This week's book giveaways are in the Cloud and AI/ML forums.
We're giving away four copies each of Cloud Native Patterns and Natural Language Processing and have the authors on-line!
See this thread and this one for details.
Win a copy of Cloud Native PatternsE this week in the Cloud forum
or Natural Language Processing in the AI/ML forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Knute Snortum
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Piet Souris
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

spring security roles issue

 
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

I would like some help with this code because is not working at it should be.
I want to work with two different users (admin and user)

This is my security xml



and this is my controller



I have two users in my database, one admin and one user
When i use my login form, the boths go to the same page and it shouldn't be like this because i have

<intercept-url pattern="/jsp/static/**" access="isAuthenticated()" />
<intercept-url pattern="/jsp/users/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/jsp/admin/**" access="hasRole('ROLE_ADMIN')" />

my web.xml is this one



What's wrong with this ?

Thanks for any help.
 
Bartender
Posts: 1682
7
Android Mac OS X IntelliJ IDE Spring Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

When i use my login form, the boths go to the same page and it shouldn't be like this because i have

<intercept-url pattern="/jsp/static/**" access="isAuthenticated()" />
<intercept-url pattern="/jsp/users/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/jsp/admin/**" access="hasRole('ROLE_ADMIN')" />



Where did you expect it to go? Nothing in your code specifies an initial landing page. Those intercept URL's are for defining the privileges required to view those URL's. If a user tries to access one of the admin pages for example Spring Security will prevent this and return a 403.

This line

<form-login login-page="/login" default-target-url="/index" authentication-failure-url="/login?error=true" />



says the that once logged in (regardless of role) send the user to /index.

Now you could create a custom AuthenticationSuccessHandler, but a solution less coupled with security would be to change that default target url to something and have a controller make the determination of where they go:





You can do this because Spring Security will put the authenticated role onto the HttpServletRequest.
 
Gil Carvalho
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Bill

Thank you for your answer and explanation too.
I just did what you mention but now i have a http 404 when i run the web apllication

WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/GesTaxi/login] in DispatcherServlet with name 'spring'

I didn't change anything unless what you mention.



Controller



My login page is under WEB-INF/jsp/login.jsp

My web.xml



What's wrong now?? What do i miss??

Thanks
 
Bill Gorder
Bartender
Posts: 1682
7
Android Mac OS X IntelliJ IDE Spring Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I assume you have another config somewhere for you mvc stuff make sure you have a simple controller to map the login page to the view.

 
Gil Carvalho
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Bill

Sorry to disturb you again, but still have the same message

Let me give you all my config files

spring-context


my security


My web.xml


And the image with all my folders


I'm sure is something really stupid from me but i can't figure out why..


spring.png
[Thumbnail for spring.png]
 
Gil Carvalho
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

I have a little info update, with this url: http://localhost:8085/GesTaxi/

i get

WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/GesTaxi/] in DispatcherServlet with name 'spring'

With this url
http://localhost:8085/GesTaxi/login

I have my login, but i put my credentials

i have for both admin and user)

WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/GesTaxi/jsp/admin/menuAdmin] in DispatcherServlet with name 'spring'
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/GesTaxi/users/menu] in DispatcherServlet with name 'spring'


So my problems are:
Entry page must be trought
http://localhost:8085/GesTaxi/login

and the mappong of those files
 
Bill Gorder
Bartender
Posts: 1682
7
Android Mac OS X IntelliJ IDE Spring Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry Xil I got busy with some stuff there.

I have a couple suggestions for you.

First of all your Warning is telling you there are no mappings for that URL pattern. I am going to assume you have some classes annotated with @Controller that have mappings for this. You need to register those. Typically you would do this by adding a component scanner in your servlet xml



You would change that base package to the package that has all of your controllers in it. This will allow Spring to pick up those classes and register them and their request mappings as Spring beans.


My next suggestion is use the latest Spring. Assuming you are doing that you should not use PropertyPlaceholderConfigurer but rather PropertySourcesPlaceholderConfigurer. You should also not use DefaultAnnotationHandlerMapping. This was replaced with the much more flexible RequestMappingHandlerMapping. You would register your interceptors in xml by using the mvc:interceptors tag



Similarly the AnnotationHandlerAdapter has been replaced with the RequestMappingHandlerAdapter. For now I would remove that as well.

Also note that the Spring is is moving to the component model. That means you can do this configuration in Java rather than XML. If you are more comfortable with XML right now that is fine but if you are just getting started it might behoove you to learn the component model first. In this case you would define your beans in a class with an @Configuration annotation.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!