Hi dian,
I use Spring Security in Click, it works quit simpel, implement the spring
security libs in you project. add the folowing configuration to your
web.xml
<!-- ================================== -->
<!-- Servlet Context Listeners -->
<!-- ================================== -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- ================================== -->
<!-- CONTEXT PARAMETERS -->
<!-- ================================== -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:application-context.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
add the folowing to your application context, provided that you implement a
dataSource to your project, this you can also be done in spring by using
hibernate as persistance layer.
<security:http auto-config="true" access-denied-page="/denied.htm">
<security:intercept-url pattern="/some_path/*" access="ROLE_ADMINISTRATOR"
/>
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"
/>
<security:form-login login-page="/logon.htm"
authentication-failure-url="/logon.htm?login_error=1" />
</security:http>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"
authorities-by-username-query="SELECT username,authority FROM authority
WHERE username=?"
users-by-username-query="SELECT username,password,active FROM users WHERE
username=?" />
</security:authentication-provider>
create 2 table's:
- authority with a usernae and authority and make sure a user has a
ROLE_ADMINISTRATOR or something like that, default it has to start with
ROLE_,
- users, with a username, password and active.
your login page :
public class LogonPage extends TemplatePage {
public Form form = new Form();
public LogonPage() {
setTitle("Loging page");
form.setActionURL("j_spring_security_check");
form.setMethod("post");
form.setJavaScriptValidation(true);
TextField userName = new TextField("j_username");
userName.setRequired(true);
userName.setFocus(true);
userName.setLabel("gebruikersNaam");
form.add(userName);
PasswordField password = new PasswordField("j_password");
password.setRequired(true);
password.setLabel("Wachtwoord");
form.add(password);
form.add(new NextButton("ok", " logon ", this, "onOkClicked"));
}
@Override public void onInit() {
super.onInit();
if (getParameter("login_error") != null &&
getParameter("login_error").equals("1")) {
msg = "fout bij aanmelden !";
}
}
}
that's all, this works much easier than the J2EE implementation.
Suc6
Kind Regards,
Bert Heikamp
2009/1/6 dian ruzda <[email protected]>
> Hello all,
>
> I still confuse to implements how to make authentification and
> authorization in click framework.
> I was read click manual and best practise but It can't explaine me more.
> does any body can give me simple template about implementation security in
> click framework ?
>
>
> thx..
>
