[ICE-8542] Spring Security sample application out of date - ICEsoft JIRA Issue Tracker

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1
Fix Version/s: 3.1
Component/s: Sample Apps
Labels:
None
Environment:
ICEFaces 3.1 + Spring security 3.1.2 + Spring framework 3.0.6

Affects:

Sample App./Tutorial

Description

Updating the swf-booking-icefaces example to use the above Spring security versions shows a few configuration incompatibilities.

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Greg Dick added a comment - 06/Sep/12 11:20 AM

First, the scheme declaration in the security-config.xml file needs to be updated to refer to 3.1 as follows:

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">

Second, the property configurations have changed on the SessionManagementFilter. The two marked properties are no longer valid and need to be removed:

<beans:bean id="sessionManagementFilter"
class="org.springframework.security.web.session.SessionManagementFilter">
<beans:constructor-arg name="securityContextRepository" ref="httpSessionSecurityContextRepository" />


</beans:bean>

At this point the application works, however, there is a new place for the invalidSessionUrl, session management has it's own attribute now:

<session-management invalid-session-url="/auth/sessionExpired.jsf" />

Show

Greg Dick added a comment - 06/Sep/12 11:20 AM First, the scheme declaration in the security-config.xml file needs to be updated to refer to 3.1 as follows: <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd "> Second, the property configurations have changed on the SessionManagementFilter. The two marked properties are no longer valid and need to be removed: <beans:bean id="sessionManagementFilter" class="org.springframework.security.web.session.SessionManagementFilter"> <beans:constructor-arg name="securityContextRepository" ref="httpSessionSecurityContextRepository" />   </beans:bean> At this point the application works, however, there is a new place for the invalidSessionUrl, session management has it's own attribute now: <session-management invalid-session-url="/auth/sessionExpired.jsf" />

Hide

Permalink

Greg Dick added a comment - 06/Sep/12 11:54 AM

The other property, the redirect strategy, is configured on the authenticationEntryPoint element as follows:

<beans:bean id="authenticationEntryPoint" class="com.icesoft.spring.security.JsfLoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/spring/login"/>
<beans:property name="redirectStrategy" ref="jsfRedirectStrategy" />
</beans:bean >

Show

Greg Dick added a comment - 06/Sep/12 11:54 AM The other property, the redirect strategy, is configured on the authenticationEntryPoint element as follows: <beans:bean id="authenticationEntryPoint" class="com.icesoft.spring.security.JsfLoginUrlAuthenticationEntryPoint"> <beans:property name="loginFormUrl" value="/spring/login"/> <beans:property name="redirectStrategy" ref="jsfRedirectStrategy" /> </beans:bean >

Hide

Permalink

Greg Dick added a comment - 24/Sep/12 8:27 PM - edited

The tutorial has been updated

Show

Greg Dick added a comment - 24/Sep/12 8:27 PM - edited The tutorial has been updated

Spring Security sample application out of date

Details

Description

Activity

People

Dates