Discussoes de Programacao e Tecnologia

[RESOLVIDO] Integração Spring Security + Struts 2

3 respostas
F
fcruz.rj

Boa tarde pessoal... estou repetindo o post pois vi que coloquei no lugar errado anteriormente... creio que agora está no lugar certo. Se a moderação quiser, pode cancelar meu post localizado no "Java Avançado"

Vamos ao problema. Estou aqui tentando integrar o spring security com o struts 2 mas tá rolando em partes.

Eu tenho uma tela simples de login que está funcionando. Se digitar um usuário/senha que não existe ou deixar em branco, ele valida numa boa.

O problema é que se eu não logar na aplicação e tentar acessar uma URL que, na teoria, deveria ser restrita, ele abre sem nenhuma barreira.

Aqui está o meu web.xml 
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
	version="3.0">
	<display-name>Struts 2</display-name>
	<welcome-file-list>
		<welcome-file>/WEB-INF/redirect.jsp</welcome-file>
	</welcome-file-list>
	<listener>
		<listener-class>org.apache.struts2.tiles.StrutsTilesListener</listener-class>
	</listener>
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	<listener>
		<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
	</listener>
	<listener>
	  	<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
	</listener>
	
	<!--
		Struts2 - Inicializa/limpa o contexto do struts2.
	 -->
	<filter>
		<filter-name>action2-cleanup</filter-name>
		<filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>action2-cleanup</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/applicationContext.xml
			/WEB-INF/spring-security.xml
		</param-value>
	</context-param>
	
	<filter>
		<filter-name>struts2</filter-name>
		<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>struts2</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<filter>
		<filter-name>action2</filter-name>
		<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>action2</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	
	<filter> 
    	<filter-name>springSecurityFilterChain</filter-name> 
    	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
  	</filter> 
  	<filter-mapping> 
    	<filter-name>springSecurityFilterChain</filter-name> 
    	<url-pattern>/*</url-pattern>
    	<dispatcher>REQUEST</dispatcher>  
   		<dispatcher>FORWARD</dispatcher>
  	</filter-mapping> 
</web-app>
Aqui está meu applicationContext.xml 
<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns:sec="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
       xmlns:beans="http://www.springframework.org/schema/beans"
       xmlns:context="http://www.springframework.org/schema/context" 
       xsi:schemaLocation="http://www.springframework.org/schema/beans 
             http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
                          http://www.springframework.org/schema/context 
                          http://www.springframework.org/schema/context/spring-context-3.0.xsd
                          http://www.springframework.org/schema/security
						  http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
       
	
	<context:annotation-config/> <!-- Scanner @Autowired -->
	<context:component-scan base-package="br.com.teste"/> <!-- Scanner @Repository @Service --> 
	
	<beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
		<beans:property name="driverClassName" value="com.mysql.jdbc.Driver"/>
		<beans:property name="url" value="jdbc:mysql://localhost:3306/teste"/>
		<beans:property name="username" value="root"/>
		<beans:property name="password" value="admin"/>
	</beans:bean>
	
</beans:beans>
Aqui está o meu spring-security.xml 
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

	<http auto-config="true" access-denied-page="/telaLogin.do?login_error=2">
		<intercept-url pattern="/telaLogin.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<intercept-url pattern="/teste/index.do" access="ROLE_ADMIN" />
		
		<form-login login-page="/telaLogin.do" default-target-url="/teste/index.do"
			always-use-default-target="true" authentication-failure-url="/telaLogin.do?login_error=1" />
		
		<logout logout-success-url="/telaLogin.do" invalidate-session="true" delete-cookies="JSESSIONID"/>
	</http>

	<authentication-manager>
		<authentication-provider>
			<user-service>
				<user name="teste" password="123" authorities="ROLE_ADMIN" />
			</user-service>
		</authentication-provider>
	</authentication-manager>

</beans:beans>
E aqui está o meu struts.xml 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
	<constant name="struts.devMode" value="false" />
	<constant name="struts.action.extension" value="do"></constant>
	
	<package name="default" extends="struts-default">
		<interceptors>
			<interceptor name="redirectMessage" class="br.com.teste.interceptor.RedirectMessageInterceptor" />
			<interceptor-stack name="myStack">
		    	<interceptor-ref name="redirectMessage" />
		    	<interceptor-ref name="paramsPrepareParamsStack" />
			</interceptor-stack>
		</interceptors>
		<default-interceptor-ref name="myStack" />
	
		<action name="telaLogin" class="br.com.teste.action.MusicaAction">
			<result name="success">/WEB-INF/loginForm.jsp</result>
		</action>
	</package>
	
	<package name="testePackage" namespace="/teste" extends="default">
		<action name="index" class="br.com.teste.action.MusicaAction" method="index">
			<result name="success">/WEB-INF/indexTeste.jsp</result>
		</action>
	</package>
</struts>

Se eu tentar acessar a url [url]http://localhost:8080/SpringSecStruts/teste/index.do[/url] sem estar logado, ele permite o acesso mesmo assim...

O link que direciona para a página de login é o [url]http://localhost:8080/SpringSecStruts/telaLogin.do[/url]

Por favor me ajudem, ó jGurus!!!!!!!!!

Alura Desenvolvimento Front-End React Do primeiro componente à liderança técnica! HTML/CSS/JavaScript fundamental, React com hooks e...

3 Respostas

D
drsmachado

Você vai ficar abrindo tópicos duplicados?
http://www.guj.com.br/java/304386-integracao-spring-security--struts-2

F
fcruz.rj

Justamente por saber que está duplicado q eu coloquei a observação antes de tudo…

F
fcruz.rj

Consegui resolver meu problema reordenando as posições de tudo dentro do web.xml.

Abaixo segue como ficou o web.xml todo reordenado para vcs compararem com a versão dele quando estava apresentando o problema.

Um abraço!

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
	version="3.0">
	<display-name>Struts 2</display-name>
	
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/applicationContext.xml,
			/WEB-INF/spring-security.xml
		</param-value>
	</context-param>
	
	<!-- Spring -->
    <!-- Listeners -->
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	
	<!-- Spring Security -->
    <!-- Filters -->
	<filter> 
    	<filter-name>springSecurityFilterChain</filter-name> 
    	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
  	</filter> 
  	<filter-mapping> 
    	<filter-name>springSecurityFilterChain</filter-name> 
    	<url-pattern>/*</url-pattern>
  	</filter-mapping> 
	
	<!-- Filters -->
	<filter>
		<filter-name>action2-cleanup</filter-name>
		<filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class>
	</filter>
	<!-- <filter>
		<filter-name>sitemesh</filter-name>
		<filter-class>com.opensymphony.sitemesh.webapp.SiteMeshFilter</filter-class>
	</filter> -->
	<filter>
		<filter-name>struts2</filter-name>
		<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
	</filter>
	<filter>
		<filter-name>action2</filter-name>
		<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter</filter-class>
	</filter>
	
	<filter-mapping>
		<filter-name>action2-cleanup</filter-name>
		<url-pattern>/*</url-pattern>
		<dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
	</filter-mapping>
	
	<!-- <filter-mapping>
		<filter-name>sitemesh</filter-name>
		<url-pattern>/*</url-pattern>
		<dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
	</filter-mapping>-->
	
	<filter-mapping>
		<filter-name>struts2</filter-name>
		<url-pattern>/*</url-pattern>
		<dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
	</filter-mapping>
	
	<filter-mapping>
		<filter-name>action2</filter-name>
		<url-pattern>/*</url-pattern>
		<dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
	</filter-mapping>
	
	<!-- Listeners -->
	<!-- <listener>
		<listener-class>org.apache.struts2.tiles.StrutsTilesListener</listener-class>
	</listener> -->
	<listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
	<listener>
		<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
	</listener>
	
	<welcome-file-list>
		<welcome-file>/WEB-INF/redirect.jsp</welcome-file>
	</welcome-file-list>
</web-app>
Criado 6 de setembro de 2013
Ultima resposta 10 de set. de 2013
Respostas 3
Participantes 2

Topicos relacionados

Qual a idéia de usar Cookies e Sessions juntas? 5 respostas Como desabilitar/ou so leitura um input text em jsf/primefaces 2.2.1 por variavel no readonly 6 respostas Salvar imagem em WebContent 7 respostas Prime Faces + ActionListener do commandbutton não invoca metodo Bean :$[RESOLVIDO] 24 respostas [Resolvido]Alternativa para applet para imprimir na impressora local em sistema web 4 respostas
Alura POO: o que é programação orientada a objetos? Aprenda os conceitos básicos da programação orientada a objetos, como classes, objetos, herança, encapsulamento e polimorfismo, com exemplos.
Casa do Codigo JavaScript Assertivo: Testes e qualidade de codigo em... Por Gabriel Ramos — Casa do Codigo