Vraptor + Spring Security Taglib

dfreitas · Maio 4, 2012, 8:47am

Olá pessoal,

Acabei de configurar o Spring Security no Vraptor 3.4.1 e funcionou tudo certinho. Estou tentando usar a Taglib do Spring Security em minhas JSP sem sucesso. Tudo indica que a Taglib está funcionando direitinho porem o userPrincipal chega nulo para o JSP. Alguém poderia me dar uma ajuda?

Segue minhas configurações:

Java version: 1.6.0_29, vendor: Oracle Corporation
Apache Maven 3.0.4
WebLogic Server 10.3.5.0

Segue alguns trechos de códigos:

pom.xml

<properties>
	<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
	<org.springframework.version>3.0.5.RELEASE</org.springframework.version>
	<org.springsecurity.version>3.0.5.RELEASE</org.springsecurity.version>
</properties>
...
<!-- Spring -->
<dependency>
	<groupId>org.springframework</groupId>
	<artifactId>spring-context-support</artifactId>
	<version>${org.springframework.version}</version>
</dependency>

<dependency>
	<groupId>org.springframework</groupId>
	<artifactId>spring-web</artifactId>
	<version>${org.springframework.version}</version>
</dependency>

<dependency>
	<groupId>org.springframework</groupId>
	<artifactId>spring-tx</artifactId>
	<version>${org.springframework.version}</version>
</dependency>
		
<dependency>
	<groupId>org.springframework</groupId>
	<artifactId>spring-jdbc</artifactId>
	<version>${org.springframework.version}</version>
</dependency>
		
<dependency>
	<groupId>org.springframework</groupId>
	<artifactId>spring-orm</artifactId>
	<version>${org.springframework.version}</version>
</dependency>

<dependency>
	<groupId>org.springframework</groupId>
	<artifactId>spring-oxm</artifactId>
	<version>${org.springframework.version}</version>
</dependency>
		
<dependency>
	<groupId>org.springframework.security</groupId>
	<artifactId>spring-security-config</artifactId>
	<version>${org.springframework.version}</version>
</dependency>
		
<dependency>
   	<groupId>org.springframework.security</groupId>
    	<artifactId>spring-security-web</artifactId>
    	<version>${org.springsecurity.version}</version>
</dependency>
		
<dependency>
   	<groupId>org.springframework.security</groupId>
    	<artifactId>spring-security-taglibs</artifactId>
    	<version>${org.springsecurity.version}</version>
</dependency>
		
<dependency>
   	<groupId>org.springframework.security</groupId>
    	<artifactId>spring-security-ldap</artifactId>
    	<version>${org.springsecurity.version}</version>
</dependency>

web.xml


<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
   			classpath*:security.xml
    </param-value>
</context-param>
<listener>
  	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
  	<filter-name>springSecurityFilterChain</filter-name>
  	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter>
        <filter-name>sitemesh</filter-name>
        <filter-class>com.opensymphony.sitemesh.webapp.SiteMeshFilter</filter-class>
</filter>
<filter>
        <filter-name>vraptor</filter-name>
        <filter-class>br.com.caelum.vraptor.VRaptor</filter-class>
</filter>
<filter-mapping>
        <filter-name>sitemesh</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
  	<filter-name>springSecurityFilterChain</filter-name>
  	<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
        <filter-name>vraptor</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>

security.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:beans="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

	<http auto-config='true' use-expressions="true">
		<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
    	</http>

	<authentication-manager>
    	    <authentication-provider>
      		<user-service>
      			<user name="admin" password="123456" authorities="ROLE_ADMIN" />
                </user-service>
    	    </authentication-provider>
	</authentication-manager>
 
</beans:beans>

index.jsp

<%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec" %>
<sec:authorize access="hasRole('ROLE_ADMIN')">
    Admin / <sec:authentication property="principal.username" />
</sec:authorize>

Lucas_Cavalcanti · Maio 4, 2012, 10:06am

vc chegou a acessar a página de login e se logar?

essa pagina onde vc usou a taglib, vc acessou logado?

dfreitas · Maio 4, 2012, 12:01pm

Lucas,

Obrigado pela atenção. Consegui acessar sim … acesso a jsp logado …

no controller consigo ter acesso ao usuário logado:

@Autowired
HttpServletRequest  request;

@Get("/")
public void index() {
    System.out.println(request.getUserPrincipal().getName());
}

já na jsp é nulo

${pageContext.request.userPrincipal.name}

Lucas_Cavalcanti · Maio 4, 2012, 12:20pm

inverta esses dois filtros:

<filter-mapping>  
        <filter-name>sitemesh</filter-name>  
        <url-pattern>/*</url-pattern>  
</filter-mapping>  
<filter-mapping>  
    <filter-name>springSecurityFilterChain</filter-name>  
    <url-pattern>/*</url-pattern>  
</filter-mapping>

o security precisa passar antes do sitemesh, senão os jsps do sitemesh (os decorators) não terão acesso ao userPrincipal.

dfreitas · Maio 4, 2012, 12:37pm

no alvo … foi falta de atenção minha .
Obrigado Lucas e parabéns pelo Vraptor 3.

system · Janeiro 6, 2016, 3:57am

Vraptor + Spring Security Taglib

Cursos de Mobile

Cursos de Programação

Cursos de Front-end

Cursos de DevOps

Cursos de Design & UX

Cursos de Business

Cursos de Data & BI