[jira] Commented: (MYFACES-2009) Spring Security integration inside JSF Components

2008-10-17 Thread JIRA 

[ 
https://issues.apache.org/jira/browse/MYFACES-2009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12640487#action_12640487
 ] 

Juan Pablo Santos Rodríguez commented on MYFACES-2009:
--

Hi, 

I've been playing with the above functionality. As mentioned, Spring Security 
support is given by MyFaces out of the box. But, I've haven't found the way of 
having Spring Security AND also being able of beans injection. Spring reference 
guide states that, in order to enable Spring injection, the VariableResolver 
must be one of org.springframework.web.jsf.DelegatingVariableResolver (JSF 1.1 
 1.2), org.springframework.web.jsf.SpringBeanVariableResolver (JSF 1.1  1.2) 
or org.springframework.web.jsf.el.SpringBeanFacesELResolver (1.2+)

The only workaround of having both functionalilies I've found goes through the 
custom resolver, which was extending 
org.springframework.web.jsf.DelegatingVariableResolver 

I can provide a little testing application and reopen the issue/open a new 
issue, if you think this should be MyFaces related (right now I'm not very sure 
if it should be Spring / Spring Security responsability or a MyFaces issue).

regards,
juan pablo

 Spring Security integration inside JSF Components
 -

 Key: MYFACES-2009
 URL: https://issues.apache.org/jira/browse/MYFACES-2009
 Project: MyFaces Core
  Issue Type: New Feature
  Components: General
Affects Versions: 1.1.6
Reporter: Juan Pablo Santos Rodríguez

 As noted many times, there is no native integration of Spring Security tags 
 inside a JSF webapp. I've seen a few approaches, but they're mostly custom 
 JSF-Spring-Security components. In our current project we needed to use 
 Spring Security tags functionality inside any JSF component (custom or not). 
 We ended reaching MyFaces' own Security Context 
 (http://wiki.apache.org/myfaces/SecurityContext), which default 
 implementation is J2EE based.
 We've extended it with a custom Spring Security implementation, hence this 
 development, which is now publicly available, as we think it may be useful 
 for the community. The basic idea is that Spring's Security Context is going 
 to be available via EL, i.e. you can:
 h:outputText 
 rendered=#{securityContext.ifAllGranted['ROLE_ADMIN,ROLE_USER']}how how 
 how/h:outputText
 Some notes:
 - The zip is bundled as a maven 2 project, so 'mvn clean install' and add the 
 jar as a dependency
 - It is a Java 5, Spring 2.5.5, Spring Security 2.0.3, MyFaces 1.1.6 project, 
 this were customer requirements. Although, all of these should be easily 
 changed, only messing with dependencies is required O:-) (it should *should* 
 not affect the build, but we've not checked).
 - As it is MyFaces 1.1.x based, it extends Spring's 
 DelegatingVariableResolver. Same as former statement, it *could* be easily 
 changed, only changing the extended class and the usual dependency changes. 
 Again, we've not checked (but hey, should be an *easy* change O:-)). 
 - Default behaviour of the new Resolver is to check if the requested 
 operation corresponds to a security operation, if not, runs parent behaviour.
 - IMPORTANT: the security operations available via EL are noted in here: 
 http://wiki.apache.org/myfaces/SecurityContext . Anyone willing to make 
 available any other operation via EL should extend his own 
 http://svn.apache.org/viewvc/myfaces/tomahawk/trunk/sandbox/core/src/main/java/org/apache/myfaces/custom/security/SecurityContextPropertyResolver.java?view=markup
  implementation and change his faces-config accordingly.
 - There are several classes which have been taken from tomahawk's 1.1.6 
 sandbox, in order to make dependencies management a bit easier. This is noted 
 at class-javadoc level.
 - In jsf-example-webapp module just 'mvn jetty:run' to run the example 
 webapp. There is a dummy security applicationContext, with users and 
 passwords hardcoded in it (this is only a dumb demo) inside resources folder. 
 Serious applications will likely have a more complex configuration.
 Configuration:
 1st.- Make your JSF application Spring Security Aware 
 (http://static.springframework.org/spring-security/site/reference/html/ns-config.html#ns-getting-started)
 2nd.- Make your JSF application Spring aware 
 (http://static.springframework.org/spring/docs/2.5.x/reference/web-integration.html#jsf).
  This implementation assumes JSF 1.1 integration 
 (http://static.springframework.org/spring/docs/2.5.x/reference/web-integration.html#jsf-delegatingvariableresolver).
  JSF 1.2 will require code modification, as noted above.
 3nd.- In your faces-config.xml set:
   faces-config
 application
   
 variable-resolverorg.apache.myfaces.custom.security.MyFacesSecurityContextSpringDelegatingVariableResolver/variable-resolver

[jira] Commented: (MYFACES-2009) Spring Security integration inside JSF Components

2008-10-17 Thread Cagatay Civici (JIRA) 

[ 
https://issues.apache.org/jira/browse/MYFACES-2009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12640497#action_12640497
 ] 

Cagatay Civici commented on MYFACES-2009:
-

I am using Spring Security, Spring based JSF backing beans and MyFaces 
SecurityContext without a problem, I use DelegatingVariableResolver.  This 
combination works, maybe there is an issue with your configuration. You may use 
this blog entry based on JSF-Spring-Spring Security-Orchestra-JPA integration:

http://prime.com.tr/cagataycivici/?p=99

 Spring Security integration inside JSF Components
 -

 Key: MYFACES-2009
 URL: https://issues.apache.org/jira/browse/MYFACES-2009
 Project: MyFaces Core
  Issue Type: New Feature
  Components: General
Affects Versions: 1.1.6
Reporter: Juan Pablo Santos Rodríguez

 As noted many times, there is no native integration of Spring Security tags 
 inside a JSF webapp. I've seen a few approaches, but they're mostly custom 
 JSF-Spring-Security components. In our current project we needed to use 
 Spring Security tags functionality inside any JSF component (custom or not). 
 We ended reaching MyFaces' own Security Context 
 (http://wiki.apache.org/myfaces/SecurityContext), which default 
 implementation is J2EE based.
 We've extended it with a custom Spring Security implementation, hence this 
 development, which is now publicly available, as we think it may be useful 
 for the community. The basic idea is that Spring's Security Context is going 
 to be available via EL, i.e. you can:
 h:outputText 
 rendered=#{securityContext.ifAllGranted['ROLE_ADMIN,ROLE_USER']}how how 
 how/h:outputText
 Some notes:
 - The zip is bundled as a maven 2 project, so 'mvn clean install' and add the 
 jar as a dependency
 - It is a Java 5, Spring 2.5.5, Spring Security 2.0.3, MyFaces 1.1.6 project, 
 this were customer requirements. Although, all of these should be easily 
 changed, only messing with dependencies is required O:-) (it should *should* 
 not affect the build, but we've not checked).
 - As it is MyFaces 1.1.x based, it extends Spring's 
 DelegatingVariableResolver. Same as former statement, it *could* be easily 
 changed, only changing the extended class and the usual dependency changes. 
 Again, we've not checked (but hey, should be an *easy* change O:-)). 
 - Default behaviour of the new Resolver is to check if the requested 
 operation corresponds to a security operation, if not, runs parent behaviour.
 - IMPORTANT: the security operations available via EL are noted in here: 
 http://wiki.apache.org/myfaces/SecurityContext . Anyone willing to make 
 available any other operation via EL should extend his own 
 http://svn.apache.org/viewvc/myfaces/tomahawk/trunk/sandbox/core/src/main/java/org/apache/myfaces/custom/security/SecurityContextPropertyResolver.java?view=markup
  implementation and change his faces-config accordingly.
 - There are several classes which have been taken from tomahawk's 1.1.6 
 sandbox, in order to make dependencies management a bit easier. This is noted 
 at class-javadoc level.
 - In jsf-example-webapp module just 'mvn jetty:run' to run the example 
 webapp. There is a dummy security applicationContext, with users and 
 passwords hardcoded in it (this is only a dumb demo) inside resources folder. 
 Serious applications will likely have a more complex configuration.
 Configuration:
 1st.- Make your JSF application Spring Security Aware 
 (http://static.springframework.org/spring-security/site/reference/html/ns-config.html#ns-getting-started)
 2nd.- Make your JSF application Spring aware 
 (http://static.springframework.org/spring/docs/2.5.x/reference/web-integration.html#jsf).
  This implementation assumes JSF 1.1 integration 
 (http://static.springframework.org/spring/docs/2.5.x/reference/web-integration.html#jsf-delegatingvariableresolver).
  JSF 1.2 will require code modification, as noted above.
 3nd.- In your faces-config.xml set:
   faces-config
 application
   
 variable-resolverorg.apache.myfaces.custom.security.MyFacesSecurityContextSpringDelegatingVariableResolver/variable-resolver
   
 property-resolverorg.apache.myfaces.custom.security.SecurityContextPropertyResolver/property-resolver
   !-- ... --
 and that's all.
 cheers,
 juan pablo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (MYFACES-2009) Spring Security integration inside JSF Components

2008-10-17 Thread JIRA 

[ 
https://issues.apache.org/jira/browse/MYFACES-2009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12640499#action_12640499
 ] 

Juan Pablo Santos Rodríguez commented on MYFACES-2009:
--

Hi Cagatay, 

thanks on your fast response. I'll take a look at that post. Right now, if I 
use DelegatingVariableResolver I don't get Spring Security integration. Never 
mind, surely it's me. If I found anything interesting I'll comment back

cheers,
juan pablo

 Spring Security integration inside JSF Components
 -

 Key: MYFACES-2009
 URL: https://issues.apache.org/jira/browse/MYFACES-2009
 Project: MyFaces Core
  Issue Type: New Feature
  Components: General
Affects Versions: 1.1.6
Reporter: Juan Pablo Santos Rodríguez

 As noted many times, there is no native integration of Spring Security tags 
 inside a JSF webapp. I've seen a few approaches, but they're mostly custom 
 JSF-Spring-Security components. In our current project we needed to use 
 Spring Security tags functionality inside any JSF component (custom or not). 
 We ended reaching MyFaces' own Security Context 
 (http://wiki.apache.org/myfaces/SecurityContext), which default 
 implementation is J2EE based.
 We've extended it with a custom Spring Security implementation, hence this 
 development, which is now publicly available, as we think it may be useful 
 for the community. The basic idea is that Spring's Security Context is going 
 to be available via EL, i.e. you can:
 h:outputText 
 rendered=#{securityContext.ifAllGranted['ROLE_ADMIN,ROLE_USER']}how how 
 how/h:outputText
 Some notes:
 - The zip is bundled as a maven 2 project, so 'mvn clean install' and add the 
 jar as a dependency
 - It is a Java 5, Spring 2.5.5, Spring Security 2.0.3, MyFaces 1.1.6 project, 
 this were customer requirements. Although, all of these should be easily 
 changed, only messing with dependencies is required O:-) (it should *should* 
 not affect the build, but we've not checked).
 - As it is MyFaces 1.1.x based, it extends Spring's 
 DelegatingVariableResolver. Same as former statement, it *could* be easily 
 changed, only changing the extended class and the usual dependency changes. 
 Again, we've not checked (but hey, should be an *easy* change O:-)). 
 - Default behaviour of the new Resolver is to check if the requested 
 operation corresponds to a security operation, if not, runs parent behaviour.
 - IMPORTANT: the security operations available via EL are noted in here: 
 http://wiki.apache.org/myfaces/SecurityContext . Anyone willing to make 
 available any other operation via EL should extend his own 
 http://svn.apache.org/viewvc/myfaces/tomahawk/trunk/sandbox/core/src/main/java/org/apache/myfaces/custom/security/SecurityContextPropertyResolver.java?view=markup
  implementation and change his faces-config accordingly.
 - There are several classes which have been taken from tomahawk's 1.1.6 
 sandbox, in order to make dependencies management a bit easier. This is noted 
 at class-javadoc level.
 - In jsf-example-webapp module just 'mvn jetty:run' to run the example 
 webapp. There is a dummy security applicationContext, with users and 
 passwords hardcoded in it (this is only a dumb demo) inside resources folder. 
 Serious applications will likely have a more complex configuration.
 Configuration:
 1st.- Make your JSF application Spring Security Aware 
 (http://static.springframework.org/spring-security/site/reference/html/ns-config.html#ns-getting-started)
 2nd.- Make your JSF application Spring aware 
 (http://static.springframework.org/spring/docs/2.5.x/reference/web-integration.html#jsf).
  This implementation assumes JSF 1.1 integration 
 (http://static.springframework.org/spring/docs/2.5.x/reference/web-integration.html#jsf-delegatingvariableresolver).
  JSF 1.2 will require code modification, as noted above.
 3nd.- In your faces-config.xml set:
   faces-config
 application
   
 variable-resolverorg.apache.myfaces.custom.security.MyFacesSecurityContextSpringDelegatingVariableResolver/variable-resolver
   
 property-resolverorg.apache.myfaces.custom.security.SecurityContextPropertyResolver/property-resolver
   !-- ... --
 and that's all.
 cheers,
 juan pablo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (MYFACES-2009) Spring Security integration inside JSF Components

2008-10-13 Thread Cagatay Civici (JIRA) 

[ 
https://issues.apache.org/jira/browse/MYFACES-2009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12639035#action_12639035
 ] 

Cagatay Civici commented on MYFACES-2009:
-

Have you tried Spring Security with Default security context implementation of 
MyFaces, HttpContextIntegrationFilter wraps the requests by default so I dont 
think there is a need to implement custom security context implementation, it 
should work out of the box if the HttpContextIntegrationFilter is configured 
and afaik it is configured by default using security namespace configuration of 
spring.

 Spring Security integration inside JSF Components
 -

 Key: MYFACES-2009
 URL: https://issues.apache.org/jira/browse/MYFACES-2009
 Project: MyFaces Core
  Issue Type: New Feature
  Components: General
Affects Versions: 1.1.6
Reporter: Juan Pablo Santos Rodríguez
 Attachments: myfaces-securitycontext-spring-security-impl.zip


 As noted many times, there is no native integration of Spring Security tags 
 inside a JSF webapp. I've seen a few approaches, but they're mostly custom 
 JSF-Spring-Security components. In our current project we needed to use 
 Spring Security tags functionality inside any JSF component (custom or not). 
 We ended reaching MyFaces' own Security Context 
 (http://wiki.apache.org/myfaces/SecurityContext), which default 
 implementation is J2EE based.
 We've extended it with a custom Spring Security implementation, hence this 
 development, which is now publicly available, as we think it may be useful 
 for the community. The basic idea is that Spring's Security Context is going 
 to be available via EL, i.e. you can:
 h:outputText 
 rendered=#{securityContext.ifAllGranted['ROLE_ADMIN,ROLE_USER']}how how 
 how/h:outputText
 Some notes:
 - The zip is bundled as a maven 2 project, so 'mvn clean install' and add the 
 jar as a dependency
 - It is a Java 5, Spring 2.5.5, Spring Security 2.0.3, MyFaces 1.1.6 project, 
 this were customer requirements. Although, all of these should be easily 
 changed, only messing with dependencies is required O:-) (it should *should* 
 not affect the build, but we've not checked).
 - As it is MyFaces 1.1.x based, it extends Spring's 
 DelegatingVariableResolver. Same as former statement, it *could* be easily 
 changed, only changing the extended class and the usual dependency changes. 
 Again, we've not checked (but hey, should be an *easy* change O:-)). 
 - Default behaviour of the new Resolver is to check if the requested 
 operation corresponds to a security operation, if not, runs parent behaviour.
 - IMPORTANT: the security operations available via EL are noted in here: 
 http://wiki.apache.org/myfaces/SecurityContext . Anyone willing to make 
 available any other operation via EL should extend his own 
 http://svn.apache.org/viewvc/myfaces/tomahawk/trunk/sandbox/core/src/main/java/org/apache/myfaces/custom/security/SecurityContextPropertyResolver.java?view=markup
  implementation and change his faces-config accordingly.
 - There are several classes which have been taken from tomahawk's 1.1.6 
 sandbox, in order to make dependencies management a bit easier. This is noted 
 at class-javadoc level.
 - In jsf-example-webapp module just 'mvn jetty:run' to run the example 
 webapp. There is a dummy security applicationContext, with users and 
 passwords hardcoded in it (this is only a dumb demo) inside resources folder. 
 Serious applications will likely have a more complex configuration.
 Configuration:
 1st.- Make your JSF application Spring Security Aware 
 (http://static.springframework.org/spring-security/site/reference/html/ns-config.html#ns-getting-started)
 2nd.- Make your JSF application Spring aware 
 (http://static.springframework.org/spring/docs/2.5.x/reference/web-integration.html#jsf).
  This implementation assumes JSF 1.1 integration 
 (http://static.springframework.org/spring/docs/2.5.x/reference/web-integration.html#jsf-delegatingvariableresolver).
  JSF 1.2 will require code modification, as noted above.
 3nd.- In your faces-config.xml set:
   faces-config
 application
   
 variable-resolverorg.apache.myfaces.custom.security.MyFacesSecurityContextSpringDelegatingVariableResolver/variable-resolver
   
 property-resolverorg.apache.myfaces.custom.security.SecurityContextPropertyResolver/property-resolver
   !-- ... --
 and that's all.
 cheers,
 juan pablo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (MYFACES-2009) Spring Security integration inside JSF Components

2008-10-13 Thread JIRA 

[ 
https://issues.apache.org/jira/browse/MYFACES-2009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12639071#action_12639071
 ] 

Juan Pablo Santos Rodríguez commented on MYFACES-2009:
--

Hi,

customer did have an special security context implementation, so 
HttpSessionContextIntegrationFilter wasn't an option.. However, performing 
suggested steps does the trick, no need of a custom implementation. The hurries 
of attaching, didn't find anything related at myfaces wiki :-x Mark this as 
WONTFIX, please.

regards,
jp

 Spring Security integration inside JSF Components
 -

 Key: MYFACES-2009
 URL: https://issues.apache.org/jira/browse/MYFACES-2009
 Project: MyFaces Core
  Issue Type: New Feature
  Components: General
Affects Versions: 1.1.6
Reporter: Juan Pablo Santos Rodríguez
 Attachments: myfaces-securitycontext-spring-security-impl.zip


 As noted many times, there is no native integration of Spring Security tags 
 inside a JSF webapp. I've seen a few approaches, but they're mostly custom 
 JSF-Spring-Security components. In our current project we needed to use 
 Spring Security tags functionality inside any JSF component (custom or not). 
 We ended reaching MyFaces' own Security Context 
 (http://wiki.apache.org/myfaces/SecurityContext), which default 
 implementation is J2EE based.
 We've extended it with a custom Spring Security implementation, hence this 
 development, which is now publicly available, as we think it may be useful 
 for the community. The basic idea is that Spring's Security Context is going 
 to be available via EL, i.e. you can:
 h:outputText 
 rendered=#{securityContext.ifAllGranted['ROLE_ADMIN,ROLE_USER']}how how 
 how/h:outputText
 Some notes:
 - The zip is bundled as a maven 2 project, so 'mvn clean install' and add the 
 jar as a dependency
 - It is a Java 5, Spring 2.5.5, Spring Security 2.0.3, MyFaces 1.1.6 project, 
 this were customer requirements. Although, all of these should be easily 
 changed, only messing with dependencies is required O:-) (it should *should* 
 not affect the build, but we've not checked).
 - As it is MyFaces 1.1.x based, it extends Spring's 
 DelegatingVariableResolver. Same as former statement, it *could* be easily 
 changed, only changing the extended class and the usual dependency changes. 
 Again, we've not checked (but hey, should be an *easy* change O:-)). 
 - Default behaviour of the new Resolver is to check if the requested 
 operation corresponds to a security operation, if not, runs parent behaviour.
 - IMPORTANT: the security operations available via EL are noted in here: 
 http://wiki.apache.org/myfaces/SecurityContext . Anyone willing to make 
 available any other operation via EL should extend his own 
 http://svn.apache.org/viewvc/myfaces/tomahawk/trunk/sandbox/core/src/main/java/org/apache/myfaces/custom/security/SecurityContextPropertyResolver.java?view=markup
  implementation and change his faces-config accordingly.
 - There are several classes which have been taken from tomahawk's 1.1.6 
 sandbox, in order to make dependencies management a bit easier. This is noted 
 at class-javadoc level.
 - In jsf-example-webapp module just 'mvn jetty:run' to run the example 
 webapp. There is a dummy security applicationContext, with users and 
 passwords hardcoded in it (this is only a dumb demo) inside resources folder. 
 Serious applications will likely have a more complex configuration.
 Configuration:
 1st.- Make your JSF application Spring Security Aware 
 (http://static.springframework.org/spring-security/site/reference/html/ns-config.html#ns-getting-started)
 2nd.- Make your JSF application Spring aware 
 (http://static.springframework.org/spring/docs/2.5.x/reference/web-integration.html#jsf).
  This implementation assumes JSF 1.1 integration 
 (http://static.springframework.org/spring/docs/2.5.x/reference/web-integration.html#jsf-delegatingvariableresolver).
  JSF 1.2 will require code modification, as noted above.
 3nd.- In your faces-config.xml set:
   faces-config
 application
   
 variable-resolverorg.apache.myfaces.custom.security.MyFacesSecurityContextSpringDelegatingVariableResolver/variable-resolver
   
 property-resolverorg.apache.myfaces.custom.security.SecurityContextPropertyResolver/property-resolver
   !-- ... --
 and that's all.
 cheers,
 juan pablo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.