You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by "Juan E. Maya" <ma...@gmail.com> on 2009/12/04 12:35:22 UTC
Re: Spring Security for T5 : Different target urls for different user
roles
hi, i did something like this for one of my past projects.
Specifically what i did was to create my own
AuthenticationProcessingFilter that overrides getDefaultTargetUrl()
The methods looks like this:
@override
public String getDefaultTargetUrl() {
String url = this.afterLoginRedirectService.getDefaultUrl();
if (StringUtils.isBlank(url)){
url = super.getDefaultTargetUrl();
}
return url;
}
afterLoginRedirectService is a tapestry service that obtains the url
to redirect after the authentication process is done. It has a
configuration map with the Role and the target url;
And then you need to override the authenticationProcessingFilter
provieded by tapestry-spring-security
public static AuthenticationProcessingFilter
buildYourAuthenticationProcessingFilter(Map<Long, String>
configuration, Logger logger,
@SpringSecurityServices final AuthenticationManager manager,
@SpringSecurityServices final RememberMeServices rememberMeServices,
@Inject @Symbol("spring-security.check.url") final String authUrl,
@Inject @Symbol("spring-security.target.url") final String targetUrl,
@Inject @Symbol("spring-security.failure.url") final String
failureUrl, @InjectService("SuccessLoginChain") LoginActionCommand
successLoginChain,
@InjectService("FailedLoginChain") LoginActionCommand
failedLoginChain) throws Exception {
AuthenticationProcessingFilter filter = new
YourAuthenticationProcessingFilter(successLoginChain,
failedLoginChain,
new AfterLoginRedirectServiceImpl(configuration), logger);
filter.setAuthenticationManager(manager);
filter.setAuthenticationFailureUrl(failureUrl);
filter.setDefaultTargetUrl(targetUrl);
filter.setFilterProcessesUrl(authUrl);
filter.setRememberMeServices(rememberMeServices);
filter.afterPropertiesSet();
return filter;
}
public static void
contributeAliasOverrides(Configuration<AliasContribution<?>>
configuration,
@InjectService("YourAuthenticationProcessingFilter")
AuthenticationProcessingFilter yourAuthenticationProcessingFilter) {
//rewrite the authentication processing filter
configuration.add(AliasContribution.create(AuthenticationProcessingFilter.class,
yourAuthenticationProcessingFilter));
}
And to configure the target urls in any module u can contribute to
your Filter :
public static void
contributeYourAuthenticationProcessingFilter(MappedConfiguration<Long,
String> configuration,
@Inject @Symbol(NebulaConstants.Symbols.DEFAULT_ADVISOR_URL) String
defaultAdvisorUrl) {
configuration.add(SecurityConstants.Defaults.ADVISOR_ROLE_ID,
defaultAdvisorUrl);
}
I hope it helps
On Fri, Dec 4, 2009 at 12:06 PM, TNO <tn...@free.fr> wrote:
> Hi,
>
> is it possible to have different target urls for different user roles.
>
> The ROLE_ADMIN goes to /admin, the ROLE_TOTO goes /page/toto, the
> ROLE_TITI goes to /page/titi, ...
>
>
> thanks
>
>
> ---
> Antivirus avast! : message Sortant sain.
> Base de donnees virale (VPS) : 091203-1, 03/12/2009
> Analyse le : 04/12/2009 12:06:56
> avast! - copyright (c) 1988-2009 ALWIL Software.
> http://www.avast.com
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Spring Security for T5 : Different target urls for different
user roles
Posted by TNO <tn...@free.fr>.
Tanks you, that's work perfect
Found in
http://ostas.blogspot.com/2008/06/spring-security-20-different-target.html
too
Here's my solution :
A CustomAuthenticationProcessingFilter :
public class CustomAuthenticationProcessingFilter extends
AuthenticationProcessingFilter {
@Override
public Authentication attemptAuthentication(HttpServletRequest request)
throws AuthenticationException {
String username = obtainUsername(request);
String password = obtainPassword(request);
if (username == null) {
username = "";
}
if (password == null) {
password = "";
}
username = username.trim();
UsernamePasswordAuthenticationToken authRequest = new
UsernamePasswordAuthenticationToken(username, password);
// Place the last username attempted into HttpSession for views
HttpSession session = request.getSession(false);
if (session != null || getAllowSessionCreation()) {
request.getSession().setAttribute(SPRING_SECURITY_LAST_USERNAME_KEY,
TextUtils.escapeEntities(username));
}
// Allow subclasses to set the "details" property
setDetails(request, authRequest);
// role&URLs stuff
final Authentication auth =
this.getAuthenticationManager().authenticate(authRequest);
final GrantedAuthority[] grantedAuthorities = auth.getAuthorities();
String currentRole = null;
String outcome = null;
for (GrantedAuthority grantedAuthority : grantedAuthorities) {
currentRole = grantedAuthority.toString();
}
if (WebUser.ROLE_ADMIN.equals(currentRole)) {
outcome = "/anonym/etude/accueil";
} else if (WebUser.ROLE_COMMISSAIRE_PRISEUR.equals(currentRole)) {
outcome = "/anonym/actif/accueil";
} else if (WebUser.ROLE_CREANCIER.equals(currentRole)) {
outcome = "/anonym/creancier/accueil";
} else if (WebUser.ROLE_DIRIGEANT.equals(currentRole)) {
outcome = "/anonym/dirigeant/accueil";
} else if (WebUser.ROLE_SALARIE.equals(currentRole)) {
outcome = "/anonym/salarie/accueil";
} else {
outcome = "/start";
}
// actual change of default url for user
this.setDefaultTargetUrl(outcome);
return auth;
}
In AppModule :
public static AuthenticationProcessingFilter
buildMyAuthenticationProcessingFilter(
@SpringSecurityServices
final AuthenticationManager manager,
@SpringSecurityServices
final RememberMeServices rememberMeServices,
@Inject
@Value("${spring-security.check.url}")
final String authUrl,
@Inject
@Value("${spring-security.target.url}")
final String targetUrl,
@Inject
@Value("${spring-security.failure.url}")
final String failureUrl) throws Exception {
CustomAuthenticationProcessingFilter filter = new
CustomAuthenticationProcessingFilter();
filter.setAuthenticationManager(manager);
filter.setAuthenticationFailureUrl(failureUrl);
filter.setDefaultTargetUrl(targetUrl);
filter.setFilterProcessesUrl(authUrl);
filter.setRememberMeServices(rememberMeServices);
filter.setAlwaysUseDefaultTargetUrl(true);
filter.afterPropertiesSet();
return filter;
}
Le 04/12/2009 12:35, Juan E. Maya a écrit :
> hi, i did something like this for one of my past projects.
>
> Specifically what i did was to create my own
> AuthenticationProcessingFilter that overrides getDefaultTargetUrl()
>
> The methods looks like this:
>
> @override
> public String getDefaultTargetUrl() {
> String url = this.afterLoginRedirectService.getDefaultUrl();
> if (StringUtils.isBlank(url)){
> url = super.getDefaultTargetUrl();
> }
> return url;
> }
>
> afterLoginRedirectService is a tapestry service that obtains the url
> to redirect after the authentication process is done. It has a
> configuration map with the Role and the target url;
>
> And then you need to override the authenticationProcessingFilter
> provieded by tapestry-spring-security
>
> public static AuthenticationProcessingFilter
> buildYourAuthenticationProcessingFilter(Map<Long, String>
> configuration, Logger logger,
> @SpringSecurityServices final AuthenticationManager manager,
> @SpringSecurityServices final RememberMeServices rememberMeServices,
> @Inject @Symbol("spring-security.check.url") final String authUrl,
> @Inject @Symbol("spring-security.target.url") final String targetUrl,
> @Inject @Symbol("spring-security.failure.url") final String
> failureUrl, @InjectService("SuccessLoginChain") LoginActionCommand
> successLoginChain,
> @InjectService("FailedLoginChain") LoginActionCommand
> failedLoginChain) throws Exception {
>
> AuthenticationProcessingFilter filter = new
> YourAuthenticationProcessingFilter(successLoginChain,
> failedLoginChain,
> new AfterLoginRedirectServiceImpl(configuration), logger);
>
> filter.setAuthenticationManager(manager);
> filter.setAuthenticationFailureUrl(failureUrl);
> filter.setDefaultTargetUrl(targetUrl);
> filter.setFilterProcessesUrl(authUrl);
> filter.setRememberMeServices(rememberMeServices);
> filter.afterPropertiesSet();
> return filter;
> }
>
> public static void
> contributeAliasOverrides(Configuration<AliasContribution<?>>
> configuration,
> @InjectService("YourAuthenticationProcessingFilter")
> AuthenticationProcessingFilter yourAuthenticationProcessingFilter) {
>
> //rewrite the authentication processing filter
> configuration.add(AliasContribution.create(AuthenticationProcessingFilter.class,
> yourAuthenticationProcessingFilter));
>
> }
>
> And to configure the target urls in any module u can contribute to
> your Filter :
> public static void
> contributeYourAuthenticationProcessingFilter(MappedConfiguration<Long,
> String> configuration,
> @Inject @Symbol(NebulaConstants.Symbols.DEFAULT_ADVISOR_URL) String
> defaultAdvisorUrl) {
>
> configuration.add(SecurityConstants.Defaults.ADVISOR_ROLE_ID,
> defaultAdvisorUrl);
> }
>
> I hope it helps
>
> On Fri, Dec 4, 2009 at 12:06 PM, TNO <tn...@free.fr> wrote:
>
>> Hi,
>>
>> is it possible to have different target urls for different user roles.
>>
>> The ROLE_ADMIN goes to /admin, the ROLE_TOTO goes /page/toto, the
>> ROLE_TITI goes to /page/titi, ...
>>
>>
>> thanks
>>
>>
>> ---
>> Antivirus avast! : message Sortant sain.
>> Base de donnees virale (VPS) : 091203-1, 03/12/2009
>> Analyse le : 04/12/2009 12:06:56
>> avast! - copyright (c) 1988-2009 ALWIL Software.
>> http://www.avast.com
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
---
Antivirus avast! : message Sortant sain.
Base de donnees virale (VPS) : 091203-1, 03/12/2009
Analyse le : 04/12/2009 13:29:53
avast! - copyright (c) 1988-2009 ALWIL Software.
http://www.avast.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org