Boa tarde pessoal… estou aqui tentando integrar o spring security com o struts 2 mas tá rolando em partes.
Eu tenho uma tela simples de login que está funcionando. Se digitar um usuário/senha que não existe ou deixar em branco, ele valida numa boa.
O problema é que se eu não logar na aplicação e tentar acessar uma URL que, na teoria, deveria ser restrita, ele abre sem nenhuma barreira.
Aqui está o meu web.xml
[code]<?xml version="1.0" encoding="UTF-8"?>
Struts 2
/WEB-INF/redirect.jsp
org.apache.struts2.tiles.StrutsTilesListener
org.springframework.web.context.ContextLoaderListener
org.springframework.web.context.request.RequestContextListener
org.springframework.security.web.session.HttpSessionEventPublisher
<!--
Struts2 - Inicializa/limpa o contexto do struts2.
-->
<filter>
<filter-name>action2-cleanup</filter-name>
<filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class>
</filter>
<filter-mapping>
<filter-name>action2-cleanup</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>action2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>action2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
[/code]
Aqui está meu applicationContext.xml
[code]<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:sec=“http://www.springframework.org/schema/security”
xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”
xmlns:beans=“http://www.springframework.org/schema/beans”
xmlns:context=“http://www.springframework.org/schema/context”
xsi:schemaLocation=“http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd”>
<context:annotation-config/> <!-- Scanner @Autowired -->
<context:component-scan base-package="br.com.teste"/> <!-- Scanner @Repository @Service -->
<beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<beans:property name="url" value="jdbc:mysql://localhost:3306/teste"/>
<beans:property name="username" value="root"/>
<beans:property name="password" value="admin"/>
</beans:bean>
</beans:beans>[/code]
Aqui está o meu spring-security.xml
[code]<beans:beans xmlns=“http://www.springframework.org/schema/security”
xmlns:beans=“http://www.springframework.org/schema/beans” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”
xsi:schemaLocation=“http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd”>
<http auto-config="true" access-denied-page="/telaLogin.do?login_error=2">
<intercept-url pattern="/telaLogin.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/teste/index.do" access="ROLE_ADMIN" />
<form-login login-page="/telaLogin.do" default-target-url="/teste/index.do"
always-use-default-target="true" authentication-failure-url="/telaLogin.do?login_error=1" />
<logout logout-success-url="/telaLogin.do" invalidate-session="true" delete-cookies="JSESSIONID"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="teste" password="123" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>[/code]
E aqui está o meu struts.xml
[code]<?xml version="1.0" encoding="UTF-8"?>
<package name="default" extends="struts-default">
<interceptors>
<interceptor name="redirectMessage" class="br.com.teste.interceptor.RedirectMessageInterceptor" />
<interceptor-stack name="myStack">
<interceptor-ref name="redirectMessage" />
<interceptor-ref name="paramsPrepareParamsStack" />
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="myStack" />
<action name="telaLogin" class="br.com.teste.action.MusicaAction">
<result name="success">/WEB-INF/loginForm.jsp</result>
</action>
</package>
<package name="testePackage" namespace="/teste" extends="default">
<action name="index" class="br.com.teste.action.MusicaAction" method="index">
<result name="success">/WEB-INF/indexTeste.jsp</result>
</action>
</package>
[/code]
Se eu tentar acessar a url http://localhost:8080/SpringSecStruts/teste/index.do sem estar logado, ele permite o acesso mesmo assim…
O link que direciona para a página de login é o http://localhost:8080/SpringSecStruts/telaLogin.do
Por favor me ajudem, ó jGurus!!!