Discussoes de Programacao e Tecnologia

Spring Secutiry + ZK = Problema com sessões

0 respostas
J
joshh

Ola pessoal! To com um problema aqui. Quando logo pelo spring Security. Sou redirecionado para a página principal. O que ta acontecendo é que o dadosdosistema bean fica igual pra todos os users logados. Ele ta com scope session. O dadosSistemaBean tem o mesmo hashcode para todos os users. No principal tenho prototype, pois da alguns problemas se uso no composer session. E o dadosSistemaBean precisa ser session pois preciso armazenar para aquele user logado laguns dados.

Principal: 
package br.com.romulo.agenda.controllers;

@Controller("borderLayoutComposer")
@Scope("prototype")
public class BorderLayoutComposer extends GenericForwardComposer{
	
	/**
	 * 
	 */
	DadosSistemaBean DadosSistemaBean;	
}

DadosSistemaBean:

package br.com.romulo.agenda.bean;

import br.com.romulo.agenda.model.Usuario;

@Bean(name = "DadosSistemaBean")
@Scope("session")
public class DadosSistemaBean {
	
	private Usuario usuarioLogado;

	public DadosSistemaBean() {
	}
	
	public Usuario getUsuarioLogado() {
		return usuarioLogado;
	}
	
	public void setUsuarioLogado(Usuario usuarioLogado) {
		this.usuarioLogado = usuarioLogado;
	}
	
}

spring security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
	<http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint" access-denied-page="/negado.jsp">

		<logout logout-success-url="/login.zul" />

		<intercept-url pattern="/admin/**" access="ROLE_ADMIN" />

		<!-- All other resources to require users to have user role USER_ROLE to 
			view -->
		<intercept-url pattern="/*.zul" access="ROLE_ADMIN,ROLE_USER" />

		<!-- Don't apply any filters to the login form either, we want unauthenticated 
			users to be able to see this -->
		<intercept-url pattern="/login.zul" filters="none" />
		<!-- CUSTOM FILTERS -->
		<custom-filter ref="languageProcessingFilter" after="FORM_LOGIN_FILTER"/>
	</http>
	
	<authentication-manager alias="authenticationManager">
		<authentication-provider user-service-ref="userDetailServiceImpl"/>
	</authentication-manager>
	
	<beans:bean id="authenticationFailureHandler" class="br.com.romulo.agenda.springSecurityCustomFilters.AuthenticationFailHandler"/>
	
	<beans:bean id="languageProcessingFilter" class="br.com.romulo.agenda.springSecurityCustomFilters.MyAuthenticationProcessingFilter">
		<beans:property name="authenticationManager" ref="authenticationManager"/>
		<beans:property name="authenticationFailureHandler" ref="authenticationFailureHandler"/>
	</beans:bean>
	
	<beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint">
		<beans:property name="loginFormUrl" value="/login.zul"/>
	</beans:bean>

</beans:beans>

MyAuthenticationProcessingFilter.java

package br.com.romulo.agenda.springSecurityCustomFilters;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import br.com.romulo.agenda.bean.DadosSistemaBean;
import br.com.romulo.agenda.service.UsuarioManager;
import br.com.romulo.agenda.spring.SpringBeanFactoryUtil;

public class MyAuthenticationProcessingFilter extends
		UsernamePasswordAuthenticationFilter {
	
	DadosSistemaBean dSB;
	UsuarioManager usuarioManager;

	@Override
	protected void successfulAuthentication(HttpServletRequest request,
			HttpServletResponse response, Authentication authResult)
			throws IOException, ServletException {
		HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper((HttpServletRequest) request) {
			@Override
			public String getParameter(String parameter) {
				if (parameter.equals("spring-security-redirect")) {
					return "/agenda/principal.zul";
				}
				return null;
			}
		};
		super.successfulAuthentication(wrapper, response, authResult);

		dSB = (DadosSistemaBean) SpringBeanFactoryUtil
				.getBean("DadosSistemaBean");
		
		usuarioManager = (UsuarioManager) SpringBeanFactoryUtil
		.getBean("usuarioManager");

		dSB.setUsuarioLogado(usuarioManager.consultarPorLogin(authResult.getName()));

		System.out.println("==successful login==");
	}

	/**@Override
	protected void setDetails(HttpServletRequest request,
			UsernamePasswordAuthenticationToken authRequest) {
		super.setDetails(request, authRequest);
		// String selectedLanguage = request.getParameter("request_locale");
	}*/

}

UserDetailServiceImpl.java

package br.com.romulo.agenda.springSecurityCustomFilters;

import java.util.ArrayList;
import java.util.Collection;

import net.sourceforge.sannotations.annotation.Bean;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import br.com.romulo.agenda.model.Usuario;
import br.com.romulo.agenda.service.UsuarioManager;
import br.com.romulo.agenda.utils.StringUtils;

@Bean(name = "userDetailServiceImpl")
public class UserDetailServiceImpl implements UserDetailsService {
	@Autowired
	private UsuarioManager usuarioManager;

	@Override
	public UserDetails loadUserByUsername(String username)
			throws UsernameNotFoundException, DataAccessException {
		if (!StringUtils.isEmptyOrNull(username)) {

			final Usuario usuario = usuarioManager.consultarPorLogin(username);

			if (usuario != null) {

				final User user;

				Collection<GrantedAuthority> nivel = new ArrayList<GrantedAuthority>();
				GrantedAuthorityImpl teste = new GrantedAuthorityImpl(
						usuario.getNivelAcesso());
				nivel.add(teste);

				user = new User(usuario.getLogin(), usuario.getSenha(), true,
						true, true, true, nivel);

				if (user != null) {
					return user;

				}
			}
		}

		return null;
	}
}
Alura Desenvolvimento Front-End React Do primeiro componente à liderança técnica! HTML/CSS/JavaScript fundamental, React com hooks e...
Criado 13 de outubro de 2010
Respostas 0
Participantes 1

Topicos relacionados

Compilar e executar uma classe java pelo prompt do windows 13 respostas [RESOLVIDO] Como executar função JavaScript após página carregada 13 respostas Java.lang.OutOfMemoryError: Java heap space - Como resolver? 11 respostas Como consultar CPF na Receita Federal usando Web Service? 22 respostas Como acessar localhost de forma externa? [RESOLVIDO] 13 respostas
Alura O que é Python? — um guia completo para iniciar nessa linguagem de programação Acesse agora o guia sobre Python e inicie sua jornada nessa linguagem de programação: o que é e para que serve, sua sintaxe e como iniciar nela!
Casa do Codigo Guia pratico de TypeScript: Melhore suas aplicacoes... Por Thiago da Silva Adriano — Casa do Codigo