3

I have spring_tiles web application and now trying to add spring security to it:

That is a peace of my TilesConfig.xml:

 <definition name="loginPage" extends="commonPage">
  <put-attribute name="body" value="/WEB-INF/tiles/jsp/login_body.jsp" />
 </definition>

Here comes my spring mapping part:

<bean id="urlMapping"
  class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
  <property name="interceptors">
   <list>
    <ref bean="openSessionInViewInterceptor" />
   </list>
  </property>
  <property name="mappings">
   <props>
    <prop key="/main.htm">mainController</prop>
    <prop key="/category.htm">viewCategoryController</prop>
    <prop key="/good.htm">goodController</prop>
    <prop key="/registration.htm">registrationController</prop>
    <prop key="/login.htm">?</prop>
   </props>
  </property>
 </bean>

And here is a part from applicationContext-security.xml:

 <http auto-config='true'>
  <intercept-url pattern="/**" access="ROLE_USER" />
  <intercept-url pattern="/css/**" filters="none"/>
  <intercept-url pattern="/js/**" filters="none"/>
  <intercept-url pattern="/login.htm*" filters="none"/>
  <form-login login-page="/login.htm" />
 </http>

But I wonder how should I set up my tiles page definition to the mapping. In all other pages I used controllers but I suppose I should not use any loginController in that case because Spring Security do that instead.

So, here is my question: how to map tiles loginPage to /login.htm within spring security?

Raghuram
  • 51,854
  • 11
  • 110
  • 122
Ananda
  • 189
  • 2
  • 4
  • 12

3 Answers3

2

Another option is to have the following controller:

@Controller
@RequestMapping("/login")
public class LoginController {

    @RequestMapping(method = RequestMethod.GET)
    public String login(Locale locale, Model model) {
        return "login";
    }

    @RequestMapping(value = "/error", method = RequestMethod.GET)
    public String loginWithError(Locale locale, Model model) {
        model.addAttribute("error", true);
        return "login";
    }
}

In security-context.xml, configure form-login as follows:

<form-login login-page="/login" authentication-failure-url="/login/error" />

In views.xml declare the login view:

<definition name="login" extends="template">
    <put-attribute name="title" value="Nuevo Usuario"/>
    <put-attribute name="body" value="/login.jsp"/>
</definition>

finally, in login.jsp, to show the error in case there is one, use the following code:

<c:if test="${not empty error}">
    <font color="red"> Error al ingresar. <br /> Motivo :
        ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
    </font>
</c:if>
damian
  • 4,024
  • 5
  • 35
  • 53
2

By default, there is nothing specific in the configuration for spring security with tiles.

If the name of your login page tile is loginPage, I guess you should have something similar to the following in your applicationContext-security.xml 

<intercept-url pattern="/loginPage" filters="none"/>
<form-login login-page="/loginPage" />

If you are using spring security, the login page would have a POST url, which goes to /j_spring_security_check (by default). This is the equivalent of the loginController.

Raghuram
  • 51,854
  • 11
  • 110
  • 122
  • I've tried that - and it just redirects to http://localhost:8080/myapp/loginPage instead of using tiles view. But I found a way to realise that - look at the answers... I just have a poor knowledge about Spring - that was a problem :) – Ananda Jan 28 '11 at 08:18
0

I've found a way to do it. In the spring config I've added this:

<bean id="loginController"
    class="org.springframework.web.servlet.mvc.ParameterizableViewController">
    <property name="viewName" value="loginPage" />
</bean>

And in the mapping accordingly add that:

<prop key="/login.htm">loginController</prop>

Tiles and security configurations remained the same.

Ananda
  • 189
  • 2
  • 4
  • 12