I'm trying to integrate Spring Security and GWT. I'm also using gwt-incubator-security. I configured everything as it was described on their wiki pages. I managed to get security working by using intercept-url, but I can't get it working using annotations. Any ideas about what the problem is?
P.S. I'm using Spring 2.5.6, Spring Security 2.0.5 and gwt-incubator-security 1.0.1. Any useful links and comments are welcome.
Here are my config files
applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<global-method-security secured-annotations="enabled"
jsr250-annotations="disabled" />
<http auto-config="true">
<!-- <intercept-url pattern="/**/*.rpc" access="ROLE_USER" /> -->
<intercept-url pattern="/gwt/**" access="ROLE_USER" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</http>
<authentication-provider>
<user-service>
<user name="rod" password="koala"
authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
<user name="dianne" password="emu" authorities="ROLE_USER,ROLE_TELLER" />
<user name="scott" password="wombat" authorities="ROLE_USER" />
<user name="peter" password="opal" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
<beans:bean id="greetService" class="com.ct.test.server.GreetingServiceImpl" />
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<!-- Default page to serve -->
<welcome-file-list>
<welcome-file>Spring_test.html</welcome-file>
</welcome-file-list>
<!-- Spring related configuration -->
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- Initialise the Spring MVC DispatcherServlet -->
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Map the DispatcherServlet to only intercept RPC requests -->
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/spring_test/greet.rpc</url-pattern>
<!--
<url-pattern>/org.example.gwtwisdom.GwtWisdom/services/*</url-pattern>
-->
</servlet-mapping>
<servlet>
<servlet-name>greetServlet</servlet-name>
<servlet-class>com.ct.test.server.GreetingServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>greetServlet</servlet-name>
<url-pattern>/spring_test/greet.rpc</url-pattern>
</servlet-mapping>
<!-- Spring security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- The application context definition for the DispatcherServlet -->
<bean id="urlMapping" class="com.gwtincubator.security.server.GWTSecuredHandler">
<property name="mappings">
<map>
<entry key="/spring_test/greet.rpc" value-ref="greetService" />
</map>
</property>
</bean>
Here is my sample project that i tried to integrate with Spring Security: http://www.filedropper.com/springtest_1
To enable Spring Security integration with Spring MVC add the @EnableWebSecurity annotation to your configuration. Spring Security provides the configuration using Spring MVC's WebMvcConfigurer.
The Spring Security Architecture There are multiple filters in spring security out of which one is the Authentication Filter, which initiates the process of authentication. Once the request passes through the authentication filter, the credentials of the user are stored in the Authentication object.
I'am using GWT+Spring security. I find in your configuration, there is some misunderstanding. In fact, there is a very simple way that can let spring security work with your gwt regardless the gwt-incubator-security. You just need to declare your application context in you web.xml.
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext-security.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
You don't declare here your MVC dispatcherServlet ! Then everything works because of the Spring Security framework mechanism.
Then if you insist to use gwt-incubator-security. I've read a very good solution in french, but it rest uncheck. http://hugo.developpez.com/tutoriels/java/gwt/utilisation-gwt-avec-spring-et-hibernate/
<servlet> <servlet-name>appService</servlet-name> <servlet-class>com.google.gwt.app.example.server.AppServiceImpl</servlet-class> </servlet> <servlet-mapping> <servlet-name>appService</servlet-name> <url-pattern>/app/appService</url-pattern> </servlet-mapping>
If you like very much Spring, and you want to use DispatcherServlet to dispatch the request, then GWT-handler can help you to get rid of the problem. Firstly, you load application context in the web.xml as below:
<context-param>
<param-name> contextConfigLocation </param-name>
<param-value> classpath:applicationContext_GWT.xml </param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
Then you can declare your rpc service in Spring context: applicationContext_GWT.xml
<bean id=" appService "
class=" com.google.gwt.app.example.server.AppServiceImpl">
</bean>
But you should not forget to add the GWTHandler declaration in the application context file applicationContext_GWT.xml
The last thing is to declare the spring servlet: DispatcherServlet in the web.xml. Pay attention to the fact that this is the spring’s proper servlet not the GWT-SL’s.
web.xml
<servlet>
<servlet-name>handler</servlet-name>
<servlet-class> org.springframework.web.servlet.DispatcherServlet </servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>handler</servlet-name>
<url-pattern>*.rpc</url-pattern>
</servlet-mapping>
Servlet name is important because DispatcherServlet will search for the spring context file named by “*-servlet.xml”. As the servlet name is handler, it will search for the spring context “handler-servlet.xml”. So here we will solve the problem like this, we put the application context which is independent with the DispatcherServlet in the “applicationContext_GWT.xml”, then the one that is dependent with the DispatcherServlet in the “-servlet.xml”, as the servlet name is “handler”, then we should have “handler-servlet.xml”, then put the following configuration of GWT_SL from applicationContext_GWT.xml into handler-servlet.xml Handler-servlet.xml
<bean id="urlProjectMapping" class="org.gwtwidgets.server.spring.GWTHandler">
<!-- Supply here mappings between URLs and services. Services must implement the RemoteService interface but are not otherwise restricted.-->
<property name="mappings">
<map>
<!-- Other mappings could follow -->
<entry key="/app/appService.rpc" value-ref="appService" />
</map>
</property>
</bean>
Then add the following configuration in the web.xml dans la declaration de servlet.
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value> /WEB-INF/handler-servlet.xml </param-value>
</init-param>
The filter pattern concerns just the RPC call with a suffix .rpc (I didn’t use the GWT-SL, so the method above for integration has not been checked.)
After you have all the above configuration, then you create your filtreprocessentrypoint in your applicationi context file.
Hope this can help you!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With