You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@click.apache.org by dian <di...@gmail.com> on 2009/07/01 21:21:20 UTC
Re: security in click
hello all,
I'am using spring security in my web app, I wanna get rolename from user
login to cuztom menu display in click, how to get role name value from user
that was login ?
thx
bheikamp wrote:
>
> Hi dian,
> I use Spring Security in Click, it works quit simpel, implement the spring
> security libs in you project. add the folowing configuration to your
> web.xml
>
> <!-- ================================== -->
> <!-- Servlet Context Listeners -->
> <!-- ================================== -->
> <listener>
> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
> </listener>
> <!-- ================================== -->
> <!-- CONTEXT PARAMETERS -->
> <!-- ================================== -->
> <context-param>
> <param-name>contextConfigLocation</param-name>
> <param-value>classpath:application-context.xml</param-value>
> </context-param>
> <filter>
> <filter-name>springSecurityFilterChain</filter-name>
> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
> </filter>
> <filter-mapping>
> <filter-name>springSecurityFilterChain</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
>
> add the folowing to your application context, provided that you implement
> a
> dataSource to your project, this you can also be done in spring by using
> hibernate as persistance layer.
>
> <security:http auto-config="true" access-denied-page="/denied.htm">
> <security:intercept-url pattern="/some_path/*" access="ROLE_ADMINISTRATOR"
> />
> <security:intercept-url pattern="/**"
> access="IS_AUTHENTICATED_ANONYMOUSLY"
> />
> <security:form-login login-page="/logon.htm"
> authentication-failure-url="/logon.htm?login_error=1" />
> </security:http>
> <security:authentication-provider>
> <security:jdbc-user-service data-source-ref="dataSource"
> authorities-by-username-query="SELECT username,authority FROM authority
> WHERE username=?"
> users-by-username-query="SELECT username,password,active FROM users WHERE
> username=?" />
> </security:authentication-provider>
>
> create 2 table's:
>
> - authority with a usernae and authority and make sure a user has a
> ROLE_ADMINISTRATOR or something like that, default it has to start with
> ROLE_,
> - users, with a username, password and active.
>
> your login page :
>
> public class LogonPage extends TemplatePage {
>
> public Form form = new Form();
>
> public LogonPage() {
> setTitle("Loging page");
>
> form.setActionURL("j_spring_security_check");
> form.setMethod("post");
> form.setJavaScriptValidation(true);
>
> TextField userName = new TextField("j_username");
> userName.setRequired(true);
> userName.setFocus(true);
> userName.setLabel("gebruikersNaam");
> form.add(userName);
>
> PasswordField password = new PasswordField("j_password");
> password.setRequired(true);
> password.setLabel("Wachtwoord");
> form.add(password);
>
> form.add(new NextButton("ok", " logon ", this, "onOkClicked"));
> }
>
> @Override public void onInit() {
> super.onInit();
> if (getParameter("login_error") != null &&
> getParameter("login_error").equals("1")) {
> msg = "fout bij aanmelden !";
> }
> }
> }
>
> that's all, this works much easier than the J2EE implementation.
>
> Suc6
>
> Kind Regards,
>
> Bert Heikamp
>
> 2009/1/6 dian ruzda <di...@gmail.com>
>
>> Hello all,
>>
>> I still confuse to implements how to make authentification and
>> authorization in click framework.
>> I was read click manual and best practise but It can't explaine me more.
>> does any body can give me simple template about implementation security
>> in
>> click framework ?
>>
>>
>> thx..
>>
>
>
--
View this message in context: http://n2.nabble.com/security-in-click-tp2116683p3191195.html
Sent from the click-user mailing list archive at Nabble.com.
Re: security in click
Posted by Malcolm Edgar <ma...@gmail.com>.
I think maintaining menu.xml will be much easier than doing this
programatically,
regards Malcolm Edgar
On Thu, Jul 2, 2009 at 1:16 PM, dian ruzda<di...@gmail.com> wrote:
> can we make menu control by programatically, so I shouldn't write menu.xml
> again, all menu configuration create otomatically by program ?
>
>
> On Thu, Jul 2, 2009 at 12:44 AM, Bert Heikamp <be...@tooclose.nl> wrote:
>>
>> Hi,
>>
>> This is how I did it,
>>
>> #if ($topMenu.isUserInRoles() || $topMenu.isUserInChildMenuRoles() ||
>> $topMenu.getRoles().size() == 0)
>>
>> in the menu.vm and
>>
>> <menu label="Administrator" path="index.htm"
>> roles="ROLE_SUPER_ADMINISTRATOR">
>>
>> in the menu.xml
>>
>> Hopes it help.
>>
>> Regard,
>>
>> Bert
>>
>> 2009/7/1 dian <di...@gmail.com>
>>>
>>> hello all,
>>>
>>> I'am using spring security in my web app, I wanna get rolename from user
>>> login to cuztom menu display in click, how to get role name value from
>>> user
>>> that was login ?
>>>
>>>
>>> thx
>>>
>>>
>>>
>>> bheikamp wrote:
>>> >
>>> > Hi dian,
>>> > I use Spring Security in Click, it works quit simpel, implement the
>>> > spring
>>> > security libs in you project. add the folowing configuration to your
>>> > web.xml
>>> >
>>> > <!-- ================================== -->
>>> > <!-- Servlet Context Listeners -->
>>> > <!-- ================================== -->
>>> > <listener>
>>> >
>>> > <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
>>> > </listener>
>>> > <!-- ================================== -->
>>> > <!-- CONTEXT PARAMETERS -->
>>> > <!-- ================================== -->
>>> > <context-param>
>>> > <param-name>contextConfigLocation</param-name>
>>> > <param-value>classpath:application-context.xml</param-value>
>>> > </context-param>
>>> > <filter>
>>> > <filter-name>springSecurityFilterChain</filter-name>
>>> >
>>> > <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
>>> > </filter>
>>> > <filter-mapping>
>>> > <filter-name>springSecurityFilterChain</filter-name>
>>> > <url-pattern>/*</url-pattern>
>>> > </filter-mapping>
>>> >
>>> >
>>> > add the folowing to your application context, provided that you
>>> > implement
>>> > a
>>> > dataSource to your project, this you can also be done in spring by
>>> > using
>>> > hibernate as persistance layer.
>>> >
>>> > <security:http auto-config="true" access-denied-page="/denied.htm">
>>> > <security:intercept-url pattern="/some_path/*"
>>> > access="ROLE_ADMINISTRATOR"
>>> > />
>>> > <security:intercept-url pattern="/**"
>>> > access="IS_AUTHENTICATED_ANONYMOUSLY"
>>> > />
>>> > <security:form-login login-page="/logon.htm"
>>> > authentication-failure-url="/logon.htm?login_error=1" />
>>> > </security:http>
>>> > <security:authentication-provider>
>>> > <security:jdbc-user-service data-source-ref="dataSource"
>>> > authorities-by-username-query="SELECT username,authority FROM authority
>>> > WHERE username=?"
>>> > users-by-username-query="SELECT username,password,active FROM users
>>> > WHERE
>>> > username=?" />
>>> > </security:authentication-provider>
>>> >
>>> > create 2 table's:
>>> >
>>> > - authority with a usernae and authority and make sure a user has a
>>> > ROLE_ADMINISTRATOR or something like that, default it has to start
>>> > with
>>> > ROLE_,
>>> > - users, with a username, password and active.
>>> >
>>> > your login page :
>>> >
>>> > public class LogonPage extends TemplatePage {
>>> >
>>> > public Form form = new Form();
>>> >
>>> > public LogonPage() {
>>> > setTitle("Loging page");
>>> >
>>> > form.setActionURL("j_spring_security_check");
>>> > form.setMethod("post");
>>> > form.setJavaScriptValidation(true);
>>> >
>>> > TextField userName = new TextField("j_username");
>>> > userName.setRequired(true);
>>> > userName.setFocus(true);
>>> > userName.setLabel("gebruikersNaam");
>>> > form.add(userName);
>>> >
>>> > PasswordField password = new PasswordField("j_password");
>>> > password.setRequired(true);
>>> > password.setLabel("Wachtwoord");
>>> > form.add(password);
>>> >
>>> > form.add(new NextButton("ok", " logon ", this, "onOkClicked"));
>>> > }
>>> >
>>> > @Override public void onInit() {
>>> > super.onInit();
>>> > if (getParameter("login_error") != null &&
>>> > getParameter("login_error").equals("1")) {
>>> > msg = "fout bij aanmelden !";
>>> > }
>>> > }
>>> > }
>>> >
>>> > that's all, this works much easier than the J2EE implementation.
>>> >
>>> > Suc6
>>> >
>>> > Kind Regards,
>>> >
>>> > Bert Heikamp
>>> >
>>> > 2009/1/6 dian ruzda <di...@gmail.com>
>>> >
>>> >> Hello all,
>>> >>
>>> >> I still confuse to implements how to make authentification and
>>> >> authorization in click framework.
>>> >> I was read click manual and best practise but It can't explaine me
>>> >> more.
>>> >> does any body can give me simple template about implementation
>>> >> security
>>> >> in
>>> >> click framework ?
>>> >>
>>> >>
>>> >> thx..
>>> >>
>>> >
>>> >
>>>
>>> --
>>> View this message in context:
>>> http://n2.nabble.com/security-in-click-tp2116683p3191195.html
>>> Sent from the click-user mailing list archive at Nabble.com.
>>>
>>
>
>
Re: security in click
Posted by aurmam <au...@gmail.com>.
you can check my tutorial
http://code.google.com/p/click-cas/wiki/Intro
it is in Click Wiki page
--
View this message in context: http://n2.nabble.com/security-in-click-tp2116683p3428878.html
Sent from the click-user mailing list archive at Nabble.com.
Re: security in click
Posted by Bob Schellink <sa...@gmail.com>.
dian ruzda wrote:
> can we make menu control by programatically, so I shouldn't write
> menu.xml again, all menu configuration create otomatically by program ?
Use one of the public Menu constructors and set the properties
as needed. For example:
Menu rootMenu = new Menu("rootMenu");
Menu editCustomer = createMenu("Edit Customer", rootMenu);
...
private static Menu createMenu(String label, Menu parent) {
Menu menu = new Menu();
menu.setLabel(label);
menu.setTitle(label);
parent.getChildren().add(menu);
return menu;
}
kind regards
bob
Re: security in click
Posted by dian ruzda <di...@gmail.com>.
can we make menu control by programatically, so I shouldn't write menu.xml
again, all menu configuration create otomatically by program ?
On Thu, Jul 2, 2009 at 12:44 AM, Bert Heikamp <be...@tooclose.nl> wrote:
> Hi,
>
> This is how I did it,
>
> #if ($topMenu.isUserInRoles() || $topMenu.isUserInChildMenuRoles() ||
> $topMenu.getRoles().size() == 0)
>
> in the menu.vm and
>
> <menu label="Administrator" path="index.htm"
> roles="ROLE_SUPER_ADMINISTRATOR">
>
> in the menu.xml
>
> Hopes it help.
>
> Regard,
>
> Bert
>
> 2009/7/1 dian <di...@gmail.com>
>
>
>> hello all,
>>
>> I'am using spring security in my web app, I wanna get rolename from user
>> login to cuztom menu display in click, how to get role name value from
>> user
>> that was login ?
>>
>>
>> thx
>>
>>
>>
>> bheikamp wrote:
>> >
>> > Hi dian,
>> > I use Spring Security in Click, it works quit simpel, implement the
>> spring
>> > security libs in you project. add the folowing configuration to your
>> > web.xml
>> >
>> > <!-- ================================== -->
>> > <!-- Servlet Context Listeners -->
>> > <!-- ================================== -->
>> > <listener>
>> >
>> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
>> > </listener>
>> > <!-- ================================== -->
>> > <!-- CONTEXT PARAMETERS -->
>> > <!-- ================================== -->
>> > <context-param>
>> > <param-name>contextConfigLocation</param-name>
>> > <param-value>classpath:application-context.xml</param-value>
>> > </context-param>
>> > <filter>
>> > <filter-name>springSecurityFilterChain</filter-name>
>> >
>> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
>> > </filter>
>> > <filter-mapping>
>> > <filter-name>springSecurityFilterChain</filter-name>
>> > <url-pattern>/*</url-pattern>
>> > </filter-mapping>
>> >
>> >
>> > add the folowing to your application context, provided that you
>> implement
>> > a
>> > dataSource to your project, this you can also be done in spring by using
>> > hibernate as persistance layer.
>> >
>> > <security:http auto-config="true" access-denied-page="/denied.htm">
>> > <security:intercept-url pattern="/some_path/*"
>> access="ROLE_ADMINISTRATOR"
>> > />
>> > <security:intercept-url pattern="/**"
>> > access="IS_AUTHENTICATED_ANONYMOUSLY"
>> > />
>> > <security:form-login login-page="/logon.htm"
>> > authentication-failure-url="/logon.htm?login_error=1" />
>> > </security:http>
>> > <security:authentication-provider>
>> > <security:jdbc-user-service data-source-ref="dataSource"
>> > authorities-by-username-query="SELECT username,authority FROM authority
>> > WHERE username=?"
>> > users-by-username-query="SELECT username,password,active FROM users
>> WHERE
>> > username=?" />
>> > </security:authentication-provider>
>> >
>> > create 2 table's:
>> >
>> > - authority with a usernae and authority and make sure a user has a
>> > ROLE_ADMINISTRATOR or something like that, default it has to start
>> with
>> > ROLE_,
>> > - users, with a username, password and active.
>> >
>> > your login page :
>> >
>> > public class LogonPage extends TemplatePage {
>> >
>> > public Form form = new Form();
>> >
>> > public LogonPage() {
>> > setTitle("Loging page");
>> >
>> > form.setActionURL("j_spring_security_check");
>> > form.setMethod("post");
>> > form.setJavaScriptValidation(true);
>> >
>> > TextField userName = new TextField("j_username");
>> > userName.setRequired(true);
>> > userName.setFocus(true);
>> > userName.setLabel("gebruikersNaam");
>> > form.add(userName);
>> >
>> > PasswordField password = new PasswordField("j_password");
>> > password.setRequired(true);
>> > password.setLabel("Wachtwoord");
>> > form.add(password);
>> >
>> > form.add(new NextButton("ok", " logon ", this, "onOkClicked"));
>> > }
>> >
>> > @Override public void onInit() {
>> > super.onInit();
>> > if (getParameter("login_error") != null &&
>> > getParameter("login_error").equals("1")) {
>> > msg = "fout bij aanmelden !";
>> > }
>> > }
>> > }
>> >
>> > that's all, this works much easier than the J2EE implementation.
>> >
>> > Suc6
>> >
>> > Kind Regards,
>> >
>> > Bert Heikamp
>> >
>> > 2009/1/6 dian ruzda <di...@gmail.com>
>> >
>> >> Hello all,
>> >>
>> >> I still confuse to implements how to make authentification and
>> >> authorization in click framework.
>> >> I was read click manual and best practise but It can't explaine me
>> more.
>> >> does any body can give me simple template about implementation security
>> >> in
>> >> click framework ?
>> >>
>> >>
>> >> thx..
>> >>
>> >
>> >
>>
>> --
>> View this message in context:
>> http://n2.nabble.com/security-in-click-tp2116683p3191195.html
>> Sent from the click-user mailing list archive at Nabble.com.
>>
>>
>
Re: security in click
Posted by Bert Heikamp <be...@tooclose.nl>.
Hi,
This is how I did it,
#if ($topMenu.isUserInRoles() || $topMenu.isUserInChildMenuRoles() ||
$topMenu.getRoles().size() == 0)
in the menu.vm and
<menu label="Administrator" path="index.htm"
roles="ROLE_SUPER_ADMINISTRATOR">
in the menu.xml
Hopes it help.
Regard,
Bert
2009/7/1 dian <di...@gmail.com>
>
> hello all,
>
> I'am using spring security in my web app, I wanna get rolename from user
> login to cuztom menu display in click, how to get role name value from user
> that was login ?
>
>
> thx
>
>
>
> bheikamp wrote:
> >
> > Hi dian,
> > I use Spring Security in Click, it works quit simpel, implement the
> spring
> > security libs in you project. add the folowing configuration to your
> > web.xml
> >
> > <!-- ================================== -->
> > <!-- Servlet Context Listeners -->
> > <!-- ================================== -->
> > <listener>
> >
> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
> > </listener>
> > <!-- ================================== -->
> > <!-- CONTEXT PARAMETERS -->
> > <!-- ================================== -->
> > <context-param>
> > <param-name>contextConfigLocation</param-name>
> > <param-value>classpath:application-context.xml</param-value>
> > </context-param>
> > <filter>
> > <filter-name>springSecurityFilterChain</filter-name>
> >
> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
> > </filter>
> > <filter-mapping>
> > <filter-name>springSecurityFilterChain</filter-name>
> > <url-pattern>/*</url-pattern>
> > </filter-mapping>
> >
> >
> > add the folowing to your application context, provided that you implement
> > a
> > dataSource to your project, this you can also be done in spring by using
> > hibernate as persistance layer.
> >
> > <security:http auto-config="true" access-denied-page="/denied.htm">
> > <security:intercept-url pattern="/some_path/*"
> access="ROLE_ADMINISTRATOR"
> > />
> > <security:intercept-url pattern="/**"
> > access="IS_AUTHENTICATED_ANONYMOUSLY"
> > />
> > <security:form-login login-page="/logon.htm"
> > authentication-failure-url="/logon.htm?login_error=1" />
> > </security:http>
> > <security:authentication-provider>
> > <security:jdbc-user-service data-source-ref="dataSource"
> > authorities-by-username-query="SELECT username,authority FROM authority
> > WHERE username=?"
> > users-by-username-query="SELECT username,password,active FROM users WHERE
> > username=?" />
> > </security:authentication-provider>
> >
> > create 2 table's:
> >
> > - authority with a usernae and authority and make sure a user has a
> > ROLE_ADMINISTRATOR or something like that, default it has to start
> with
> > ROLE_,
> > - users, with a username, password and active.
> >
> > your login page :
> >
> > public class LogonPage extends TemplatePage {
> >
> > public Form form = new Form();
> >
> > public LogonPage() {
> > setTitle("Loging page");
> >
> > form.setActionURL("j_spring_security_check");
> > form.setMethod("post");
> > form.setJavaScriptValidation(true);
> >
> > TextField userName = new TextField("j_username");
> > userName.setRequired(true);
> > userName.setFocus(true);
> > userName.setLabel("gebruikersNaam");
> > form.add(userName);
> >
> > PasswordField password = new PasswordField("j_password");
> > password.setRequired(true);
> > password.setLabel("Wachtwoord");
> > form.add(password);
> >
> > form.add(new NextButton("ok", " logon ", this, "onOkClicked"));
> > }
> >
> > @Override public void onInit() {
> > super.onInit();
> > if (getParameter("login_error") != null &&
> > getParameter("login_error").equals("1")) {
> > msg = "fout bij aanmelden !";
> > }
> > }
> > }
> >
> > that's all, this works much easier than the J2EE implementation.
> >
> > Suc6
> >
> > Kind Regards,
> >
> > Bert Heikamp
> >
> > 2009/1/6 dian ruzda <di...@gmail.com>
> >
> >> Hello all,
> >>
> >> I still confuse to implements how to make authentification and
> >> authorization in click framework.
> >> I was read click manual and best practise but It can't explaine me more.
> >> does any body can give me simple template about implementation security
> >> in
> >> click framework ?
> >>
> >>
> >> thx..
> >>
> >
> >
>
> --
> View this message in context:
> http://n2.nabble.com/security-in-click-tp2116683p3191195.html
> Sent from the click-user mailing list archive at Nabble.com.
>
>