Prezados, boa tarde.
Estou tentando integrar o VRpator com o Spring Security e, em partes, estou obtendo sucesso. Tenho minha página de login, que é a primeira página que é aberta. Ao logar, o usuário tem acesso ao sistema. Porém, alguns pontos do sistema só poderão ser acessados pelo administrador (perfil ADMINISTRADOR) e as outras normalmente pelos operadores (perfil OPERADOR).
Quando já estou logado no sistema e tento acessar um recurso protegido, é apresentado um form de login do spring-security, se eu logar com um usuário ADMINISTRADOR, consigo acesso, se não dá o erro 403 corretamente. Todavia, o que eu queria mesmo era que o Spring levasse em consideração o usuário que já está logado no momento, para não haver necessidade de realizar um novo login já estando dentro da aplicação. Isso é possível?
Segue meu web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>MinhaApp</display-name>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>vraptor</filter-name>
<filter-class>br.com.caelum.vraptor.VRaptor</filter-class>
</filter>
<filter-mapping>
<filter-name>vraptor</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.locale</param-name>
<param-value>pt_BR</param-value>
</context-param>
</web-app>
Meu applicationContext.xml:
[code]<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation=“
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-2.5.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd”>
<http use-expressions="true">
<intercept-url pattern="/admin/**" access="hasRole('ADMINISTRADOR')" />
<form-login login-page="/index/login" default-target-url="/index/login"
authentication-failure-url="/index/login" />
</http>
<authentication-manager>
<authentication-provider>
<password-encoder hash="md5" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT usuario as username, senha as password, 'true' as enable FROM usuario_sistema WHERE usuario = ?"
authorities-by-username-query="SELECT u.usuario as username, p.nome as authority FROM usuario_sistema u, perfil p WHERE u.perfil = p.id AND usuario = ?" />
</authentication-provider>
</authentication-manager>
<beans:bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<beans:property name="location">
<beans:value>classpath:app.properties</beans:value>
</beans:property>
</beans:bean>
<beans:bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource">
<beans:property name="driverClass" value="org.postgresql.Driver" />
<beans:property name="jdbcUrl" value="${minhaapp.url}" />
<beans:property name="user" value="${db.username}" />
<beans:property name="password" value="${db.password}" />
<beans:property name="acquireIncrement" value="${c3p0.acquireIncrement}" />
<beans:property name="idleConnectionTestPeriod" value="${c3p0.idleConnectionTestPeriod}" />
<beans:property name="minPoolSize" value="${c3p0.minPoolSize}" />
<beans:property name="maxPoolSize" value="${c3p0.maxPoolSize}" />
<beans:property name="maxIdleTime" value="${c3p0.maxIdleTime}" />
</beans:bean>
<beans:bean id="sessionFactory" class="br.com.enterprise.utilities.spring.ExtendedAnnotationSessionFactoryBean">
<beans:property name="dataSource" ref="dataSource" />
<beans:property name="basePackages">
<beans:list>
<beans:value>br.com.enterprise.minhaapp.model</beans:value>
</beans:list>
</beans:property>
<beans:property name="hibernateProperties">
<beans:props>
<beans:prop key="hibernate.dialect">org.hibernate.dialect.PostgreSQLDialect</beans:prop>
<beans:prop key="hibernate.show_sql">false</beans:prop>
</beans:props>
</beans:property>
</beans:bean>
<beans:bean id="template" class="org.springframework.orm.hibernate3.HibernateTemplate">
<beans:property name="sessionFactory" ref="sessionFactory"/>
</beans:bean>
<beans:bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<beans:property name="sessionFactory" ref="sessionFactory"/>
</beans:bean>
<beans:bean id="sharedTransactionTemplate" class="org.springframework.transaction.support.TransactionTemplate">
<beans:property name="transactionManager" ref="transactionManager"/>
<beans:property name="isolationLevelName" value="ISOLATION_READ_UNCOMMITTED"/>
<beans:property name="timeout" value="300"/>
</beans:bean>
</beans:beans>[/code]
Grato desde já pela atenção!