I've succeeded in integrating Spring Security into my zk web application. But I found some problem, Sessions.getCurrent() yields null on my custom authentication manager.
How I can solve this issue?
CustomAuthenticationManager.java :
public class CustomAuthenticationManager implements AuthenticationManager {
TparoperatorDAO oDao = new TparoperatorDAO();
TparameterDAO oTparameterDao = new TparameterDAO();
Session session;
Transaction transaction;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
Tparoperator tparoperator = null;
Authentication auth = null;
String username = (String) authentication.getPrincipal();
String password = (String) authentication.getCredentials();
System.out.println("authenticate : " + username);
if (username.isEmpty() || password.isEmpty()) {
throw new BadCredentialsException("Username atau password tidak boleh kosong!");
}
try {
session = StoreHibernateUtil.openSession();
tparoperator = oDao.login(session, username);
} catch (Exception ex) {
throw new BadCredentialsException("Invalid username/password");
}
if (tparoperator == null) {
throw new BadCredentialsException("User tidak ditemukan");
} else if (Helper.ToString(tparoperator.getStatususer()).equals(SysUtils.STATUS_WAIT_NOT_ACTIVE)) {
throw new BadCredentialsException("User tidak aktif");
} else if (tparoperator.getStatuslogin().equals("1")) {
throw new BadCredentialsException("User sedang dipakai");
}
//FIXME: uncomment this connect LDAP
//this.ldapAuthentication(authentication);
try {
auth = this.setAuthorities(authentication, tparoperator, session);
} catch (Exception ex) {
ex.printStackTrace();
throw new BadCredentialsException("Authentication Error");
}
return auth;
}
public Authentication setAuthorities(Authentication authentication, Tparoperator p, Session session) throws Exception {
String sessionId = "";
org.zkoss.zk.ui.Session zkSession = Sessions.getCurrent();
Object mySession = Sessions.getCurrent();
if (mySession != null) {
mySession = ((org.zkoss.zk.ui.Session) mySession).getNativeSession();
}
if (mySession != null) {
HttpSession httpsession = (HttpSession) mySession;
sessionId = httpsession.getId();
}
System.out.println("SESSION ID : " + sessionId);
System.out.println("SESSION : " + zkSession);
p.setSessionid(sessionId);
p.setStatuslogin("1");
ArrayList<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_USER"));
UserUtils userUtils = this.buildAccessMenu(p, authentication.getPrincipal().toString(), authentication.getCredentials().toString(), sessionId, grantedAuthorities);
zkSession.setAttribute("userUtils", userUtils);
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(p, authentication.getCredentials(), grantedAuthorities);
UserDetailsImpl details = new UserDetailsImpl(p);
details.setAuthorities(grantedAuthorities);
auth.setDetails(details);
//UPDATE ONLINE
transaction = session.beginTransaction();
oDao.save(session, p);
transaction.commit();
return auth;
}
}
web.xml :
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:web="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd
http://xmlns.jcp.org/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.4">
<display-name>cms</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- omit code for abbreviate -->
</web-app>
applicationContext-security.xml :
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd
">
<security:http entry-point-ref="myAuthenticationEntryPoint" create-session="always">
<security:session-management>
<security:concurrency-control expired-url="/logout.zul" max-sessions="1"
error-if-maximum-exceeded="true"></security:concurrency-control>
</security:session-management>
<security:custom-filter position="FORM_LOGIN_FILTER" ref="customizedFormLoginFilter"/>
<!-- anonymous pages -->
<security:intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/login.zul" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/index.zul" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/templates/**" filters="none"/>
<security:intercept-url pattern="/css/**" filters="none"/>
<security:intercept-url pattern="/js/**" filters="none"/>
<security:intercept-url pattern="/images/**" filters="none"/>
<!-- secure pages -->
<security:intercept-url pattern="/**" access="ROLE_USER"/>
<security:intercept-url pattern="/logout.zul" access="ROLE_USER"/>
<security:logout logout-success-url="/login.zul"/>
<security:anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
</security:http>
<bean id="myAuthenticationEntryPoint" class="com.sdd.cms.security.CustomAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login.zul"/>
</bean>
<security:authentication-manager alias="authenticationManager"/>
<bean id="customizedFormLoginFilter" class="com.sdd.cms.security.CustomAuthenticationFilter">
<property name="filterProcessesUrl" value="/j_spring_security_check"/>
<property name="authenticationSuccessHandler" ref="myAuthSuccessHandler"/>
<property name="authenticationFailureHandler" ref="myAuthFailureHandler"/>
<property name="authenticationManager" ref="myAuthenticationManager"/>
<property name="allowSessionCreation" value="true"/>
</bean>
<bean id="myAuthSuccessHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/content/index.zul"/>
</bean>
<bean id="myAuthFailureHandler" class="com.sdd.cms.security.MyAuthenticationFailuerHandler">
<property name="defaultFailureUrl" value="/login.zul?error=true"/>
</bean>
<bean id="myAuthenticationManager" class="com.sdd.cms.security.CustomAuthenticationManager"/>
<bean id="loggerListener" class="org.springframework.security.access.event.LoggerListener"/>
</beans>
get session :
String sessionId = "";
org.zkoss.zk.ui.Session zkSession = Sessions.getCurrent();
Object mySession = Sessions.getCurrent();
if (mySession != null) {
mySession = ((org.zkoss.zk.ui.Session) mySession).getNativeSession();
}
if (mySession != null) {
HttpSession httpsession = (HttpSession) mySession;
sessionId = httpsession.getId();
}
System.out.println("SESSION ID : " + sessionId);
System.out.println("SESSION : " + zkSession);
result :
java.lang.NullPointerException
SESSION ID :
SESSION : null
Please help me,
Regards, Rayhan
