Hi Rob, I have been swamped but am still planning to put something in the wiki. Most of what I know has already been said in this email thread and if you have any questions feel free to email me on or off list and I'll do what I can to help.
Tom On Mar 22, 2011, at 6:29 AM, Rob Blake wrote: > Can I add another vote to get this documentation into the Wiki. I'm looking > at doing something extremely similar shortly, so it would be great to learn > from your experiences. > > cheers, > > Rob > > On Tue, Mar 8, 2011 at 4:39 PM, Tobias Mattsson > <[email protected]> wrote: > I would love to see this on the wiki, please add it as a child page to the > blossom page. > > http://wiki.magnolia-cms.com/display/WIKI/Magnolia+Blossom > > I'm absolutely sure that others will be interested to see what you did. > > // Tobias > > On Mar 8, 2011, at 4:41 PM, Thomas Duffey wrote: > >> Alright, you convinced me. I now have this working with Blossom >> initializing Spring in the module. My web.xml still defines my custom >> servlet dispatcher and the Spring Security filter chain: >> >> <listener> >> >> <listener-class>info.magnolia.module.blossom.support.ServletContextExposingContextListener</listener-class> >> </listener> >> <listener> >> >> <listener-class>info.magnolia.cms.servlets.MgnlServletContextListener</listener-class> >> </listener> >> >> <servlet> >> <servlet-name>foo</servlet-name> >> >> <servlet-class>info.magnolia.module.blossom.web.InstallationAwareDispatcherServlet</servlet-class> >> <load-on-startup>1</load-on-startup> >> <init-param> >> <param-name>contextConfigLocation</param-name> >> <param-value>classpath:foo-servlet.xml</param-value> >> </init-param> >> </servlet> >> <servlet-mapping> >> <servlet-name>foo</servlet-name> >> <url-pattern>/foo/*</url-pattern> >> </servlet-mapping> >> >> <filter> >> <filter-name>springSecurityFilterChain</filter-name> >> >> <filter-class>info.magnolia.module.blossom.web.InstallationAwareDelegatingFilterProxy</filter-class> >> </filter> >> <filter-mapping> >> <filter-name>springSecurityFilterChain</filter-name> >> <url-pattern>/*</url-pattern> >> </filter-mapping> >> >> Everything else is done according to the Blossom recommendations. It would >> be nice to get this information on the wiki somewhere, perhaps in two >> pieces, one showing how to incorporate a standard Spring Dispatcher servlet >> to run your own web MVC controllers (Not associated w/Blossom templates) and >> another on how to get Spring Security going. I can't remember if the wiki >> is open to the public but if it is I'll add this later or let me know if >> you'd like to handle it. >> >> Tom >> >> On Mar 8, 2011, at 7:07 AM, Tobias Mattsson wrote: >> >>> Hi Thomas, >>> >>> I think you're on the right track, all the pieces are in there. But you >>> should be careful about configuring Springs listener and the >>> BlossomDispatcherServlet in web.xml. The reason for this is that they will >>> be started even when Magnolia is in install/update mode. Therefore any >>> beans you have in Spring that requires Magnolia at startup will fail and >>> BlossomDispatcherServlet will fail to register templates, paragraphs and >>> dialogs with Magnolia. You should try to find out why you couldnt get it >>> working when initializing them in your module. Maybe the config locations >>> weren't set properly? >>> >>> If you start it up the way you have it now with a clean repository it will >>> likely fail. >>> >>> Sorry if i'm causing you any lost sleep ;) >>> >>> // Tobias >>> >>> On Mar 8, 2011, at 1:31 PM, Thomas Duffey wrote: >>> >>>> Thanks Tobias, I believe I have this working now. In case someone else >>>> goes down this road, here's a recap: >>>> >>>> I have a custom Magnolia module that uses Blossom to define some Magnolia >>>> Templates, a standard Spring Dispatcher with standard Spring Web MVC >>>> Controllers to handle requests for some non-Magnolia resources and Spring >>>> Security to apply security to the non-Magnolia resources. In web.xml I >>>> had to add (After the Magnolia context listener): >>>> >>>> <listener> >>>> >>>> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> >>>> </listener> >>>> >>>> <context-param> >>>> <param-name>contextConfigLocation</param-name> >>>> <param-value> >>>> classpath:applicationContext.xml >>>> classpath:dataAccessContext.xml >>>> classpath:security.xml >>>> </param-value> >>>> </context-param> >>>> >>>> <servlet> >>>> <servlet-name>foo</servlet-name> >>>> >>>> <servlet-class>info.magnolia.module.blossom.web.InstallationAwareDispatcherServlet</servlet-class> >>>> <load-on-startup>1</load-on-startup> >>>> </servlet> >>>> >>>> <servlet> >>>> <servlet-name>blossom</servlet-name> >>>> >>>> <servlet-class>info.magnolia.module.blossom.render.BlossomDispatcherServlet</servlet-class> >>>> <load-on-startup>1</load-on-startup> >>>> </servlet> >>>> >>>> <servlet-mapping> >>>> <servlet-name>foo</servlet-name> >>>> <url-pattern>/foo/*</url-pattern> >>>> </servlet-mapping> >>>> >>>> <filter> >>>> <filter-name>springSecurityFilterChain</filter-name> >>>> >>>> <filter-class>info.magnolia.module.blossom.web.InstallationAwareDelegatingFilterProxy</filter-class> >>>> </filter> >>>> <filter-mapping> >>>> <filter-name>springSecurityFilterChain</filter-name> >>>> <url-pattern>/*</url-pattern> >>>> </filter-mapping> >>>> >>>> The blossom-servlet.xml and foo-servlet.xml files also had to be added to >>>> Magnolia's WEB-INF folder. I would have preferred to initialize >>>> everything inside my module but for reasons I do not yet understand that >>>> did not work -- everything ran but Spring Security didn't protect any >>>> URLs. No interest in losing even more sleep over this particular dilemma >>>> so I moved on. >>>> >>>> Next, I had to add two bypasses to Magnolia's CMS filter chain to prevent >>>> Magnolia from handling requests to my custom dispatcher (/foo/* above) and >>>> the default Spring Security URLs: >>>> >>>> 1) URI Starts With: /foo >>>> 2) URI Pattern: *spring_security* >>>> >>>> These bypasses are configured in Admin Central -> Configuration -> server >>>> -> filters -> cms -> bypasses. Finally, I extended Spring's JstlView to >>>> set Magnolia's DONT_DISPATCH_ON_FORWARD_ATTRIBUTE value to "true" when >>>> forwarding to JSP pages. Magnolia comes standard with a voter to check if >>>> this attribute is set and if so bypass the Magnolia filter chain. >>>> >>>> @Override >>>> protected void exposeForwardRequestAttributes(HttpServletRequest >>>> request) { >>>> super.exposeForwardRequestAttributes(request); >>>> >>>> request.setAttribute(DontDispatchOnForwardAttributeVoter.DONT_DISPATCH_ON_FORWARD_ATTRIBUTE, >>>> Boolean.TRUE); >>>> } >>>> >>>> I'm using this in my foo-servlet.xml's view resolver: >>>> >>>> <bean id="viewResolver" >>>> class="org.springframework.web.servlet.view.InternalResourceViewResolver"> >>>> <property name="viewClass" value="com.foo.web.view.FooJstlView"/> >>>> <property name="prefix" value="/templates/foo/"/> >>>> <property name="suffix" value=".jsp"/> >>>> </bean> >>>> >>>> Now add about a million JARs to Magnolia's WEB-INF/lib and Bob's your >>>> uncle! >>>> >>>> Tom >>>> >>>> On Mar 8, 2011, at 3:57 AM, Tobias Mattsson wrote: >>>> >>>>> >>>>> Hi Thomas, >>>>> >>>>> I have seen this done in a project. As you probably know the Spring >>>>> Security filter (actually its a whole filter chain) is configured in your >>>>> root WebApplicationContext. You then configure a DelegatingFilterProxy in >>>>> web.xml that finds the filter in the context and delegates all requests >>>>> to it. >>>>> >>>>> With Magnolia and Blossom you do it the same way, except instead of using >>>>> DelegatingFilterProxy you use InstallationAwareDelegatingFilterProxy from >>>>> Blossom. It will defer looking up the filter in the context until >>>>> magnolia has installed/updated and your module have created the root >>>>> WebApplicationContext. >>>>> >>>>> HTH, >>>>> >>>>> // Tobias >>>>> >>>>> On Mar 8, 2011, at 2:03 AM, Thomas Duffey wrote: >>>>> >>>>>> >>>>>> Hello, >>>>>> >>>>>> Has anyone successfully integrated Spring Security with Magnolia? I am >>>>>> working on this now to protect access to parts of our module but hoping >>>>>> to leave existing Magnolia-based security as-is. Trying to figure out >>>>>> where to configure the Spring Security filter chain. On another >>>>>> application that had its own filter chain I initialized the Spring >>>>>> Security filter chain in web.xml and then added the old filters as >>>>>> Spring Security custom filters but am not sure exactly how to accomplish >>>>>> something like this with Magnoila. > -- Tom Duffey [email protected] 414-915-3915 ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
