Boa tarde pessoal, estou com uma dificuldade em utilizar o Spring Security. Li bastante coisa na net e tentei montar o meu “Frankenstein” baseado no que foi lido, porém o negócio não funciona. Eu fui debbugar, marquei um breakpoint no setSessionFactory do meu UserDAO e percebi que a aplicação não está entrando neste método. Até acredito que isto esteja fazendo falhar a autenticação. Coloco abaixo os meus fontes.
/WEB-INF/web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>NFeManager</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-servlet.xml
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- SPRING SECURITY -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- SPRING FRAMEWORK -->
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>/WEB-INF/spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<!-- This is where we configure Spring-Security -->
<sec:http auto-config="true" use-expressions="true" access-denied-page="/auth/denied" >
<sec:intercept-url pattern="/auth/login" access="permitAll"/>
<sec:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>
<sec:intercept-url pattern="/manager/**" access="ROLE_ADMIN"/>
<sec:intercept-url pattern="/cnpj/**" access="ROLE_ADMIN"/>
<sec:form-login
login-page="/auth/login"
authentication-failure-url="/auth/login?error=true"
default-target-url="/cnpj"/>
<sec:logout
invalidate-session="true"
logout-success-url="/auth/login"
logout-url="/auth/logout"/>
</sec:http>
<!-- Declare an authentication-manager to use a custom userDetailsService -->
<sec:authentication-manager>
<sec:authentication-provider user-service-ref="customUserDetailsService" />
</sec:authentication-manager>
<!-- A custom service where Spring will retrieve users and their corresponding access levels -->
<bean id="customUserDetailsService" class="br.com.anhambi.nfemanager.service.CustomUserDetailsService"/>
</beans>/WEB-INF/spring-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<!-- Activates various annotations to be detected in bean classes -->
<context:annotation-config />
<context:component-scan base-package="br.com.anhambi.nfemanager.controller" />
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>
<import resource="spring-database.xml" />
</beans>/WEB-INF/spring-database.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost/nfemanager" />
<property name="username" value="root" />
<property name="password" value="root" />
</bean>
<!-- Hibernate SessionFactory -->
<bean id="sessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
<property name="dataSource">
<ref local="dataSource"/>
</property>
<property name="packagesToScan" value="br.com.anhambi.nfemanager.model" />
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.hbm2ddl.auto">update</prop>
</props>
</property>
</bean>
<!-- Transaction manager for a single Hibernate SessionFactory (alternative to JTA)-->
<bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<property name="sessionFactory">
<ref local="sessionFactory"/>
</property>
</bean>
</beans>br.com.anhambi.nfemanager.controller.AuthenticationController
@Controller
@RequestMapping("/auth")
public class AuthenticationController {
@RequestMapping(value = "/login", method = RequestMethod.GET)
public ModelAndView getLoginPage(@RequestParam(value="error", required=false) boolean error, ModelMap model) {
logger.debug("Received request to show login page");
ModelAndView modelAndView = new ModelAndView("login");
if (error) {
modelAndView.addObject("mensagem", "Deu pau!");
}
return modelAndView;
}
@RequestMapping(value = "/denied", method = RequestMethod.GET)
public String getDeniedPage() {
return "denied";
}
}br.com.anhambi.nfemanager.service.CustomUserDetailsService
@Service
@Transactional(readOnly = true)
public class CustomUserDetailsService implements UserDetailsService {
private UserDAO userDAO;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
UserVO user = null;
try {
user = getUserDAO().autenticar(username);
} catch (Exception e) {
throw new UsernameNotFoundException("Error in retrieving user");
}
return user;
}
/**
* @return the userDAO
*/
@Autowired
public UserDAO getUserDAO() {
return userDAO;
}
}br.com.anhambi.nfemanager.model.UserVO
@Entity
@Table(name="usuario")
UserVO implements java.io.Serializable, UserDetails {
@Id @GeneratedValue
private Integer id;
@Column(length=40, nullable=false)
private String email;
@Column(length=20, nullable=false)
private String senha;
@Column(length=1)
private String ativo;
@Column(length=15, nullable=false)
private String papel;
@Override @Transient
public Collection<GrantedAuthority> getAuthorities() {
List<GrantedAuthority> lista = new ArrayList<GrantedAuthority>();
lista.add(new GrantedAuthorityImpl("ROLE_ADMIN"));
lista.add(new GrantedAuthorityImpl("ROLE_MANAGER"));
lista.add(new GrantedAuthorityImpl("ROLE_USER"));
return lista;
}
@Transient @Override
public String getPassword() {
return this.getSenha();
}
@Transient @Override
public String getUsername() {
return this.getEmail();
}
@Transient @Override
public boolean isAccountNonExpired() {
return true;
}
@Transient @Override
public boolean isAccountNonLocked() {
return true;
}
@Transient @Override
public boolean isCredentialsNonExpired() {
return true;
}
@Transient @Override
public boolean isEnabled() {
return this.getAtivo().equals("S");
}
... //Setters e getters
}br.com.anhambi.nfemanager.dao.UserDAO
public class UserDAO extends AbstractDAO<UserVO> {
@Autowired
public void setSessionFactory(SessionFactory sessionFactory) {
this.template = new HibernateTemplate(sessionFactory);
}
public UserVO autenticar(String username) {
UserVO temp = new UserVO();
temp.setEmail(username);
List<UserVO> founds = this.findByExample(temp);
if (!founds.isEmpty()) {
logger.debug("Usuário encontrado!");
return founds.get(0);
}
logger.error("Usuário não encontrado!");
throw new RuntimeException("Usuário não encontrado!");
}
}br.com.anhambi.nfemanager.dao.AbstractDAO
public class AbstractDAO<T> {
protected static Logger logger = Logger.getLogger("dao");
protected Class<T> classVO = null;
protected HibernateTemplate template;
public AbstractDAO() {
this.classVO = (Class<T>) ((ParameterizedType) getClass().getGenericSuperclass()).getActualTypeArguments()[0];
}
public T add(T t) {
try {
this.template.save(t);
return t;
} catch (Exception e) {
return null;
}
}
public void update(T t) {
this.template.update(t);
}
public void del(T t) {
this.template.delete(t);
}
public List<T> findAll() {
return this.template.find(String.format("from %s", this.classVO.getName()));
}
public List<T> findByExample(T t) {
return this.template.findByExample(t);
}
}Por favor, se puder me ajudar, ficarei muito grato.
Obriagado!