...
- http://blog.dojotoolkit.org/2005/12/01/running-multiple-versions-of-firefox-side-by-side
- http://labs.insert-title.com/labs/Multiple-IEs-in-Windows_article795.aspx
- http://www.skyzyx.com/archives/000094.php
- http://www.tatanka.com.br/ies4linux/page/Main_Page
Integration
Spring Security
Spring Security (formerly Acegi Security System) is Spring's Authentication & Authorisation framework.
The following sections describe how to integrate Spring Security in Struts 2 applications.
| Note |
|---|
Examples of Spring Security related set up are also provided, but they're just meant as a quick start guide. For compreehensive Spring Security documentation, please refer to the Spring Security Reference Documentation. |
Spring Framework integration
Before using Spring Security, the Struts 2 application should be integrated with the Spring framework by means of the Spring Plugin. Please refer to the documentation of this plugin for information on how to use it.
Required libraries
Add the following Spring Security JAR files to the application:
- spring-security-core-2.0.4.jar
- spring-security-core-tiger-2.0.4.jar
Changes in web.xml
Add applicationContext-security.xml to Spring's contextConfigLocation:
| Code Block |
|---|
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
|
Declare the following filter and filter mapping:
| Code Block |
|---|
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
|
If restrictions are to be applied to the number of concurrent sessions per user, declare the following listener:
| Code Block |
|---|
<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
|
WEB-INF/applicationContext-security.xml
Declare mappings between URLs and required roles:
| Code Block |
|---|
<http>
<intercept-url pattern="/**" access="ROLE_USER" />
<intercept-url pattern="/login*" filters="none" /> <!-- login page should be public -->
<intercept-url pattern="/admin*" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login />
<anonymous />
<http-basic />
<logout />
<remember-me />
<!-- allow one session per user only: requires HttpSessionEventPublisher declared in web.xml -->
<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" />
</http>
|
Declare an authentication provider. Below is an example of an in-memory authentication where two users with different sets of roles are defined:
| Code Block |
|---|
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="user" password="user" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
|
Alternatively, an authentication provider using JDBC could be declared:
| Code Block |
|---|
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource" /> <!-- dataSource defined in applicationContext.xml -->
</authentication-provider>
|