Discussion :

[quentinb56]

Bonjour je rencontre un problème de filtre au niveau de spring.

Je filtre chaque pages en fonctions du roles de chaque personnes.

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
package main.webapp.security;
 
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportResource;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
import main.webapp.dao.TbUserDAO;
import main.webapp.rest.AuthenticationTokenProcessingFilter;
 
@Configuration
@EnableWebSecurity
@ImportResource("classpath:/context.xml")
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// disable CSRF and Basic Authentication
		http.csrf().disable().httpBasic().disable();
 
		http.authorizeRequests().antMatchers("/rest/user/authenticate").permitAll()
				.antMatchers(HttpMethod.GET, "/rest/typeAnimation/**").hasRole("admin")//
				.antMatchers(HttpMethod.PUT, "/rest/news/**").hasRole("admin")//
				.antMatchers(HttpMethod.POST, "/rest/news/**").hasRole("admin")//
				.antMatchers(HttpMethod.DELETE, "/rest/news/**").hasRole("admin");
 
		// customization for REST Token AUTH
		http.addFilterBefore(new AuthenticationTokenProcessingFilter(userDao),
				UsernamePasswordAuthenticationFilter.class).sessionManagement()
				.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
	}
 
	@Autowired
	private TbUserDAO userDao;
 
	@Override
	protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
		BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
		authManagerBuilder.userDetailsService(userDao).passwordEncoder(encoder);
	}
 
	@Bean
	@Override
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}
}

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:jee="http://www.springframework.org/schema/jee" xmlns:util="http://www.springframework.org/schema/util"
	xmlns:tx="http://www.springframework.org/schema/tx" xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="
			http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
			http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
			http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
			http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
			http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
			http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
 
	<context:annotation-config />
 
	<bean id="entityManagerFactory"
		class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
		<property name="persistenceUnitName" value="ubo.persistence" />
		<property name="jpaVendorAdapter">
			<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
				<property name="generateDdl" value="true" />
				<property name="showSql" value="true" />
			</bean>
		</property>
	</bean>
 
	<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
		<property name="entityManagerFactory" ref="entityManagerFactory" />
	</bean>
 
	<bean id="animationDAO" class="main.webapp.dao.TbAnimationDAO"></bean>
	<bean id="animationOptionDAO" class="main.webapp.dao.TbAnimationOptionDAO"></bean>
	<bean id="optionDAO" class="main.webapp.dao.TbOptionDAO"></bean>
	<bean id="reservationDAO" class="main.webapp.dao.TbReservationDAO"></bean>
	<bean id="roleDAO" class="main.webapp.dao.TbRoleDAO"></bean>
	<bean id="typeAnimationDAO" class="main.webapp.dao.TbTypeAnimationDAO"></bean>
	<bean id="userDao" class="main.webapp.dao.TbUserDAO"></bean>
 
	<bean id="passwordEncoder"
		class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
	</bean>
 
	<tx:annotation-driven transaction-manager="transactionManager" />
 
 
	<context:component-scan base-package="main.webapp.rest.resources" />
 
	<bean id="objectMapper" class="org.codehaus.jackson.map.ObjectMapper" />
 
	<bean id="unauthorizedEntryPoint" class="main.webapp.rest.UnauthorizedEntryPoint" />
 
	<bean class="main.webapp.rest.AuthenticationTokenProcessingFilter"
		id="authenticationTokenProcessingFilter">
		<constructor-arg ref="userDao" />
	</bean>
 
</beans>

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
angular.module('exampleApp', ['ngRoute', 'ngCookies', 'exampleApp.services'])
	.config(
		[ '$routeProvider', '$locationProvider', '$httpProvider', function($routeProvider, $locationProvider, $httpProvider) {
 
			$routeProvider.when('/create', {
				templateUrl: 'partials/create.html',
				controller: CreateController
			});
 
			$routeProvider.when('/edit/:id', {
				templateUrl: 'partials/edit.html',
				controller: EditController
			});
 
			$routeProvider.when('/login', {
				templateUrl: 'partials/login.html',
				controller: LoginController
			});
 
			$routeProvider.when('/animationTypes', {
				templateUrl: 'partials/animationTypes.html',
				controller: AnimationTypeController
			});
 
			$routeProvider.when('/animations', {
				templateUrl: 'partials/animations.html',
				controller: AnimationController
			});
 
			$routeProvider.otherwise({
				templateUrl: 'partials/index.html',
				controller: IndexController
			});
 
			$locationProvider.hashPrefix('!');
 
			/* Register error provider that shows message on failed requests or redirects to login page on
			 * unauthenticated requests */
		    $httpProvider.interceptors.push(function ($q, $rootScope, $location) {
			        return {
			        	'responseError': function(rejection) {
			        		var status 		= rejection.status;
			        		var statusText 	= rejection.statusText;
			        		var config 		= rejection.config;
			        		var method 		= config.method;
			        		var url 		= config.url;
 
			        		if (status == 401) {
			        			$location.path( "/login" );
			        		} else {
			        			$rootScope.error = method + " on " + url + " failed with status " + status + " - " + statusText;
			        			console.log(rejection);
			        		}
 
			        		return $q.reject(rejection);
			        	}
			        };
			    }
		    );
 
		    /* Registers auth token interceptor, auth token is either passed by header or by query parameter
		     * as soon as there is an authenticated user */
		    $httpProvider.interceptors.push(function ($q, $rootScope, $location) {
		        return {
		        	'request': function(config) {
		        		var isRestCall = config.url.indexOf('rest') == 0;
		        		if (isRestCall && angular.isDefined($rootScope.authToken)) {
		        			var authToken = $rootScope.authToken;
		        			if (exampleAppConfig.useAuthTokenHeader) {
		        				config.headers['X-Auth-Token'] = authToken;
		        			} else {
		        				config.url = config.url + "?token=" + authToken;
		        			}
		        		}
		        		return config || $q.when(config);
		        	}
		        };
		    }
	    );
 
		} ]
 
	).run(function($rootScope, $location, $cookieStore, UserService) {
 
		/* Reset error when a new view is loaded */
		$rootScope.$on('$viewContentLoaded', function() {
			delete $rootScope.error;
		});
 
		$rootScope.hasRole = function(role) {
 
			if ($rootScope.user === undefined) {
				return false;
			}
			if ($rootScope.user.roles[role] === undefined) {
				return false;
			}
			return $rootScope.user.roles[role];
		};
 
		$rootScope.logout = function() {
			delete $rootScope.user;
			delete $rootScope.authToken;
			$cookieStore.remove('authToken');
			$location.path("/login");
		};
 
		 /* Try getting valid user from cookie or go to login page */
		var originalPath = $location.path();
		$location.path("/login");
		var authToken = $cookieStore.get('authToken');
		if (authToken !== undefined) {
			$rootScope.authToken = authToken;
			UserService.get(function(user) {
				$rootScope.user = user;
				$location.path(originalPath);
			});
		}
 
		$rootScope.initialized = true;
	});
 
 
function IndexController($scope, NewsService) {
 
	$scope.newsEntries = NewsService.query();
 
	$scope.deleteEntry = function(newsEntry) {
		newsEntry.$remove(function() {
			$scope.newsEntries = NewsService.query();
		});
	};
};
 
 
function EditController($scope, $routeParams, $location, NewsService) {
 
	$scope.newsEntry = NewsService.get({id: $routeParams.id});
 
	$scope.save = function() {
		$scope.newsEntry.$save(function() {
			$location.path('/');
		});
	};
};
 
 
function CreateController($scope, $location, NewsService) {
 
	$scope.newsEntry = new NewsService();
 
	$scope.save = function() {
		$scope.newsEntry.$save(function() {
			$location.path('/');
		});
	};
};
 
 
function LoginController($scope, $rootScope, $location, $cookieStore, UserService) {
 
	$scope.rememberMe = false;
 
	$scope.login = function() {
		UserService.authenticate($.param({username: $scope.username, password: $scope.password}), function(authenticationResult) {
			var authToken = authenticationResult.token;
			$rootScope.authToken = authToken;
			if ($scope.rememberMe) {
				$cookieStore.put('authToken', authToken);
			}
			UserService.get(function(user) {
				$rootScope.user = user;
				$location.path("/");
			});
		});
	};
};
 
function AnimationTypeController($scope, AnimationTypesService) {
 
	$scope.animationTypesEntries = AnimationTypesService.query();
 
	$scope.deleteEntry = function(animationTypesEntry) {
		animationTypesEntry.$remove(function() {
			$scope.animationTypesEntries = AnimationTypesService.query();
		});
	};
};
 
function AnimationController($scope, AnimationsService) {
 
	$scope.animationEntries = AnimationsService.query();
 
	$scope.deleteEntry = function(animationsEntry) {
		animationsEntry.$remove(function() {
			$scope.animationEntries = AnimationsService.query();
		});
	};
};
 
 
var services = angular.module('exampleApp.services', ['ngResource']);
 
services.factory('UserService', function($resource) {
 
	return $resource('rest/user/:action', {},
			{
				authenticate: {
					method: 'POST',
					params: {'action' : 'authenticate'},
					headers : {'Content-Type': 'application/x-www-form-urlencoded'}
				},
			}
		);
});
 
services.factory('NewsService', function($resource) {
 
	return $resource('rest/news/:id', {id: '@id'});
});
 
services.factory('AnimationTypesService', function($resource) {
	return $resource('rest/typeAnimation/:id', {id: '@id'});
});
 
services.factory('AnimationsService', function($resource) {
	return $resource('rest/animation/:id', {id: '@id'});
});

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package main.webapp.rest;
 
import java.io.IOException;
 
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
 
import org.springframework.context.annotation.Scope;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.web.filter.GenericFilterBean;
 
public class AuthenticationTokenProcessingFilter extends GenericFilterBean {
 
	private final UserDetailsService userService;
 
	public AuthenticationTokenProcessingFilter(UserDetailsService userService) {
		this.userService = userService;
	}
 
	@Override
	@Scope("request")
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		HttpServletRequest httpRequest = this.getAsHttpRequest(request);
 
		String authToken = this.extractAuthTokenFromRequest(httpRequest);
		String userName = TokenUtils.getUserNameFromToken(authToken);
 
		if (userName != null) {
			try {
				UserDetails userDetails = this.userService.loadUserByUsername(userName);
 
				if (TokenUtils.validateToken(authToken, userDetails)) {
					UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
							userDetails, null, userDetails.getAuthorities());
					System.out.println("userDetails.getAuthorities() : " + userDetails.getAuthorities());
					authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
					SecurityContextHolder.getContext().setAuthentication(authentication);
				}
			} catch (UsernameNotFoundException e) {
				System.out.println("erreur : " + e);
			}
		}
		chain.doFilter(request, response);
	}
 
	private HttpServletRequest getAsHttpRequest(ServletRequest request) {
		if (!(request instanceof HttpServletRequest)) {
			throw new RuntimeException("Expecting an HTTP request");
		}
 
		return (HttpServletRequest) request;
	}
 
	private String extractAuthTokenFromRequest(HttpServletRequest httpRequest) {
		/* Get token from header */
		String authToken = httpRequest.getHeader("X-Auth-Token");
 
		/* If token not found get it from request parameter */
		if (authToken == null) {
			authToken = httpRequest.getParameter("token");
		}
 
		return authToken;
	}
}

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
package main.webapp.bean;
 
import static javax.persistence.GenerationType.IDENTITY;
 
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
 
import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
 
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
 
@Entity
@Table(name = "tb_user", catalog = "brest2016")
public class TbUser implements java.io.Serializable, UserDetails {
 
	/**
         * 
         */
	private static final long serialVersionUID = 1L;
	private Integer DUsCode;
	private String VUsNom;
	private String VUsPrenom;
	private String VUsMdp;
	private String VUsEmail;
	private String VUsTelephone;
	private Date dtUsDebut;
	private Date dtUsFin;
	private Set<TbReservation> tbReservations = new HashSet<TbReservation>();
 
	private Set<TbRole> tbRoles = new HashSet<TbRole>(0);
 
	public TbUser() {
	}
 
	public TbUser(String VUsNom, String VUsPrenom, String VUsMdp, String VUsEmail) {
		this.VUsNom = VUsNom;
		this.VUsPrenom = VUsPrenom;
		this.VUsMdp = VUsMdp;
		this.VUsEmail = VUsEmail;
	}
 
	public TbUser(String VUsNom, String VUsPrenom, String VUsMdp, String VUsEmail, String VUsTelephone, Date dtUsDebut,
			Date dtUsFin, Set<TbReservation> tbReservations, Set<TbRole> tbRoles) {
		this.VUsNom = VUsNom;
		this.VUsPrenom = VUsPrenom;
		this.VUsMdp = VUsMdp;
		this.VUsEmail = VUsEmail;
		this.VUsTelephone = VUsTelephone;
		this.dtUsDebut = dtUsDebut;
		this.dtUsFin = dtUsFin;
		this.tbReservations = tbReservations;
		this.tbRoles = tbRoles;
	}
 
	@Id
	@GeneratedValue(strategy = IDENTITY)
	@Column(name = "D_US_CODE", unique = true, nullable = false)
	public Integer getDUsCode() {
		return this.DUsCode;
	}
 
	public void setDUsCode(Integer DUsCode) {
		this.DUsCode = DUsCode;
	}
 
	@Column(name = "V_US_NOM", nullable = false, length = 45)
	public String getVUsNom() {
		return this.VUsNom;
	}
 
	public void setVUsNom(String VUsNom) {
		this.VUsNom = VUsNom;
	}
 
	@Column(name = "V_US_PRENOM", nullable = false, length = 45)
	public String getVUsPrenom() {
		return this.VUsPrenom;
	}
 
	public void setVUsPrenom(String VUsPrenom) {
		this.VUsPrenom = VUsPrenom;
	}
 
	@Column(name = "V_US_MDP", nullable = false, length = 255)
	public String getVUsMdp() {
		return this.VUsMdp;
	}
 
	public void setVUsMdp(String VUsMdp) {
		this.VUsMdp = VUsMdp;
	}
 
	@Column(name = "V_US_EMAIL", nullable = false, length = 45)
	public String getVUsEmail() {
		return this.VUsEmail;
	}
 
	public void setVUsEmail(String VUsEmail) {
		this.VUsEmail = VUsEmail;
	}
 
	@Column(name = "V_US_TELEPHONE", length = 45)
	public String getVUsTelephone() {
		return this.VUsTelephone;
	}
 
	public void setVUsTelephone(String VUsTelephone) {
		this.VUsTelephone = VUsTelephone;
	}
 
	@Temporal(TemporalType.TIMESTAMP)
	@Column(name = "DT_US_DEBUT", length = 19)
	public Date getDtUsDebut() {
		return this.dtUsDebut;
	}
 
	public void setDtUsDebut(Date dtUsDebut) {
		this.dtUsDebut = dtUsDebut;
	}
 
	@Temporal(TemporalType.TIMESTAMP)
	@Column(name = "DT_US_FIN", length = 19)
	public Date getDtUsFin() {
		return this.dtUsFin;
	}
 
	public void setDtUsFin(Date dtUsFin) {
		this.dtUsFin = dtUsFin;
	}
 
	@OneToMany(fetch = FetchType.LAZY, mappedBy = "tbUser")
	public Set<TbReservation> getTbReservations() {
		return this.tbReservations;
	}
 
	public void setTbReservations(Set<TbReservation> tbReservations) {
		this.tbReservations = tbReservations;
	}
 
	@ManyToMany(fetch = FetchType.LAZY, cascade = CascadeType.ALL)
	@JoinTable(name = "tb_user_role", catalog = "brest2016", joinColumns = {
			@JoinColumn(name = "tb_role_D_RO_CODE", nullable = false, updatable = false) }, inverseJoinColumns = {
					@JoinColumn(name = "tb_user_D_US_CODE", nullable = false, updatable = false) })
	public Set<TbRole> getTbRoles() {
		return this.tbRoles;
	}
 
	public void setTbRoles(Set<TbRole> tbRoles) {
		this.tbRoles = tbRoles;
	}
 
	public void addRole(TbRole pRole) {
		tbRoles.add(pRole);
	}
 
	@Override
	@Transient
	public Collection<? extends GrantedAuthority> getAuthorities() {
		Set<TbRole> roles = this.getTbRoles();
 
		if (roles == null) {
			return Collections.emptyList();
		}
 
		Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
		for (TbRole role : roles) {
			authorities.add(new SimpleGrantedAuthority(role.getVRoLibelle()));
		}
 
		return authorities;
	}
 
	@Override
	@Transient
	public String getPassword() {
		return this.VUsMdp;
	}
 
	@Override
	@Transient
	public String getUsername() {
		return this.VUsNom;
	}
 
	@Override
	@Transient
	public boolean isAccountNonExpired() {
		return true;
	}
 
	@Override
	@Transient
	public boolean isAccountNonLocked() {
		return true;
	}
 
	@Override
	@Transient
	public boolean isCredentialsNonExpired() {
		return true;
	}
 
	@Override
	@Transient
	public boolean isEnabled() {
		return true;
	}
 
}

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<artifactId>WebBrest2016_V2</artifactId>
	<version>0.1.0-Version</version>
	<packaging>war</packaging>
 
	<properties>
		<!-- Spring Security is based on Spring 3.0.7 -->
		<spring.version>4.2.5.RELEASE</spring.version>
		<spring.security.version>4.0.4.RELEASE</spring.security.version>
		<jersey.version>1.18.1</jersey.version>
		<org.slf4j.version>1.7.7</org.slf4j.version>
		<javax.servlet-api.version>3.1.0</javax.servlet-api.version>
		<org.hibernate.version>4.3.11.Final</org.hibernate.version>
		<maven-compiler-plugin.version>3.1</maven-compiler-plugin.version>
		<org.hsqldb.version>2.3.2</org.hsqldb.version>
		<commons-dbcp.version>1.4</commons-dbcp.version>
		<junit.version>4.11</junit.version>
		<org.eclipse.jetty.jetty-maven-plugin.version>9.1.1.v20140108</org.eclipse.jetty.jetty-maven-plugin.version>
	</properties>
 
	<prerequisites>
		<maven>2.2.1</maven>
	</prerequisites>
 
	<build>
		<plugins>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<version>${maven-compiler-plugin.version}</version>
				<configuration>
					<source>1.8</source>
					<target>1.8</target>
				</configuration>
			</plugin>
			<plugin>
				<groupId>org.apache.tomcat.maven</groupId>
				<artifactId>tomcat7-maven-plugin</artifactId>
				<version>2.2</version>
			</plugin>
		</plugins>
	</build>
 
	<dependencyManagement>
		<dependencies>
			<dependency>
				<groupId>org.springframework</groupId>
				<artifactId>spring-framework-bom</artifactId>
				<version>${spring.version}</version>
				<type>pom</type>
				<scope>import</scope>
			</dependency>
		</dependencies>
	</dependencyManagement>
 
	<dependencies>
 
		<dependency>
			<groupId>javax.ejb</groupId>
			<artifactId>javax.ejb-api</artifactId>
			<version>3.2</version>
		</dependency>
 
		<dependency>
			<groupId>javax.el</groupId>
			<artifactId>el-api</artifactId>
			<version>2.2.1-b04</version>
		</dependency>
 
		<dependency>
			<groupId>mysql</groupId>
			<artifactId>mysql-connector-java</artifactId>
			<version>5.1.38</version>
		</dependency>
 
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-orm</artifactId>
			<version>${spring.version}</version>
		</dependency>
 
		<!-- Huh? Spring Jdbc is suddenly marked as provided by spring-orm? -->
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-jdbc</artifactId>
			<version>${spring.version}</version>
		</dependency>
 
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-tx</artifactId>
			<version>${spring.version}</version>
		</dependency>
 
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-web</artifactId>
			<version>${spring.version}</version>
		</dependency>
 
		<dependency>
			<groupId>com.sun.jersey.contribs</groupId>
			<artifactId>jersey-spring</artifactId>
			<version>${jersey.version}</version>
			<!-- jersey-spring uses spring 2.5, we want to use 3.x instead -->
			<exclusions>
				<exclusion>
					<groupId>org.springframework</groupId>
					<artifactId>spring</artifactId>
				</exclusion>
				<exclusion>
					<groupId>org.springframework</groupId>
					<artifactId>spring-core</artifactId>
				</exclusion>
				<exclusion>
					<groupId>org.springframework</groupId>
					<artifactId>spring-web</artifactId>
				</exclusion>
				<exclusion>
					<groupId>org.springframework</groupId>
					<artifactId>spring-beans</artifactId>
				</exclusion>
				<exclusion>
					<groupId>org.springframework</groupId>
					<artifactId>spring-context</artifactId>
				</exclusion>
				<exclusion>
					<groupId>org.springframework</groupId>
					<artifactId>spring-aop</artifactId>
				</exclusion>
			</exclusions>
		</dependency>
 
		<dependency>
			<groupId>com.sun.jersey</groupId>
			<artifactId>jersey-json</artifactId>
			<version>${jersey.version}</version>
		</dependency>
 
		<dependency>
			<groupId>org.hsqldb</groupId>
			<artifactId>hsqldb</artifactId>
			<version>${org.hsqldb.version}</version>
		</dependency>
 
		<dependency>
			<groupId>commons-dbcp</groupId>
			<artifactId>commons-dbcp</artifactId>
			<version>${commons-dbcp.version}</version>
		</dependency>
 
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-entitymanager</artifactId>
			<version>${org.hibernate.version}</version>
		</dependency>
 
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-validator</artifactId>
			<version>5.2.4.Final</version>
		</dependency>
 
		<dependency>
			<groupId>org.slf4j</groupId>
			<artifactId>slf4j-log4j12</artifactId>
			<version>${org.slf4j.version}</version>
		</dependency>
 
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-web</artifactId>
			<version>${spring.security.version}</version>
		</dependency>
 
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
			<version>${spring.security.version}</version>
		</dependency>
 
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>javax.servlet-api</artifactId>
			<version>${javax.servlet-api.version}</version>
			<scope>provided</scope>
		</dependency>
 
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-test</artifactId>
			<version>${spring.version}</version>
			<scope>test</scope>
		</dependency>
 
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<version>${junit.version}</version>
			<scope>test</scope>
		</dependency>
 
		<dependency>
			<groupId>javax.validation</groupId>
			<artifactId>validation-api</artifactId>
			<version>1.1.0.Final</version>
		</dependency>
 
	</dependencies>
 
	<groupId>com.ubo</groupId>
</project>

getAuthorities me renvoie bien admin et pourtant j'ai bien l'impossibilité d'accéder à ma page.

[quentinb56]

J'ai vu que crsf pouvait posé problème mais dans mon cas il est désactivé.

Pour .antMatchers(HttpMethod.GET, "/rest/typeAnimation/**").hasRole("admin")//

j'ai tenté en modifiant le lieu (/rest/...), le role en hasAnyRole mais rien à faire. Coté app.js j'ai pourtant bien le bon role et lors de l'utilisateur de mes pages html de hasRole(...) la fonction fonctionne très bien.

[quentinb56]

Up ! Personne n'a une petite idée ?

[tchize_]

rest/typeAnimation (utilisé pour ta requête d'après ton message d'erreur) ne matche pas la pattern ant "/rest/typeAnimation/**", ca il n'y a pas de / après typeAnimation. Hors le / n'est pas optionnel dans la pattern.

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
 
				.antMatchers(HttpMethod.GET, "/rest/typeAnimation").hasRole("admin")

devrait résoudre ton problème.

[quentinb56]

GET on rest/typeAnimation failed with status 403 - Interdit

même message.

/rest/typeAnimation/** pas besoin de représenter le paramètre lors de l'appel des fonctions ?

Exemple /rest/typeAnimation/id ?

[tchize_]

tu peux afficher ce que dit l'inspecteur réseau de ta requête dans le browser? Fournir un HAR de ta conversation avec le serveur serait aussi utile.