Karen, this isn't just a startup point its half of the solution! Thank you very much, Richard
On Tue, May 11, 2010 at 1:08 PM, KR <k-no-s...@a4consulting.nl> wrote: > I forgot to mention that Spring Security is compatible with Stripesstuff > SecurityManager: > > http://www.stripesframework.org/display/stripes/Security+Interceptor+for+custom+authorization > > This is handy, because you then can use standard Java annotations to secure > resolutions on actionbeans: > > @javax.annotation.security.RolesAllowed("ROLE_ADMIN") > > In you're code you can also query the principal and roles by using standard > Java API: > > getContext().getRequest().isUserInRole("ROLE_ADMIN"); > getContext().getRequest().getUserPrincipal().getName(); > > If you customize the Spring Security principal you can retrieve it like > this: > > import > org.springframework.security.authentication.UsernamePasswordAuthenticationToken; > > UsernamePasswordAuthenticationToken token = > (UsernamePasswordAuthenticationToken) > getContext().getRequest().getUserPrincipal(); > CustomPrincipal customPrincipal = (CustomPrincipal) > token.getPrincipal(); > userId = customPrincipal.getUserId(); > > > "Brian McSweeney" <brian.mcswee...@gmail.com> > wrote in message > news:aanlktimol_cy4tgsi0pqnnx5ja9st4-kbiutiork0...@mail.gmail.com... >> Super info, >> >> thanks a million...i'm slowly getting it working and of course, the >> problem >> I was experiencing was not stripes related but more the config of spring >> security. Appreciate your help >> >> :) >> >> On Tue, May 11, 2010 at 11:24 AM, KR >> <k-no-s...@a4consulting.nl> wrote: >> >>> Brian, Richard, >>> >>> I made a small how-to-spring-security. Remember, there is nothing special >>> about using Spring Security with Stripes, so you can just follow the >>> Spring >>> documentation if I am not clear enough (or forgot something crucial.) >>> >>> First you will need to add the Spring and Spring Security jars (they are >>> separate downloads) to you're classpath. >>> >>> Next you will need to configure you're web.xml. >>> >>> Besides the regular Spring ContextLoaderListener you will also need to >>> add >>> a >>> Spring Security listener: >>> >>> <listener> >>> >>> >>> >>> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> >>> >>> </listener> >>> >>> <listener> >>> >>> >>> >>> <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class> >>> >>> </listener> >>> >>> In the same web.xml you also need to add a filter (make sure it's the >>> first >>> in the file!). In my application it looks like this: >>> >>> <filter> >>> >>> <filter-name>springSecurityFilterChain</filter-name> >>> >>> >>> >>> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> >>> >>> </filter> >>> >>> >>> >>> <filter-mapping> >>> >>> <filter-name>springSecurityFilterChain</filter-name> >>> >>> <url-pattern>/*</url-pattern> >>> >>> </filter-mapping> >>> >>> >>> >>> You will also need to add the locations of you're Spring configuration >>> files: >>> >>> <context-param> >>> >>> <param-name>contextConfigLocation</param-name> >>> >>> <param-value> >>> >>> /WEB-INF/applicationContext.xml >>> >>> /WEB-INF/applicationContext-security.xml >>> >>> </param-value> >>> >>> </context-param> >>> >>> >>> Then you'le need to configure you're applicationContext-security and >>> customize classes. You can find detailed info about this in the Spring >>> security documention: >>> >>> >>> >>> http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html >>> >>> >>> >>> A good customization example of this can be found here: >>> >>> >>> >>> >>> http://stackoverflow.com/questions/2683308/spring-security-3-database-authentication-with-hibernate/2701722#2701722 >>> >>> >>> >>> >>> >>> BTW, it would be much easier to ask this on Stack Overflow. I could then >>> answer the question over there (much better layout). >>> >>> >>> >>> "Richard Hauswald" >>> <richard.hausw...@googlemail.com> wrote in >>> message >>> news:aanlktiksr_aigzjdlrsi_blgbp_eyklhmjqwknipn...@mail.gmail.com... >>> > Karen, >>> > I'm also interested in this topic. Would you mind give me some startup >>> > pointers? >>> > Thankz, >>> > Richard >>> > >>> > >>> > On Mon, May 10, 2010 at 11:56 PM, KR >>> > <k-no-s...@a4consulting.nl> wrote: >>> >> Brian, >>> >> >>> >> No problems here, using Spring Security 3. >>> >> >>> >> Karen >>> >> >>> >> "Brian McSweeney" >>> >> <brian.mcswee...@gmail.com> >>> >> wrote in message >>> >> news:aanlktinzuw1krhgrpcs3ucddoqeskcywejsrynhcu...@mail.gmail.com... >>> >>> Hey folks, >>> >>> >>> >>> I'm having problems integrating spring security into a stripes >>> >>> application. >>> >>> Can anyone tell me if they've successfully done this before? >>> >>> >>> >>> thanks, >>> >>> Brian >>> >>> >>> >> >>> >> >>> >> >>> -------------------------------------------------------------------------------- >>> >> >>> >> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> >>> >>> >>> >> >>> >> >>> >> >>> -------------------------------------------------------------------------------- >>> >> >>> >> >>> >>> _______________________________________________ >>> >>> Stripes-users mailing list >>> >>> Stripes-users@lists.sourceforge.net >>> >>> https://lists.sourceforge.net/lists/listinfo/stripes-users >>> >>> >>> >> >>> >> >>> >> >>> >> >>> >> >>> ------------------------------------------------------------------------------ >>> >> >>> >> _______________________________________________ >>> >> Stripes-users mailing list >>> >> Stripes-users@lists.sourceforge.net >>> >> https://lists.sourceforge.net/lists/listinfo/stripes-users >>> >> >>> > >>> > >>> > >>> > -- >>> > Richard Hauswald >>> > Blog: http://tnfstacc.blogspot.com/ >>> > LinkedIn: http://www.linkedin.com/in/richardhauswald >>> > Xing: http://www.xing.com/profile/Richard_Hauswald >>> > >>> > >>> ------------------------------------------------------------------------------ >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Stripes-users mailing list >>> Stripes-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/stripes-users >>> >> >> >> >> -- >> ----------------------------------------- >> Brian McSweeney >> >> Technology Director >> Smarter Technology >> web: http://www.smarter.ie >> phone: +353868578212 >> ----------------------------------------- >> > > > -------------------------------------------------------------------------------- > > >> ------------------------------------------------------------------------------ >> >> > > > -------------------------------------------------------------------------------- > > >> _______________________________________________ >> Stripes-users mailing list >> Stripes-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/stripes-users >> > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Stripes-users mailing list > Stripes-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/stripes-users > -- Richard Hauswald Blog: http://tnfstacc.blogspot.com/ LinkedIn: http://www.linkedin.com/in/richardhauswald Xing: http://www.xing.com/profile/Richard_Hauswald ------------------------------------------------------------------------------ _______________________________________________ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
