Spring security et taglib
Bonjour,
J'utilise spring security pour gérer l'authentification et l'autorisation dans mon application. L'authentification fonctionne, mais quand j'utilise des tags pour afficher les onglets de mon menu en fonction des rôles ça ne fonctionne pas
De même lorsque je souhaite afficher le login de l'utilisateur connecté, je n'obtiens rien.
Mais je n'ai aucune idée du pourquoi.
Voici l'utilisation des tags:
Code:
1 2 3 4 5
|
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
<security:authentication property="principal.username"/>
<security:authorize ifAnyGranted="ROLE_ADMINISTRATOR">Mon onglet</security:authorize> |
et voici ma config de spring security:
Code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
|
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<security:global-method-security secured-annotations="enabled" />
<security:http auto-config="false" access-denied-page="/accessDenied.jsp" access-decision-manager-ref="accessDecisionManager">
<!-- Restrict URLs based on role -->
<security:intercept-url pattern="/accessDenied.jsp" filters="none" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/index.jsp" filters="none" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/css/**" filters="none" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/img/**" filters="none" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/agendaReadOnly/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/intervention/**" access="ROLE_NURSE, ROLE_DOCTOR" />
<security:intercept-url pattern="/**" access="ROLE_ADMINISTRATOR, ROLE_REDACTOR, ROLE_NURSE, ROLE_DOCTOR" />
<!-- Override default login and logout pages -->
<security:form-login login-page="/index.jsp"
login-processing-url="/j_spring_security_check"
default-target-url="/home/index.jsp"
authentication-failure-url="/index.jsp?login_error=1" />
<security:logout logout-url="/logout" logout-success-url="/index.jsp" />
<!--
<security:remember-me user-service-ref="userDetailsService"/>
-->
</security:http>
<security:authentication-provider user-service-ref="authenticationServiceTarget">
<security:password-encoder hash="md5"></security:password-encoder>
</security:authentication-provider>
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
</list>
</property>
</bean>
<bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/index.jsp"/>
<property name="forceHttps" value="false"/>
</bean>
<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
<!-- <property name="userCache" ref="userCache"/> -->
<!-- <property name="saltSource" ref bean="saltSource"/> -->
<!-- <property name="passwordEncoder" ref="passwordEncoder"/> -->
</bean>
<bean id="userDetailsService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource" ref="basicDataSource" />
<property name="authoritiesByUsernameQuery">
<value>
SELECT login, password, active from user where login = ?
</value>
</property>
<property name="usersByUsernameQuery">
<value>
SELECT u.login, r.label from user u, user_role r where u.id=r.id and u.login = ?
</value>
</property>
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.vote.RoleVoter"/>
<bean class="org.springframework.security.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter">
<property name="rolePrefix" value="ROLE_" />
</bean>
</beans> |
Merci de votre aide, car cela fait un petit moment que je bloque dessus...