Closed GoogleCodeExporter closed 8 years ago
can you post your web.xml and bean config file please? I suppose you have read
this document http://docs.zkoss.org/wiki/Spring
Original comment by ashish.dasnurkar
on 13 Oct 2010 at 4:38
Hi,
from web.xml: Which part are you interested in? I just double checked it with
the samples from http://docs.zkoss.org/wiki/Spring and everything seems to be
here. Except that i'm using an own spring loader that collects all config files
from my project automatically.
From my bean config i post the relevant items here:
my "main" config is:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:zksp="http://www.zkoss.org/2008/zkspring/core"
xmlns:zksp-annot="http://www.zkoss.org/2008/zkspring-annot"
xsi:schemaLocation="
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd
http://www.zkoss.org/2008/zkspring/core http://www.zkoss.org/2008/zkspring/core/zkspring-core.xsd
http://www.zkoss.org/2008/zkspring-annot http://www.zkoss.org/2008/zkspring-annot/zkspring-annot.xsd
"
>
<!-- Spring Annotation Config -->
<context:annotation-config />
<context:component-scan base-package="org,de,com" />
<aop:aspectj-autoproxy />
<!-- ZK Spring Annotation Config -->
<zksp:zk-config/>
<zksp-annot:component-scan base-package="org,de"/>
</beans>
The security config:
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:zksp="http://www.zkoss.org/2008/zkspring/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://www.zkoss.org/2008/zkspring/security
http://www.zkoss.org/2008/zkspring/security/zkspring-security.xsd">
<!--
- Enable the @Secured annotation to secure service layer methods
-->
<security:global-method-security secured-annotations="enabled">
</security:global-method-security>
<!--
- Secure the page per the URL pattern
-->
<security:http auto-config="true">
<security:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
<security:intercept-url pattern="/zkau/web/mc*/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/zkau/web/sa*/**" access="IS_AUTHENTICATED_REMEMBERED" />
<security:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
<security:intercept-url pattern="/index**" access="IS_AUTHENTICATED_REMEMBERED" />
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- use own login page rather than the default one -->
<security:form-login login-page="${sapartner.auth.loginpage}" login-processing-url="${sapartner.auth.loginProcessing}"
authentication-failure-url="${sapartner.auth.loginpage}?login_error=1"/>
<security:logout logout-success-url="${sapartner.auth.logoutpage}" logout-url="${sapartner.auth.logouttrigger}"/>
<!-- Following is list of ZK Spring Security custom filters.
They needs to be exactly in the same order as shown below in order to work. -->
<security:custom-filter ref="zkDesktopReuseFilter" position="FIRST" />
<security:custom-filter ref="zkDisableSessionInvalidateFilter" before="FORM_LOGIN_FILTER"/>
<security:custom-filter ref="zkEnableSessionInvalidateFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
<security:custom-filter ref="zkLoginOKFilter" after="FILTER_SECURITY_INTERCEPTOR"/>
<security:custom-filter ref="zkError403Filter" after="LOGOUT_FILTER"/>
</security:http>
<!--
- Secure the ZK event processing per the event name and ZK component path pattern
-->
<zksp:zk-event login-template-close-delay="5">
<!--
<zksp:intercept-event event="onClick" path="//**/rebuildSearch" access="ROLE_TELLER"/>
<zksp:intercept-event event="onClick" path="//**/btn_*" access="ROLE_TELLER"/>
-->
<zksp:intercept-event path="/secure/**" access="ROLE_USER"/>
<zksp:intercept-event path="/zkau/web/mc*/**" access="IS_AUTHENTICATED_REMEMBERED" />
<zksp:intercept-event path="/zkau/web/sa*/**" access="IS_AUTHENTICATED_REMEMBERED" />
<zksp:intercept-event path="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
</zksp:zk-event>
<!-- removed user resolver and some related beans -->
</beans>
So everything seems to be like the samples.
I debugged into ZkEventSecurityBeanDefinitionParser.java and looked on the
"filterChainMap" property from the filterChainProxy. And this is from the
debugger output:
{/**=[<zkDesktopReuseFilter>, Root bean: class
[org.springframework.security.web.context.SecurityContextPersistenceFilter];
scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0;
autowireCandidate=true; primary=false; factoryBeanName=null;
factoryMethodName=null; initMethodName=null; destroyMethodName=null, Root bean:
class [org.springframework.security.web.authentication.logout.LogoutFilter];
scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0;
autowireCandidate=true; primary=false; factoryBeanName=null;
factoryMethodName=null; initMethodName=null; destroyMethodName=null,
<zkError403Filter>, <zkDisableSessionInvalidateFilter>, Root bean: class
[org.springframework.security.web.authentication.UsernamePasswordAuthenticationF
ilter]; scope=; abstract=false; lazyInit=false; autowireMode=0;
dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null;
factoryMethodName=null; initMethodName=null; destroyMethodName=null, Root bean:
class
[org.springframework.security.web.authentication.www.BasicAuthenticationFilter];
scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0;
autowireCandidate=true; primary=false; factoryBeanName=null;
factoryMethodName=null; initMethodName=null; destroyMethodName=null, Root bean:
class [org.springframework.security.web.savedrequest.RequestCacheAwareFilter];
scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0;
autowireCandidate=true; primary=false; factoryBeanName=null;
factoryMethodName=null; initMethodName=null; destroyMethodName=null, Root bean:
class
[org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFi
lter]; scope=; abstract=false; lazyInit=false; autowireMode=0;
dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null;
factoryMethodName=null; initMethodName=null; destroyMethodName=null, Root bean:
class
[org.springframework.security.web.authentication.AnonymousAuthenticationFilter];
scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0;
autowireCandidate=true; primary=false; factoryBeanName=null;
factoryMethodName=null; initMethodName=null; destroyMethodName=null, Root bean:
class [org.springframework.security.web.session.SessionManagementFilter];
scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0;
autowireCandidate=true; primary=false; factoryBeanName=null;
factoryMethodName=null; initMethodName=null; destroyMethodName=null, Root bean:
class [org.springframework.security.web.access.ExceptionTranslationFilter];
scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0;
autowireCandidate=true; primary=false; factoryBeanName=null;
factoryMethodName=null; initMethodName=null; destroyMethodName=null,
<zkEnableSessionInvalidateFilter>,
<org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>,
<zkLoginOKFilter>]}
Any hints on this?
Hope the provided info helps a bit...
bye,
chris
Original comment by Christia...@gmail.com
on 13 Oct 2010 at 7:17
Sorry I couldn't reproduce this issue. Could you please post a working example
of it? war?
Original comment by ashish.dasnurkar
on 1 Mar 2011 at 2:05
Also try it with the latest freshly zk-spring-core-bin-3.0RC-FL-2011-02-24.zip
Original comment by ashish.dasnurkar
on 1 Mar 2011 at 6:33
It seems to be solved. I used a patched version and it seems i'm not facing
this issue with 3.0...
Original comment by Christia...@gmail.com
on 8 Apr 2011 at 3:13
Fixed since 5/12/2011
Original comment by ashish.dasnurkar
on 12 May 2011 at 3:04
Original issue reported on code.google.com by
Christia...@gmail.com
on 7 Oct 2010 at 7:43