spring security authentification

Version imprimable

Bonjour
J'ai utilisé spring security pour l'authentification mais je ne sais pas comment récupérer le login de l'employé qui s'est authentifié pour la réalisation des requêtes ?
SVP pouvez vous m'aider ?

voila
servlet-security.xml

Code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
 
 
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans 
  					http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
              		http://www.springframework.org/schema/security 
              		http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
 
	<!--  Déclaration du PropertyPlaceholderConfigurer -->
	<bean
		class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
		<property name="locations">
			<list>
				<value>classpath:/db.properties</value>
			</list>
		</property>
	</bean>
	<!--  Déclaration de la DATASOURCE -->
 
	<bean id="dataSource"
		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
		<property name="driverClassName" value="${db.driver}" />
		<property name="url" value="${db.url}" />
		<property name="username" value="${db.username}" />
		<property name="password" value="${db.password}" />
	</bean>
 
 
	<!-- Stratégie de Sécurité : ressources et Remember me -->
	<security:http auto-config="true">
		<security:intercept-url pattern="/login.jsp"
			filters="none" />
		<security:intercept-url pattern="/logo*"
			filters="none" />
		<security:intercept-url pattern="/objis.css"
			filters="none" />
		<security:intercept-url pattern="/**"
			access="ROLE_GRH,ROLE_CHEF-DIRECT,ROLE_EMPLOYE" />
		<security:form-login login-page='/login.jsp' />
	</security:http>
 
	<!--
		Authentification via Database personalisée : Exemple avec tables
		'employes' et 'roles' Attention à la colonne 'enabled' à ajouter
	-->
	<security:authentication-provider
		user-service-ref='myUserDetailsService' />
 
	<bean id="myUserDetailsService"
		class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
		<property name="dataSource" ref="dataSource" />
		<property name="usersByUsernameQuery"
			value="SELECT login as username, password, enabled , nom, prenom
                                                 FROM Employes WHERE login = ?" />
 
 
 
		<property name="authoritiesByUsernameQuery"
			value="SELECT login as username, role 
                                                       FROM roles WHERE login = ?" />
	</bean>
</beans>

Code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
<%@ taglib prefix='security' uri='http://www.springframework.org/security/tags' %>
<%@ page import="org.springframework.security.context.SecurityContextHolder" %>
<%@ page import="org.springframework.security.userdetails.UserDetails" %>
<%@ page import="org.springframework.security.GrantedAuthority" %>
 
 
 
<%@ include file="include.jsp" %>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD><TITLE> Authentification Objis formations </TITLE>
 
    <style type="text/css">
        @import "objis.css";
    </style>
</HEAD>
<body>
 
<div class="conTenu">
<div class="logoObjisAuthentification">
<a href='http://www.proxym-it.com' target=_blank> <img src="logo_objis.png" border=0 alt="Proxym-it : http://www.proxym-it.com" border="0">
</a></div>
<div class="authenTification">
<form method="POST" action="j_spring_security_check" >
<table>
<tr>
<td>Login :</td>
<td><input type="text" name="j_username"></td>
</tr>
<tr>
<td>Mot de passe :</td>
<td><input type="password" name="j_password"></td>
</tr>
<tr>
<td ><input type="submit" value="Valider"> <input type="reset" value="Annuler"></td>
</tr>
</table>
</form>
</div>
</div>
</body>
</HTML>

et index.jsp

Code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<%@ taglib prefix='security' uri='http://www.springframework.org/security/tags' %>
<%@ page import="org.springframework.security.context.SecurityContextHolder" %>
<%@ page import="org.springframework.security.userdetails.UserDetails" %>
<%@ page import="org.springframework.security.GrantedAuthority" %>
 
<%
 
Object obj = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
 
if (obj instanceof UserDetails) {
	GrantedAuthority[] granted = ((UserDetails)obj).getAuthorities();
	String authority = granted[0].getAuthority() ;
  String username = ((UserDetails)obj).getUsername();
  System.out.println("UserName : " + obj.toString());
  System.out.println("Authority : " +   authority);
  String role = authority.substring(5);
  session.setAttribute("role",role);
} else {
  String username = obj.toString();
  System.out.println("UserName : " + username);
}
 
%>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Démonstration sécurité Spring </title>
    <style type="text/css">
        @import "objis.css";
    </style>
</head>
<body>
 
<div class="conTenu">
 
<div class="logoObjis">
<a href='http://www.proxym-it.com' target=_blank><img src="logo_objis.png" border=0 alt="Proxym-it : société exportatrice" border="0"></a>
</div>
<div class="userIdentite">
login : <security:authentication property="principal.username"/>
</div>
<div class="userRole">
Role :  <%=session.getAttribute("role") %>
 
</div>
 
<div class="mnuLogout">
<a href="j_spring_security_logout">Déconnexion</a>
</div>
<security:authorize ifAnyGranted="ROLE_GRH">
 
 
 <div class="mnuLien1">
<a href="vacation/listValidateGRH.htm">Validate Vacation</a> 
    </div>
 
 
 <div class="mnuLien2">
<a href="employe/list.htm">Add Employee</a> 
    </div>
 
    <div class="mnuLien3">
<a href="vacationtype/list.htm">Add Vacationtype</a> 
    </div>
 
    <div class="mnuLien4">
<a href="salary/list.htm">Add salary</a> 
 
 
    </div>
 
 
 <div class="mnuLien5">
<a href="vacation/list.htm">Add Vacation</a> 
    </div>
 
</security:authorize>
 
<security:authorize ifAnyGranted="ROLE_CHEF-DIRECT">
 
 
     <div class="mnuLien1">
<a href="vacation/listValidate.htm">Validate Vacation</a> 
    </div>
 
 
 <div class="mnuLien2">
<a href="vacation/list.htm">Add Vacation</a> 
    </div>
 
 
</security:authorize>
<security:authorize ifAnyGranted="ROLE_EMPLOYE">
 
 
 <div class="mnuLien2">
<a href="vacation/list.htm">Add Vacation</a> 
    </div>
 
</security:authorize>
 
</div>
</body>
</html>

merci de m'aider

Tu peux dans ton manager ou service déclarer une méthode qui te permet de récupérer l'utilisateur courant :

Code:

1
2
3
4
5
6
public User getCurrentUser() {
        SecurityContext securityContext = SecurityContextHolder.getContext();
        org.springframework.security.userdetails.User springSecurityUser = (org.springframework.security.userdetails.User) securityContext.getAuthentication().getPrincipal();
 
        return this.getUser(springSecurityUser.getUsername());// Méthode qui va chercher dans la base
    }

Citation:
Envoyé par riderfun
Tu peux dans ton manager ou service déclarer une méthode qui te permet de récupérer l'utilisateur courant :
Code:

1 2 3 4 5 6 public User getCurrentUser() { SecurityContext securityContext = SecurityContextHolder.getContext(); org.springframework.security.userdetails.User springSecurityUser = (org.springframework.security.userdetails.User) securityContext.getAuthentication().getPrincipal(); return this.getUser(springSecurityUser.getUsername());// Méthode qui va chercher dans la base }
Ah oui c'est vraiment ce que je cherche merci pour le bout de code je vais l'essayer .
@+

Bonjour

J'ai fait ça

Code:

1
2
3
4
5
6
7
8
9
10
public Employes getCurrentEmployee()
	{
		SecurityContext securityContext = SecurityContextHolder.getContext();
        org.springframework.security.userdetails.User springSecurityUser = (org.springframework.security.userdetails.User) securityContext.getAuthentication().getPrincipal();
     Employes employes= (Employes) this.getEmployesByUsername(springSecurityUser.getUsername());// Méthode qui va chercher dans la base
    // System.out.println(employes.getEmail());
     return employes;
 
 
	}

et pour la méthode getEmployesBy Username j'ai fait ça

Code:

1
2
3
4
5
6
7
	public Employes getEmployesByUsername(String login)
 
	{
		Employes find = (Employes) hibernateTemplate.find("SELECT * FROM Employes e WHERE e.login = ?",login);
	return  find;
 
	}

mais ça n'a pas marché

je pense que cette méthode ne retourne pas un employee ?? :calim2:

Code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
java.lang.NoSuchMethodError: org.hibernate.hql.antlr.HqlBaseParser.recover(Lantlr/RecognitionException;Lantlr/collections/impl/BitSet;)V
	org.hibernate.hql.antlr.HqlBaseParser.selectClause(HqlBaseParser.java:1391)
	org.hibernate.hql.antlr.HqlBaseParser.selectFrom(HqlBaseParser.java:1106)
	org.hibernate.hql.antlr.HqlBaseParser.queryRule(HqlBaseParser.java:702)
	org.hibernate.hql.antlr.HqlBaseParser.selectStatement(HqlBaseParser.java:296)
	org.hibernate.hql.antlr.HqlBaseParser.statement(HqlBaseParser.java:159)
	org.hibernate.hql.ast.QueryTranslatorImpl.parse(QueryTranslatorImpl.java:248)
	org.hibernate.hql.ast.QueryTranslatorImpl.doCompile(QueryTranslatorImpl.java:157)
	org.hibernate.hql.ast.QueryTranslatorImpl.compile(QueryTranslatorImpl.java:111)
	org.hibernate.engine.query.HQLQueryPlan.<init>(HQLQueryPlan.java:77)
	org.hibernate.engine.query.HQLQueryPlan.<init>(HQLQueryPlan.java:56)
	org.hibernate.engine.query.QueryPlanCache.getHQLQueryPlan(QueryPlanCache.java:72)
	org.hibernate.impl.AbstractSessionImpl.getHQLQueryPlan(AbstractSessionImpl.java:133)
	org.hibernate.impl.AbstractSessionImpl.createQuery(AbstractSessionImpl.java:112)
	org.hibernate.impl.SessionImpl.createQuery(SessionImpl.java:1623)
	org.springframework.orm.hibernate3.HibernateTemplate$30.doInHibernate(HibernateTemplate.java:919)
	org.springframework.orm.hibernate3.HibernateTemplate.doExecute(HibernateTemplate.java:419)
	org.springframework.orm.hibernate3.HibernateTemplate.executeWithNativeSession(HibernateTemplate.java:374)
	org.springframework.orm.hibernate3.HibernateTemplate.find(HibernateTemplate.java:917)
	org.springframework.orm.hibernate3.HibernateTemplate.find(HibernateTemplate.java:913)
	com.proxymit.grh.service.interfImpl.VacationDAOImpl.getEmployesByUsername(VacationDAOImpl.java:502)
	com.proxymit.grh.service.interfImpl.VacationDAOImpl.getCurrentEmployee(VacationDAOImpl.java:520)

J'ai eu cette erreur8O
POuvez vous m'aider SVP!

J'ai essayé avec ça et ça n'a pas marché aussi

Code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
  public User getUser(String login) {
        if (null == login) {
            throw new IllegalArgumentException("Login is mandatory. Null values are forbidden.");
        }
        try {
            logger.info("get User with login: "+login);
            Session session = getHibernateTemplate().getSessionFactory().getCurrentSession();
            // create a new criteria
            Criteria crit = session.createCriteria(User.class);
            crit.add(Expression.eq("loginUser", login));
 
            User user = (User)crit.uniqueResult();
            return user;
        }
        catch(DataAccessException e) {
            // Critical errors : database unreachable, etc.
            logger.error("Exception - DataAccessException occurs : "+e.getMessage()
                    +" on complete getUser().");
            return null;
        }
    }

:cry:
error

Code:

org.hibernate.HibernateException: No Hibernate Session bound to thread, and configuration does not allow creation of non-transactional one here

:calim2: ?

RESOLVED:lol:

Code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
	@SuppressWarnings("unchecked")
	public Employes findEmployesByLogin(String login) throws DataAccessException {
List	find =hibernateTemplate.find(" from Employes  e where e.login= ?", login);
Employes emp=(Employes) find.get(0);
//System.out.println(emp);
Integer index=emp.getId();
//System.out.println(index);
 
Employes employee=(Employes) hibernateTemplate.get(Employes.class, index);
System.out.println(employee);
return employee ;
	}
	public Employes getCurrentEmployee()
	{
		SecurityContext securityContext = SecurityContextHolder.getContext();
        org.springframework.security.userdetails.User springSecurityUser = (org.springframework.security.userdetails.User) securityContext.getAuthentication().getPrincipal();
     Employes employes=  this.findEmployesByLogin(springSecurityUser.getUsername());// Méthode qui va chercher dans la base
    System.out.println(employes.getId());
     return employes;
	}

System.out.println pour les tests !
Merci ;)