[appfuse-user] security with different page per exception

Thu, 06 May 2010 03:18:17 -0700 


i want e different flow for different exception.
like credentials expired will go to a renew credentials page.

it took me some time to figure it out so here is my full security.xml file.

key issues:
- http auto-config must be set to false
- when you do this you need to add <anonymous />
- and you need to add a ref="authenticationProcessingFilterEntryPoint" to http and as bean - and finally you can add your own authenticationProcessingFilter with the exceptionMappings 

good luck!


tibi




<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
    xmlns:beans="http://www.springframework.org/schema/beans";
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd";>
<http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint" lowercase-comparisons="false"> <intercept-url pattern="/passwordRetrieve.html*" access="ROLE_ANONYMOUS" /> <intercept-url pattern="/passwordChange.html*" access="ROLE_ANONYMOUS" /> 
        <intercept-url pattern="/admin/*" access="ROLE_ADMIN" />
        <intercept-url pattern="/**/*.html*" access="ROLE_USER" />
<intercept-url pattern="/j_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <remember-me user-service-ref="userDao" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66" /> 
        <anonymous />
    </http>
<beans:bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter"> 
        <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
        <beans:property name="exceptionMappings">
            <beans:map>
                <beans:entry key="DataAccessException" value="data-error" />
<beans:entry key="org.springframework.security.CredentialsExpiredException" value="passwordChange.html" /> <beans:entry key="org.springframework.security.AccountExpiredException" value="passwordChange.html" /> 

            </beans:map>
        </beans:property>
        <beans:property name="defaultTargetUrl" value="/" />
<beans:property name="authenticationManager" ref="authenticationManager"/> <beans:property name="authenticationFailureUrl" value="/login.jsp?login_error=true"/> 
        <beans:property name="filterProcessesUrl" value="/j_security_check" />

    </beans:bean>

    <beans:bean id="authenticationProcessingFilterEntryPoint"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"> 
        <beans:property name="loginFormUrl" value="/login.jsp"/>
        <beans:property name="forceHttps" value="false"/>
    </beans:bean>

        <authentication-manager alias="authenticationManagerAlias" />

    <authentication-provider user-service-ref="userDao">
        <password-encoder ref="passwordEncoder" />
    </authentication-provider>


    <global-method-security>
<protect-pointcut expression="execution(* *..service.UserManager.getUsers(..))" access="ROLE_ADMIN" /> <protect-pointcut expression="execution(* *..service.UserManager.removeUser(..))" access="ROLE_ADMIN" /> 
    </global-method-security>
</beans:beans>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net
For additional commands, e-mail: users-h...@appfuse.dev.java.net

Reply via email to