org.springframework.security.taglibs.velocity.AuthzImpl" />

    <bean id="velocityConfig" class="org.springframework.web.servlet.view.velocity.VelocityConfigurer"
          p:resourceLoaderPath="/WEB-INF/velocity/"
          p:configLocation="/WEB-INF/velocity.properties"/>
    The $authz object is getting made but it throws NPE anytime I try doing somethins with it, including getAppCtx(). I also tried manually creating a new AuthzImpl, setting the Application Context manually, and seeing if that worked -- it didn't. getAppCtx() worked, but everything else threw NPE.

    I'm feeling like velocity is the black sheep of view technology around these parts.
  2. Nov 18th, 2008, 08:45 PM #2
    macwire
    macwire is offline Junior Member
    Join Date
    Nov 2008
    Posts
    2

    Default

    I'm answering my own question.
    The velocity taglib wrappers are bunk.

    If you are using velocity 1.6, which allows you to pass in variable length arguments, you can use something like this:
    Code:
    package com.blah.blah.blah.security;

import org.springframework.security.GrantedAuthority;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.userdetails.UserDetails;

import java.util.HashSet;
import java.util.Set;

public class VelocityUserDetails {

    /**
     * Get the username of the user
     *
     * @return the username of the user
     */
    public static String getPrincipal() {
        Object obj = SecurityContextHolder.getContext().getAuthentication().getPrincipal();

        if (obj instanceof UserDetails) {
            return ((UserDetails) obj).getUsername();
        } else {
            return "guest";
        }
    }

    /**
     * Is the user granted all of the supplied roles
     *
     * @param roles a string array of roles
     * @return true if user has all of the listed roles, otherwise false
     */
    public static boolean allGranted(String[] roles) {
        Set<String> userRoles = getUserRoles();
        for (String role : roles) {
            if (userRoles.contains(role))
                continue;
            return false;
        }
        return true;
    }

    /**
     * Is the user granted any of the supplied roles
     *
     * @param roles a string array of roles
     * @return true if user has any of the listed roles, otherwise false
     */
    public static boolean anyGranted(String[] roles) {
        Set<String> userRoles = getUserRoles();
        for (String role : roles) {
            if (userRoles.contains(role))
                return true;
        }
        return false;
    }

    /**
     * is the user granted none of the supplied roles
     *
     * @param roles a string array of roles
     * @return true only if none of listed roles are granted
     */
    public static boolean noneGranted(String[] roles) {
        Set<String> userRoles = getUserRoles();
        for (String role : roles) {
            if (userRoles.contains(role))
                return false;
        }
        return true;
    }

    private static Set<String> getUserRoles() {
        Object obj = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        Set<String> roles = new HashSet<String>();
        if (obj instanceof UserDetails) {
            GrantedAuthority[] gas = ((UserDetails) obj).getAuthorities();
            for (GrantedAuthority ga : gas) {
                roles.add(ga.getAuthority());
            }
        }
        return roles;
    }
}
    Inside your spring-servlet.xml do something like this:
    Code:
    <bean class="org.springframework.web.servlet.view.velocity.VelocityViewResolver"
          p:prefix="/"
          p:suffix=".vm"
          p:cache="true"
          p:exposeSpringMacroHelpers="true">
        <property name="attributesMap">
            <map>
                <entry key="authz"><bean class="com.blah.blah.blah.security.VelocityUserDetails" /></entry>
            </map>
        </property>
    </bean>
    At which point you'll have an $authz in your velocity 1.6 templates like this:
    (this uses a feature not available in velocity < 1.6)
    Code:
        Welcome back, ${authz.principal}!
    #if($authz.allGranted("ROLE_MODEL","ROLE_PLAYING")) 
         blah blah blah blah blah
    #end
  3. Dec 9th, 2008, 03:55 AM #3
    davidof
    davidof is offline Junior Member
    Join Date
    Dec 2008
    Posts
    4

    Default

    Quote Originally Posted by macwire View Post
    I'm answering my own question.
    The velocity taglib wrappers are bunk.
    Yes they are. I don't know why they are included in the distribution as they are unusable AFAIKs. I did the same as you and rolled my own solution as it was not rocket salad. Thanks for posting your code though.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules