Discussoes de Programacao e Tecnologia

Spring security login com multiplos trajectos

4 respostas Resolvido
segurançajsfprimefacesspringjava
H
hamilton.mateus

Alo galera tudo bem? Sou iniciante a JSF e Spring Security. Estou tentando fazer um login baseado em Roles.

Por exemplo:
Se o programa detetar que o usuario tem ROLE_USER ele vai para pasta gestor
Se o usuario detetar que o ususareio tem ROLE_ADMIN ele vai para pasta admin

Consigo fazer login quando e apenas um usuario, a minha dificuldade e ele saber em que pasta deve entrar oszinho, ou seja, quero multiplos tragetos um para cada tipo de usuario.

Muito Obrigado desde ja.

security.xml

<?xml version="1.0" encoding="UTF-8"?>


<security:http>
    <security:intercept-url pattern="/faces/gestor" access="ROLE_USER" />
    <security:form-login login-page="/login.html"  default-target-url="/faces/gestor/visualizaractualizarestabelecimento.xhtml" authentication-failure-url="/login.html?erro=true"/>
    <security:logout logout-success-url="/login.html" />
  </security:http>
 
 <bean class="mz.co.mpteventos.springsecurity.controller.UserDetailServiceImpl" id="userDetailsService"></bean>
 
 <security:authentication-manager>
         <security:authentication-provider  user-service-ref="userDetailsService"></security:authentication-provider>
    </security:authentication-manager>
</beans>

Controlador

package mz.co.mpteventos.springsecurity.controller;

import java.util.List;

import javax.faces.bean.ManagedBean;
import javax.faces.bean.ViewScoped;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import mz.co.mpteventos.springsecurity.dao.DAO;
import mz.co.mpteventos.springsecurity.dto.UserDetailsImpl;
import mz.co.mpteventos.springsecurity.model.Conta;

@ManagedBean
@ViewScoped
public class UserDetailServiceImpl implements UserDetailsService {

private List<Conta> listaConta;

@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

	// cria-se lista de contas e mete-se todas contas da base de dads nessa lista
	listaConta = new DAO<Conta>(Conta.class).listaTodos();
	
	for (int i = 0; i < this.listaConta.size(); i++) {
		if (listaConta.get(i).getNome().equals(username)) {
			UserDetailsImpl user = new UserDetailsImpl();
			user.setUserName(listaConta.get(i).getNome().toString());
			user.setPassword(listaConta.get(i).getPassword().toString());
			user.addAuthority(listaConta.get(i).getAuthorities().toString());
			
			return user;
		}
	}
	throw new UsernameNotFoundException("Usuario não encontrado");
}

public String getUsuarioLogado(){
	Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
	String currentPrincipalName = authentication.getName();
	return currentPrincipalName.toString();
	}
}

Formulario Login

<form class="login-container"
		action="/springsecurity/j_spring_security_check" method="POST">
		<p>
			<input placeholder="Username" id="j_username" name="j_username"
				type="text" class="validate" required="required"> <label
				for="first_name">Introduza o nome de usuario</label>
		</p>
		<p>
			<input id="j_password" name="j_password" class="validate"
				type="password" placeholder="Password" required="required">
			<label for="last_name">Introduza a senha</label>
		</p>
		<p>
			<input name="action" type="submit" value="Entrar" >
		</p>
	</form>
</div>

Base de dados MYSQL

<img src="/uploads/3X/6/0/60df2c52374dc6ac77cb90cf52ecc8adf2613feb.PNG.webp" width=“394” height=“108” align«“center”>

Alura Desenvolvimento Back-End Java Sua Carreira em desenvolvimento back-end Java: dos fundamentos à arquitetura de sistemas...

4 Respostas

N
Narclk

Sobrescreva o método configure para adicionar suas permissões, veja https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#multiple-httpsecurity

Ex:

http
   			.antMatcher("/api/**")                            
   			.authorizeRequests()
   				.anyRequest().hasRole("ADMIN")
   				.and()
   			.httpBasic();
   	}```
H
hamilton.mateus

Alo, Narclk obrigado desde ja… bem eu nao percebi muito bem a sua explicação nem como eu poderia aproveitar esse codigo com o meu codigo. Sera que voce podeia ser mais explicito por faovor?

No XML eu retiro todas ROLES?

Devo retirar o default-target tambem?

Tentei da seguinte forma:

Security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
   xmlns:context="http://www.springframework.org/schema/context"
   xmlns:util="http://www.springframework.org/schema/util" 
   xmlns:security="http://www.springframework.org/schema/security"
   xmlns:task="http://www.springframework.org/schema/task"
   xsi:schemaLocation="
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd 
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
   http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.2.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

  <security:http>
<security:intercept-url pattern="/faces/gestor/" access="ROLE_USER" />
<security:intercept-url pattern="/faces/admin/" access="ROLE_ADMIN" />
<security:form-login login-page="/login.html" authentication-success-handler-ref="multiHttpSecurityConfig" authentication-failure-url="/login.html?erro=true"/>
<security:logout logout-success-url="/login.html" />
  </security:http>
 
 <bean class="mz.co.mpteventos.springsecurity.controller.MultiHttpSecurityConfig" id="multiHttpSecurityConfig"></bean>
 
 <security:authentication-manager>
     <security:authentication-provider  user-service-ref="multiHttpSecurityConfig"></security:authentication-provider>
</security:authentication-manager>
</beans>

Controlador

package mz.co.mpteventos.springsecurity.controller;

import java.util.List;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

import mz.co.mpteventos.springsecurity.dao.DAO;
import mz.co.mpteventos.springsecurity.dto.UserDetailsImpl;
import mz.co.mpteventos.springsecurity.model.Conta;

@EnableWebSecurity
public class MultiHttpSecurityConfig {
	
	public List<Conta> listaConta;
	@Bean
	public UserDetailsService userDetailsService(String username) throws Exception {
		UserDetailsImpl user = new UserDetailsImpl();
		listaConta = new DAO<Conta>(Conta.class).listaTodos();
		
		for (int i = 0; i < this.listaConta.size(); i++) {
			if (listaConta.get(i).getNome().equals(username)) {
				
				user.setUserName(listaConta.get(i).getNome().toString());
				user.setPassword(listaConta.get(i).getPassword().toString());
				user.addAuthority(listaConta.get(i).getAuthorities().toString());
			}
		}
		return (UserDetailsService) user;
	}

	
	
	@Configuration
	@Order(1)                                                        
	public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
		protected void configure(HttpSecurity http) throws Exception {
			http
				.antMatcher("/faces/admin/**")                               
				.authorizeRequests()
					.anyRequest().hasRole("ADMIN")
					.and()
				.httpBasic();
		}
	}

	@Configuration                                                   
	public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

		@Override
		protected void configure(HttpSecurity http) throws Exception {
			http
				.authorizeRequests()
					.anyRequest().authenticated()
					.and()
				.formLogin();
		}
	}
}

E ele da o seguinte erro:

Caused by: java.lang.IllegalStateException: Cannot convert value of type [mz.co.mpteventos.springsecurity.controller.MultiHttpSecurityConfig] to required type [org.springframework.security.web.authentication.AuthenticationSuccessHandler] for property 'authenticationSuccessHandler': no matching editors or conversion strategy found
at org.springframework.beans.TypeConverterDelegate.convertIfNecessary(TypeConverterDelegate.java:267)
at org.springframework.beans.BeanWrapperImpl.convertIfNecessary(BeanWrapperImpl.java:458)
... 73 more
N
Solucao aceita
Narclk

Comente as configurações do seu xml, delete as classes estáticas e use a classe abaixo como configuração. Boa sorte, espero ter ajudado.

Mais Informações e exemplos

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@EnableWebSecurity
public class SecurityConfigAdapter extends WebSecurityConfigurerAdapter {
	
	@Autowired
	private UserDetailsImpl userDetails;
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests()
		.antMatchers("/css/**", "/img/**", "/js/**").permitAll() 
		.antMatchers("/index.html", "/home.html").permitAll() 
        .antMatchers("/faces/gestor","/faces/gestor/**").hasRole("USER") 
        .antMatchers("/faces/admin","/faces/admin/**").hasRole("ADMIN")
        .anyRequest().authenticated()
        .and()
    .formLogin()
        .loginPage("/login.html")
        .permitAll()
        .and()
        .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
	}
	
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		
		auth.authenticationProvider(authenticationProvider());
		
	}
		
	
	@Bean
	public DaoAuthenticationProvider authenticationProvider() {
	    DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
	    authProvider.setUserDetailsService(userDetails);
	       
	    return authProvider;
	}
	
}
H
hamilton.mateus

Obrigado. Consegui resolver dessa forma que sugeriu muuito obrigado.

COnsegui uma segunda Solucao aqui que deu certo vou postar:

package mz.co.mpteventos.springsecurity.controller;

import java.io.IOException;
import java.util.List;
import java.util.Set;

import javax.faces.bean.ManagedBean;
import javax.faces.bean.ViewScoped;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Controller;

import mz.co.mpteventos.springsecurity.dao.DAO;
import mz.co.mpteventos.springsecurity.dto.UserDetailsImpl;
import mz.co.mpteventos.springsecurity.model.Conta;

@ManagedBean
@ViewScoped
@Controller
public class UserDetailServiceImpl implements UserDetailsService, AuthenticationSuccessHandler {

	private List<Conta> listaConta;
	
	@Override
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

		// cria-se lista de contas e mete-se todas contas da base de dads nessa lista
		listaConta = new DAO<Conta>(Conta.class).listaTodos();
		
		for (int i = 0; i < this.listaConta.size(); i++) {
			if (listaConta.get(i).getNome().equals(username)) {
				UserDetailsImpl user = new UserDetailsImpl();
				user.setUserName(listaConta.get(i).getNome().toString());
				user.setPassword(listaConta.get(i).getPassword().toString());
				user.addAuthority(listaConta.get(i).getAuthorities().toString());
				
				return user;
			}
		}
		throw new UsernameNotFoundException("Usuario não encontrado");
	}

	@Override
public void onAuthenticationSuccess(HttpServletRequest request,
        HttpServletResponse response, Authentication authentication)
        throws IOException, ServletException {
    Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
    if (roles.contains("ROLE_ADMIN")){
        response.sendRedirect(request.getContextPath() + "/faces/admin/visualizaractualizarestabelecimentoadmin.xhtml");   
        return;
    }
    response.sendRedirect(request.getContextPath() + "/faces/gestor/visualizaractualizarestabelecimento.xhtml");
} 
	
	public String getUsuarioLogado(){
		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
		String currentPrincipalName = authentication.getName();
		return currentPrincipalName.toString();
	}

}

## security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
   xmlns:context="http://www.springframework.org/schema/context"
   xmlns:util="http://www.springframework.org/schema/util" 
   xmlns:security="http://www.springframework.org/schema/security"
   xmlns:task="http://www.springframework.org/schema/task"
   xsi:schemaLocation="
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd 
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
   http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

  <security:http>
<security:intercept-url pattern="/faces/gestor/" access="ROLE_USER" />
<security:intercept-url pattern="/faces/admin/" access="ROLE_ADMIN" />
<security:form-login login-page="/login.html" authentication-success-handler-ref="userDetailServiceImpl" authentication-failure-url="/login.html?erro=true"/>
<security:logout logout-success-url="/login.html" />
  </security:http>
 
 <bean class="mz.co.mpteventos.springsecurity.controller.UserDetailServiceImpl" id="userDetailServiceImpl"></bean>
 
 <security:authentication-manager>
 <security:authentication-provider  user-service-ref="userDetailServiceImpl"></security:authentication-provider>
</security:authentication-manager>
</beans>
Criado 15 de agosto de 2017
Ultima resposta 17 de ago. de 2017
Respostas 4
Participantes 2

Topicos relacionados

Iniciar sessao JSF, Spring security, Primefaces 7 respostas jdbcTemplate null - Spring Resolvido 1 respostas JSF: Validador para campo unique no banco 3 respostas Dificultar download de vídeo html5 10 respostas ERRO na renderização da view JSF 8 respostas
Alura O que são algoritmos e lógica de programação e como aprender? Entenda o que são algoritmos e lógica de programação e qual é a importância desses conceitos para começar a programar
Casa do Codigo Deixe seu codigo limpo e brilhante: Desmistificando Clean... Por Jose Yoshiriro — Casa do Codigo