I would love to see this on the wiki, please add it as a child page to the blossom page.
http://wiki.magnolia-cms.com/display/WIKI/Magnolia+Blossom I'm absolutely sure that others will be interested to see what you did. // Tobias On Mar 8, 2011, at 4:41 PM, Thomas Duffey wrote: > Alright, you convinced me. I now have this working with Blossom initializing > Spring in the module. My web.xml still defines my custom servlet dispatcher > and the Spring Security filter chain: > > <listener> > > <listener-class>info.magnolia.module.blossom.support.ServletContextExposingContextListener</listener-class> > </listener> > <listener> > > <listener-class>info.magnolia.cms.servlets.MgnlServletContextListener</listener-class> > </listener> > > <servlet> > <servlet-name>foo</servlet-name> > > <servlet-class>info.magnolia.module.blossom.web.InstallationAwareDispatcherServlet</servlet-class> > <load-on-startup>1</load-on-startup> > <init-param> > <param-name>contextConfigLocation</param-name> > <param-value>classpath:foo-servlet.xml</param-value> > </init-param> > </servlet> > <servlet-mapping> > <servlet-name>foo</servlet-name> > <url-pattern>/foo/*</url-pattern> > </servlet-mapping> > > <filter> > <filter-name>springSecurityFilterChain</filter-name> > > <filter-class>info.magnolia.module.blossom.web.InstallationAwareDelegatingFilterProxy</filter-class> > </filter> > <filter-mapping> > <filter-name>springSecurityFilterChain</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > Everything else is done according to the Blossom recommendations. It would > be nice to get this information on the wiki somewhere, perhaps in two pieces, > one showing how to incorporate a standard Spring Dispatcher servlet to run > your own web MVC controllers (Not associated w/Blossom templates) and another > on how to get Spring Security going. I can't remember if the wiki is open to > the public but if it is I'll add this later or let me know if you'd like to > handle it. > > Tom > > On Mar 8, 2011, at 7:07 AM, Tobias Mattsson wrote: > >> Hi Thomas, >> >> I think you're on the right track, all the pieces are in there. But you >> should be careful about configuring Springs listener and the >> BlossomDispatcherServlet in web.xml. The reason for this is that they will >> be started even when Magnolia is in install/update mode. Therefore any beans >> you have in Spring that requires Magnolia at startup will fail and >> BlossomDispatcherServlet will fail to register templates, paragraphs and >> dialogs with Magnolia. You should try to find out why you couldnt get it >> working when initializing them in your module. Maybe the config locations >> weren't set properly? >> >> If you start it up the way you have it now with a clean repository it will >> likely fail. >> >> Sorry if i'm causing you any lost sleep ;) >> >> // Tobias >> >> On Mar 8, 2011, at 1:31 PM, Thomas Duffey wrote: >> >>> Thanks Tobias, I believe I have this working now. In case someone else >>> goes down this road, here's a recap: >>> >>> I have a custom Magnolia module that uses Blossom to define some Magnolia >>> Templates, a standard Spring Dispatcher with standard Spring Web MVC >>> Controllers to handle requests for some non-Magnolia resources and Spring >>> Security to apply security to the non-Magnolia resources. In web.xml I had >>> to add (After the Magnolia context listener): >>> >>> <listener> >>> >>> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> >>> </listener> >>> >>> <context-param> >>> <param-name>contextConfigLocation</param-name> >>> <param-value> >>> classpath:applicationContext.xml >>> classpath:dataAccessContext.xml >>> classpath:security.xml >>> </param-value> >>> </context-param> >>> >>> <servlet> >>> <servlet-name>foo</servlet-name> >>> >>> <servlet-class>info.magnolia.module.blossom.web.InstallationAwareDispatcherServlet</servlet-class> >>> <load-on-startup>1</load-on-startup> >>> </servlet> >>> >>> <servlet> >>> <servlet-name>blossom</servlet-name> >>> >>> <servlet-class>info.magnolia.module.blossom.render.BlossomDispatcherServlet</servlet-class> >>> <load-on-startup>1</load-on-startup> >>> </servlet> >>> >>> <servlet-mapping> >>> <servlet-name>foo</servlet-name> >>> <url-pattern>/foo/*</url-pattern> >>> </servlet-mapping> >>> >>> <filter> >>> <filter-name>springSecurityFilterChain</filter-name> >>> >>> <filter-class>info.magnolia.module.blossom.web.InstallationAwareDelegatingFilterProxy</filter-class> >>> </filter> >>> <filter-mapping> >>> <filter-name>springSecurityFilterChain</filter-name> >>> <url-pattern>/*</url-pattern> >>> </filter-mapping> >>> >>> The blossom-servlet.xml and foo-servlet.xml files also had to be added to >>> Magnolia's WEB-INF folder. I would have preferred to initialize everything >>> inside my module but for reasons I do not yet understand that did not work >>> -- everything ran but Spring Security didn't protect any URLs. No interest >>> in losing even more sleep over this particular dilemma so I moved on. >>> >>> Next, I had to add two bypasses to Magnolia's CMS filter chain to prevent >>> Magnolia from handling requests to my custom dispatcher (/foo/* above) and >>> the default Spring Security URLs: >>> >>> 1) URI Starts With: /foo >>> 2) URI Pattern: *spring_security* >>> >>> These bypasses are configured in Admin Central -> Configuration -> server >>> -> filters -> cms -> bypasses. Finally, I extended Spring's JstlView to >>> set Magnolia's DONT_DISPATCH_ON_FORWARD_ATTRIBUTE value to "true" when >>> forwarding to JSP pages. Magnolia comes standard with a voter to check if >>> this attribute is set and if so bypass the Magnolia filter chain. >>> >>> @Override >>> protected void exposeForwardRequestAttributes(HttpServletRequest request) >>> { >>> super.exposeForwardRequestAttributes(request); >>> >>> request.setAttribute(DontDispatchOnForwardAttributeVoter.DONT_DISPATCH_ON_FORWARD_ATTRIBUTE, >>> Boolean.TRUE); >>> } >>> >>> I'm using this in my foo-servlet.xml's view resolver: >>> >>> <bean id="viewResolver" >>> class="org.springframework.web.servlet.view.InternalResourceViewResolver"> >>> <property name="viewClass" value="com.foo.web.view.FooJstlView"/> >>> <property name="prefix" value="/templates/foo/"/> >>> <property name="suffix" value=".jsp"/> >>> </bean> >>> >>> Now add about a million JARs to Magnolia's WEB-INF/lib and Bob's your uncle! >>> >>> Tom >>> >>> On Mar 8, 2011, at 3:57 AM, Tobias Mattsson wrote: >>> >>>> >>>> Hi Thomas, >>>> >>>> I have seen this done in a project. As you probably know the Spring >>>> Security filter (actually its a whole filter chain) is configured in your >>>> root WebApplicationContext. You then configure a DelegatingFilterProxy in >>>> web.xml that finds the filter in the context and delegates all requests to >>>> it. >>>> >>>> With Magnolia and Blossom you do it the same way, except instead of using >>>> DelegatingFilterProxy you use InstallationAwareDelegatingFilterProxy from >>>> Blossom. It will defer looking up the filter in the context until magnolia >>>> has installed/updated and your module have created the root >>>> WebApplicationContext. >>>> >>>> HTH, >>>> >>>> // Tobias >>>> >>>> On Mar 8, 2011, at 2:03 AM, Thomas Duffey wrote: >>>> >>>>> >>>>> Hello, >>>>> >>>>> Has anyone successfully integrated Spring Security with Magnolia? I am >>>>> working on this now to protect access to parts of our module but hoping >>>>> to leave existing Magnolia-based security as-is. Trying to figure out >>>>> where to configure the Spring Security filter chain. On another >>>>> application that had its own filter chain I initialized the Spring >>>>> Security filter chain in web.xml and then added the old filters as Spring >>>>> Security custom filters but am not sure exactly how to accomplish >>>>> something like this with Magnoila. >>>>> >>>>> Tom >>> >>> -- >>> Tom Duffey >>> [email protected] >>> 414-915-3915 >>> >>> >>> >>> >>> >>> ---------------------------------------------------------------- >>> For list details see >>> http://www.magnolia-cms.com/home/community/mailing-lists.html >>> To unsubscribe, E-mail to: <[email protected]> >>> ---------------------------------------------------------------- >> >> >> >> ---------------------------------------------------------------- >> For list details see >> http://www.magnolia-cms.com/home/community/mailing-lists.html >> To unsubscribe, E-mail to: <[email protected]> >> ---------------------------------------------------------------- > > -- > Tom Duffey > [email protected] > 414-915-3915 > > > > > > ---------------------------------------------------------------- > For list details see > http://www.magnolia-cms.com/home/community/mailing-lists.html > To unsubscribe, E-mail to: <[email protected]> > ---------------------------------------------------------------- ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
