just for anyone who runs into the same problem
here is a simpler fix than recompiling all the classes and building a new webflow jar...
just create somewhere a java file called com.mypackage.SecurityFlowExecutionListener
copy the following code:
Code:
package commypackage;
/*
* Copyright 2004-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.vote.AbstractAccessDecisionManager;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.access.vote.UnanimousBased;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.webflow.definition.FlowDefinition;
import org.springframework.webflow.definition.StateDefinition;
import org.springframework.webflow.definition.TransitionDefinition;
import org.springframework.webflow.execution.EnterStateVetoException;
import org.springframework.webflow.execution.FlowExecutionListenerAdapter;
import org.springframework.webflow.execution.RequestContext;
import org.springframework.webflow.security.SecurityRule;
/**
* Flow security integration with Spring Security
*
* @author Scott Andrews
*/
public class SecurityFlowExecutionListener extends FlowExecutionListenerAdapter {
private AccessDecisionManager accessDecisionManager;
/**
* Get the access decision manager that makes flow authorization decisions.
* @return the decision manager
*/
public AccessDecisionManager getAccessDecisionManager() {
return accessDecisionManager;
}
/**
* Set the access decision manager that makes flow authorization decisions.
* @param accessDecisionManager the decision manager to user
*/
public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
this.accessDecisionManager = accessDecisionManager;
}
public void sessionCreating(RequestContext context, FlowDefinition definition) {
SecurityRule rule = (SecurityRule) definition.getAttributes().get(SecurityRule.SECURITY_ATTRIBUTE_NAME);
if (rule != null) {
decide(rule, definition);
}
}
public void stateEntering(RequestContext context, StateDefinition state) throws EnterStateVetoException {
SecurityRule rule = (SecurityRule) state.getAttributes().get(SecurityRule.SECURITY_ATTRIBUTE_NAME);
if (rule != null) {
decide(rule, state);
}
}
public void transitionExecuting(RequestContext context, TransitionDefinition transition) {
SecurityRule rule = (SecurityRule) transition.getAttributes().get(SecurityRule.SECURITY_ATTRIBUTE_NAME);
if (rule != null) {
decide(rule, transition);
}
}
/**
* Performs a Spring Security authorization decision. Decision will use the provided AccessDecisionManager. If no
* AccessDecisionManager is provided a role based manager will be selected according to the comparison type of the
* rule.
* @param rule the rule to base the decision
* @param object the execution listener phase
*/
protected void decide(SecurityRule rule, Object object) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
List<ConfigAttribute> config = getConfigAttributes(rule);
if (accessDecisionManager != null) {
accessDecisionManager.decide(authentication, object, config);
} else {
AbstractAccessDecisionManager abstractAccessDecisionManager;
List<AccessDecisionVoter> voters = new ArrayList<AccessDecisionVoter>();
voters.add(new RoleVoter());
if (rule.getComparisonType() == SecurityRule.COMPARISON_ANY) {
abstractAccessDecisionManager = new AffirmativeBased();
} else if (rule.getComparisonType() == SecurityRule.COMPARISON_ALL) {
abstractAccessDecisionManager = new UnanimousBased();
} else {
throw new IllegalStateException("Unknown SecurityRule match type: " + rule.getComparisonType());
}
abstractAccessDecisionManager.setDecisionVoters(voters);
abstractAccessDecisionManager.decide(authentication, object, config);
}
}
/**
* Convert SecurityRule into a form understood by Spring Security
* @param rule the rule to convert
* @return list of ConfigAttributes for Spring Security
*/
@SuppressWarnings("unchecked")
protected List<ConfigAttribute> getConfigAttributes(SecurityRule rule) {
List<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>();
Iterator<String> attributeIt = rule.getAttributes().iterator();
while (attributeIt.hasNext()) {
configAttributes.add(new SecurityConfig(attributeIt.next()));
}
return configAttributes;
}
}
in your flow-config.xml just change the bean from
Code:
<bean id="securityFlowExecutionListener"
class="org.springframework.webflow.security.SecurityFlowExecutionListener" />
to
Code:
<bean id="securityFlowExecutionListener"
class="com.myPackage.SecurityFlowExecutionListener" />
hope this helps... its a simpler easier fix 
Chris
Junior Member
Spring Webflow 2.0.8 and Spring Security 3.0.0.M1 incompatibility
Originally Posted by echavet
Posting Permissions
Reply With Quote