Here is how i did it...
*created a spring-config application-security.xml*
/"<http create-session="ifRequired" auto-config="true">
<remember-me/>
<intercept-url pattern="/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
</http>
<authentication-manager alias="authenticationManager" >
<authentication-provider user-service-ref="userDetailsService"/>
</authentication-manager>
<global-method-security secured-annotations="enabled" />
"/
*in web.xml add the following lines:*
/
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
/
*in spring-config.xml*
/
<bean id="userDetailsService"
class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces"
value="security.service.UserDetailsService"/>
<property name="target">
<bean class="security.service.UserDetailsServiceImpl">
<property name="userDao" ref="userDetailDao"/>
</bean>
</property>
</bean>
<bean id="userDetailsService"
class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces"
value="security.service.UserDetailsService"/>
<property name="target">
<bean class="security.service.impl.UserDetailsServiceImpl">
<property name="userDao" ref="userDetailDao"/>
</bean>
</property>
</bean>
/
*Add following annotation on pages you want to secure:*
/@AuthorizeInstantiation("ROLE_ADMIN")/ // for users replace ROLE_ADMIN with
USER_ROLE
Create a UserDetailsService class:
/public interface UserDetailsService extends
org.springframework.security.core.userdetails.UserDetailsService {
public void RegisterUser(UserDetail userDetail);
public UserDetail loadUserByEmail(String emailAddress);
public void deleteUserVerification(UserVerification userVerification);
public void deleteUser(UserDetail userDetail);
public void verifyUser(UserDetail userDetail);
public UserDetail getByUsername(String username);
}/
*Create UserDetailServiceImpl class:*
/public class UserDetailsServiceImpl implements UserDetailsService {
private UserDetailDAO userDao;
@Override
public UserDetails loadUserByUsername(String s) throws
UsernameNotFoundException, DataAccessException {
return userDao.getUserDetail(s);
}
@Override
public UserDetail loadUserByEmail(String emailAddress) {
return userDao.getUserByEmail(emailAddress);
}
@Override
public void deleteUserVerification(UserVerification userVerification) {
userDao.deleteUserVerification(userVerification);
}
public UserDetailDAO getUserDao() {
return userDao;
}
public void setUserDao(UserDetailDAO userDao) {
this.userDao = userDao;
}
public void RegisterUser(UserDetail userDetail) {
userDao.saveUserDetail(userDetail);
}
public void deleteUser(UserDetail userDetail) {
userDao.deleteUserDetail(userDetail);
}
public void verifyUser(UserDetail userDetail) {
userDetail.setEnabled(true);
userDetail.setLocked(false);
userDetail.setCredentialsExpired(false);
userDetail.setExpired(false);
userDetail.setAccountStatus(UserAccountStatus.VERIFIED);
List<UserVerification> userVerificationList =
userDetail.getUserVerification();
UserVerification userVerification = userVerificationList.get(0);
userDetail.getUserVerification().remove(0);
userDao.updateUserDetail(userDetail);
userDao.deleteUserVerification(userVerification);
}
public UserDetail getUser(String username) {
return userDao.getByUsername(username);
}
@Override
public UserDetail getByUsername(String username) {
return userDao.getByUsername(username);
}
}/
*Create class UserVerification:*
/@Entity
@Table(name = "userverification",
uniqueConstraints = {@UniqueConstraint(columnNames = {"userid"})}
)
public class UserVerification extends BasicEntity implements Serializable {
@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "userid", referencedColumnName = "id", insertable =
true, nullable = false, updatable = true)
private UserDetail userDetail;
private String verificationCode;
public UserVerification() {
}
public UserVerification(String verificationCode) {
this.verificationCode = verificationCode;
}
public UserVerification(UserDetail userDetail, String verificationCode)
{
this.userDetail = userDetail;
this.verificationCode = verificationCode;
}
public UserDetail getUserDetail() {
return userDetail;
}
public void setUserDetail(UserDetail userDetail) {
this.userDetail = userDetail;
}
public String getVerificationCode() {
return verificationCode;
}
public void setVerificationCode(String verificationCode) {
this.verificationCode = verificationCode;
}
}/
*Create UserDetails object:*
/@Entity
@Table(name = "userdetails",
uniqueConstraints = {@UniqueConstraint(columnNames = {"username",
"emailaddress"})}
)
public class UserDetail extends BasicEntity implements UserDetails {
private String userName;
private String password;
private String emailAddress;
private Timestamp accountCreatedDate;
private Timestamp lastActivityDate;
private boolean keepLoggedIn;
......
.....
....
..
}/
*Role object:*
/@Entity
@Table(name = "Roles", uniqueConstraints = {@UniqueConstraint(columnNames =
{"role"})})
public class Role extends BasicEntity implements GrantedAuthority {
private String role;
....
......
.....
...
..
}/
This is all you need to get started... Hope this helps...
-Milton
Martin Grigorov-4 wrote
>
> See https://github.com/jwcarman/Wicketopia
>
> On Sun, Jan 15, 2012 at 7:57 AM, Brian Lavender <brian@> wrote:
>> Does someone have a sample of the current spring security with Wicket
>> auth-roles?
>> One that I can do the following.
>>
>> mvn jetty:run
>>
>> and see it run?
>>
>> brian
>> --
>> Brian Lavender
>> http://www.brie.com/brian/
>>
>> "There are two ways of constructing a software design. One way is to
>> make it so simple that there are obviously no deficiencies. And the other
>> way is to make it so complicated that there are no obvious deficiencies."
>>
>> Professor C. A. R. Hoare
>> The 1980 Turing award lecture
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>
>
>
> --
> Martin Grigorov
> jWeekend
> Training, Consulting, Development
> http://jWeekend.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Wicket-spring-security-sample-app-tp4296338p4298233.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
