[Nuiton-web-commits] r216 - in branches/nuiton-web-1.11-security: . nuiton-security nuiton-security/src/main/java/org/nuiton/web nuiton-security/src/main/java/org/nuiton/web/secu/actions nuiton-security/src/main/java/org/nuiton/web/security nuiton-security/src/main/java/org/nuiton/web/security/actions nuiton-security/src/main/resources nuiton-security/src/main/resources/WEB-INF nuiton-security/src/main/resources/WEB-INF/secu nuiton-security/src/main/resources/WEB-INF/security nuiton-security/src/main/resour

Author: echatellier Date: 2012-10-16 17:25:31 +0200 (Tue, 16 Oct 2012) New Revision: 216 Url: http://nuiton.org/repositories/revision/nuiton-web/216 Log: Refactoring secu > security Implements realm on topia Add custom servlet filter. Added: branches/nuiton-web-1.11-security/nuiton-security/ branches/nuiton-web-1.11-security/nuiton-security/pom.xml branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/AbstractAction.java branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/LoginAction.java branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/LogoutAction.java branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/RoleAction.java branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/RolePermissionsAction.java branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/UserAction.java branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/UserRolesAction.java branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/ branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/login.jsp branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/role.jsp branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/user-roles.jsp branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/user.jsp branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/i18n/nuiton-security_en_GB.properties branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/i18n/nuiton-security_fr_FR.properties branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/struts.xml branches/nuiton-web-1.11-security/nuiton-security/src/main/xmi/security.properties branches/nuiton-web-1.11-security/nuiton-security/src/main/xmi/security.zargo Removed: branches/nuiton-web-1.11-security/nuiton-security/pom.xml branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/secu/actions/SecuRole.java branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/secu/actions/SecuUser.java branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/AbstractSecuAction.java branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/SecuMatrix.java branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/SecuRole.java branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/SecuUser.java branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/secu/secu-login.jsp branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/secu-login.jsp branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/secu-matrix.jsp branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/secu-role.jsp branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/secu-user.jsp branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/i18n/nuiton-secu_en_GB.properties branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/i18n/nuiton-secu_fr_FR.properties branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/i18n/secu-lib_fr_FR.properties branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/struts.xml branches/nuiton-web-1.11-security/nuiton-security/src/main/xmi/secu.properties branches/nuiton-web-1.11-security/nuiton-security/src/main/xmi/secu.zargo Modified: branches/nuiton-web-1.11-security/pom.xml Deleted: branches/nuiton-web-1.11-security/nuiton-security/pom.xml =================================================================== (Binary files differ) Copied: branches/nuiton-web-1.11-security/nuiton-security/pom.xml (from rev 213, branches/nuiton-web-1.11-security/nuiton-secu/pom.xml) =================================================================== (Binary files differ) Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/secu/actions/SecuRole.java =================================================================== --- branches/nuiton-web-1.11-security/nuiton-secu/src/main/java/org/nuiton/web/secu/actions/SecuRole.java 2012-10-10 15:30:37 UTC (rev 211) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/secu/actions/SecuRole.java 2012-10-16 15:25:31 UTC (rev 216) @@ -1,76 +0,0 @@ -package org.nuiton.web.secu.actions; - -import javax.servlet.http.HttpServletRequest; - -import org.apache.commons.lang3.StringUtils; -import org.nuiton.topia.TopiaContext; -import org.nuiton.topia.TopiaException; -import org.nuiton.topia.TopiaRuntimeException; -import org.nuiton.web.SecuDAOHelper; -import org.nuiton.web.filter.TopiaTransactionFilter; -import org.nuiton.web.secu.SecuRoleDAO; -import org.nuiton.web.secu.SecuRoleImpl; - -import com.opensymphony.xwork2.Preparable; - -public class SecuRole extends AbstractSecuAction implements Preparable { - - /** serialVersionUID. */ - private static final long serialVersionUID = 1L; - - /** Topia context associated with request. */ - protected TopiaContext transaction; - - protected SecuRoleDAO secuRoleDAO; - - protected org.nuiton.web.secu.SecuRole role; - - @Override - public void setServletRequest(HttpServletRequest request) { - transaction = TopiaTransactionFilter.getTransaction(request); - } - - @Override - public void prepare() throws Exception { - secuRoleDAO = SecuDAOHelper.getSecuRoleDAO(transaction); - } - - @Override - public String input() throws Exception { - return super.input(); - } - - public org.nuiton.web.secu.SecuRole getRole() { - if (role == null) { - String roleId = getParameter("roleId"); - if (StringUtils.isNotBlank(roleId)) { - try { - role = secuRoleDAO.findByTopiaId(roleId); - } catch (TopiaException ex) { - throw new TopiaRuntimeException(ex); - } - } else { - role = new SecuRoleImpl(); - } - } - return role; - } - - @Override - public String execute() throws Exception { - String result = super.execute(); - - try { - if (role.getTopiaId() == null) { - secuRoleDAO.create(role); - } else { - secuRoleDAO.update(role); - } - transaction.commitTransaction(); - } catch (Exception ex) { - addActionError(ex.getMessage()); - result = input(); - } - return result; - } -} Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/secu/actions/SecuUser.java =================================================================== --- branches/nuiton-web-1.11-security/nuiton-secu/src/main/java/org/nuiton/web/secu/actions/SecuUser.java 2012-10-10 15:30:37 UTC (rev 211) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/secu/actions/SecuUser.java 2012-10-16 15:25:31 UTC (rev 216) @@ -1,76 +0,0 @@ -package org.nuiton.web.secu.actions; - -import javax.servlet.http.HttpServletRequest; - -import org.apache.commons.lang3.StringUtils; -import org.nuiton.topia.TopiaContext; -import org.nuiton.topia.TopiaException; -import org.nuiton.topia.TopiaRuntimeException; -import org.nuiton.web.SecuDAOHelper; -import org.nuiton.web.filter.TopiaTransactionFilter; -import org.nuiton.web.secu.SecuUserDAO; -import org.nuiton.web.secu.SecuUserImpl; - -import com.opensymphony.xwork2.Preparable; - -public class SecuUser extends AbstractSecuAction implements Preparable { - - /** serialVersionUID. */ - private static final long serialVersionUID = 1L; - - /** Topia context associated with request. */ - protected TopiaContext transaction; - - protected SecuUserDAO secuUserDAO; - - protected org.nuiton.web.secu.SecuUser user; - - @Override - public void setServletRequest(HttpServletRequest request) { - transaction = TopiaTransactionFilter.getTransaction(request); - } - - @Override - public void prepare() throws Exception { - secuUserDAO = SecuDAOHelper.getSecuUserDAO(transaction); - } - - @Override - public String input() throws Exception { - return super.input(); - } - - public org.nuiton.web.secu.SecuUser getUser() { - if (user == null) { - String roleId = getParameter("userId"); - if (StringUtils.isNotBlank(roleId)) { - try { - user = secuUserDAO.findByTopiaId(roleId); - } catch (TopiaException ex) { - throw new TopiaRuntimeException(ex); - } - } else { - user = new SecuUserImpl(); - } - } - return user; - } - - @Override - public String execute() throws Exception { - String result = super.execute(); - - try { - if (user.getTopiaId() == null) { - secuUserDAO.create(user); - } else { - secuUserDAO.update(user); - } - transaction.commitTransaction(); - } catch (Exception ex) { - addActionError(ex.getMessage()); - result = input(); - } - return result; - } -} Added: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,111 @@ +package org.nuiton.web.security; + +import java.io.IOException; +import java.util.Properties; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.realm.Realm; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.web.mgt.DefaultWebSecurityManager; +import org.apache.shiro.web.servlet.AbstractShiroFilter; +import org.nuiton.topia.TopiaContext; +import org.nuiton.topia.TopiaContextFactory; +import org.nuiton.topia.TopiaException; +import org.nuiton.topia.framework.TopiaUtil; +import org.nuiton.util.ApplicationConfig; +import org.nuiton.web.SecurityDAOHelper; + +public class SecurityShiroFilter extends AbstractShiroFilter { + + private static final Log log = LogFactory.getLog(SecurityShiroFilter.class); + + @Override + public void init() throws Exception { + + // get config from context + ApplicationConfig config = (ApplicationConfig)getServletContext().getAttribute("ApplicationConfig"); + if (config == null) { + throw new IllegalArgumentException("No ApplicationConfig attribute found in servlet context"); + } + + // get topia root context + config.setOption(TopiaContextFactory.CONFIG_PERSISTENCE_CLASSES, SecurityDAOHelper.getImplementationClassesAsString()); + Properties props = config.getFlatOptions(); + TopiaContext rootContext = TopiaContextFactory.getContext(props); + initSchema(rootContext); + getServletContext().setAttribute("rootContext", rootContext); + + // see http://shiro.apache.org/configuration.html#Configuration-ProgrammaticConfigu... + if (log.isInfoEnabled()) { + log.info("Overriding shiro realms"); + } + //DefaultWebEnvironment env = new DefaultWebEnvironment(); + Realm topiaSecurityRealm = new TopiaSecurityRealm(rootContext, config); + DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(topiaSecurityRealm); + setSecurityManager(securityManager); + /*FilterChainResolver resolver = getFilterChainResolver(); + if (resolver != null) { + setFilterChainResolver(resolver); + }*/ + } + + protected static void initSchema(TopiaContext rootContext) throws TopiaException { + TopiaContext transaction = rootContext.beginTransaction(); + boolean testTable = TopiaUtil.isSchemaExist(transaction, SecurityUserImpl.class.getName()); + transaction.closeContext(); + if (!testTable) { + if (log.isInfoEnabled()) { + log.info("Create database schema"); + } + rootContext.createSchema(); + } else { + if (log.isDebugEnabled()) { + log.debug("Table SecurityUser found, skip schema creation"); + } + } + } + + @Override + protected void doFilterInternal(ServletRequest servletRequest, + ServletResponse servletResponse, FilterChain chain) + throws ServletException, IOException { + + // get subject + Subject subjectUser = createSubject(servletRequest, servletResponse); + if (log.isDebugEnabled()) { + log.debug("Testing permission for user " + subjectUser.getPrincipal()); + } + + // get permission + String uri = ((HttpServletRequest)servletRequest).getRequestURI(); + String perm = "url:" + uri; + if (subjectUser.isPermitted(perm)) { + if (log.isDebugEnabled()) { + log.debug("User is permitted to access " + perm); + } + super.doFilterInternal(servletRequest, servletResponse, chain); + } else if (uri.equals("/security/login.action") + || uri.startsWith("/js/") + || uri.startsWith("/img/") + || uri.startsWith("/css/")) { + if (log.isDebugEnabled()) { + log.debug("Temp allowing static access " + uri); + } + super.doFilterInternal(servletRequest, servletResponse, chain); + } else { + if (log.isDebugEnabled()) { + log.debug("User is NOT permitted to access " + perm); + } + ((HttpServletResponse)servletResponse).sendRedirect("/security/login.action"); + } + } +} Property changes on: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java ___________________________________________________________________ Added: svn:keywords + Author Date Id Revision HeadURL Added: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,139 @@ +package org.nuiton.web.security; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.shiro.authc.AuthenticationException; +import org.apache.shiro.authc.AuthenticationInfo; +import org.apache.shiro.authc.AuthenticationToken; +import org.apache.shiro.authc.SimpleAuthenticationInfo; +import org.apache.shiro.authc.UsernamePasswordToken; +import org.apache.shiro.authz.AuthorizationInfo; +import org.apache.shiro.authz.SimpleAuthorizationInfo; +import org.apache.shiro.realm.AuthorizingRealm; +import org.apache.shiro.subject.PrincipalCollection; +import org.nuiton.topia.TopiaContext; +import org.nuiton.topia.TopiaException; +import org.nuiton.topia.TopiaRuntimeException; +import org.nuiton.util.ApplicationConfig; +import org.nuiton.web.SecurityDAOHelper; +import org.nuiton.web.security.SecurityUser; +import org.nuiton.web.security.SecurityUserDAO; +import org.nuiton.web.security.SecurityUserImpl; + +public class TopiaSecurityRealm extends AuthorizingRealm { + + private static final Log log = LogFactory.getLog(TopiaSecurityRealm.class); + + protected TopiaContext rootContext; + + protected ApplicationConfig config; + + public TopiaSecurityRealm(TopiaContext rootContext, ApplicationConfig config) { + this.rootContext = rootContext; + this.config = config; + } + + @Override + protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { + + String login = (String) principals.getPrimaryPrincipal(); + + SimpleAuthorizationInfo result = null; + TopiaContext transaction = null; + try { + transaction = rootContext.beginTransaction(); + SecurityUserDAO securityUserDAO = SecurityDAOHelper.getSecurityUserDAO(transaction); + + if (log.isDebugEnabled()) { + log.debug("Build autorisation list for user : " + login); + } + + SecurityUser securityUser = securityUserDAO.findByLogin(login); + result = new SimpleAuthorizationInfo(); + for (SecurityRole role : securityUser.getRoles()) { + for (String permission : role.getPermissions()) { + result.addStringPermission(permission); + if (log.isDebugEnabled()) { + log.debug(" - add permission : " + permission); + } + } + } + + } catch (Exception ex) { + + } finally { + if (transaction != null) { + try { + transaction.closeContext(); + } catch (TopiaException ex) { + throw new TopiaRuntimeException(ex); + } + } + } + + return result; + } + + @Override + protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { + + UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token; + String login = usernamePasswordToken.getUsername(); + char[] password = usernamePasswordToken.getPassword(); + + AuthenticationInfo result = null; + TopiaContext transaction = null; + try { + transaction = rootContext.beginTransaction(); + SecurityUserDAO securityUserDAO = SecurityDAOHelper.getSecurityUserDAO(transaction); + + SecurityUser securityUser = securityUserDAO.findByLogin(login); + + if (securityUser == null) { + long count = securityUserDAO.count(); + // si il n'y a aucun utilisateur, le premier utilisateur + // devient un power user, super admin de la mort + if (count == 0) { + if (log.isDebugEnabled()) { + log.debug("Creating new admin user with login : " + login); + } + SecurityRoleDAO securityRoleDAO = SecurityDAOHelper.getSecurityRoleDAO(transaction); + + securityUser = securityUserDAO.create(); + securityUser.setLogin(login); + securityUser.setPassword(String.valueOf(password)); + + // on lui attribut tous les droits + SecurityRole role = securityRoleDAO.create(); + role.setName("admin"); + role.addPermissions("*:*"); + securityUser.addRoles(role); + + transaction.commitTransaction(); + } else { + if (log.isDebugEnabled()) { + log.debug(count + " accounts found"); + } + } + } + + if (securityUser != null) { + result = new SimpleAuthenticationInfo(securityUser.getLogin(), + securityUser.getPassword(), getName()); + } + + } catch (TopiaException ex) { + throw new TopiaRuntimeException(ex); + } finally { + if (transaction != null) { + try { + transaction.closeContext(); + } catch (TopiaException ex) { + throw new TopiaRuntimeException(ex); + } + } + } + + return result; + } +} Property changes on: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java ___________________________________________________________________ Added: svn:keywords + Author Date Id Revision HeadURL Copied: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/AbstractAction.java (from rev 211, branches/nuiton-web-1.11-security/nuiton-secu/src/main/java/org/nuiton/web/secu/actions/AbstractSecuAction.java) =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/AbstractAction.java (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/AbstractAction.java 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,68 @@ +package org.nuiton.web.security.actions; + +import java.util.Map; + +import javax.servlet.ServletContext; + +import org.apache.struts2.interceptor.ParameterAware; +import org.apache.struts2.util.ServletContextAware; +import org.nuiton.topia.TopiaContext; +import org.nuiton.util.ApplicationConfig; + +import com.opensymphony.xwork2.ActionSupport; + +public class AbstractAction extends ActionSupport implements ServletContextAware, ParameterAware { + + /** serialVersionUID. */ + private static final long serialVersionUID = -1097798007319592593L; + + protected TopiaContext rootContext; + protected ApplicationConfig config; + protected Map<String, String[]> actionParameters; + + @Override + public void setParameters(Map<String, String[]> parameters) { + this.actionParameters = parameters; + } + + @Override + public void setServletContext(ServletContext context) { + config = (ApplicationConfig)context.getAttribute("ApplicationConfig"); + rootContext = (TopiaContext)context.getAttribute("rootContext"); + } + + /** + * Renvoie la valeur d'un paramètre de la request. Cette méthode peut + * être appelée pour récupérer la valeur d'un paramètre avant que + * l'intercepteur pousse les valeurs saisies dans un formulaire. + * + * @param parameterKey l'identifiant du paramètre + * @return sa valeur + */ + public String getParameter(String parameterKey) { + String result = null; + if (actionParameters != null) { + String[] parameterValues = actionParameters.get(parameterKey); + if (parameterValues != null && parameterValues.length >= 1) { + result = parameterValues[0]; + } + } + return result; + } + + /** + * Renvoie la valeur d'un paramètre de la request. Cette méthode peut + * être appelée pour récupérer la valeur d'un paramètre avant que + * l'intercepteur pousse les valeurs saisies dans un formulaire. + * + * @param parameterKey l'identifiant du paramètre + * @return sa valeur + */ + public String[] getParameters(String parameterKey) { + String[] result = null; + if (actionParameters != null) { + result = actionParameters.get(parameterKey); + } + return result; + } +} Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/AbstractSecuAction.java =================================================================== --- branches/nuiton-web-1.11-security/nuiton-secu/src/main/java/org/nuiton/web/secu/actions/AbstractSecuAction.java 2012-10-10 15:30:37 UTC (rev 211) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/AbstractSecuAction.java 2012-10-16 15:25:31 UTC (rev 216) @@ -1,68 +0,0 @@ -package org.nuiton.web.secu.actions; - -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; - -import org.apache.struts2.interceptor.ParameterAware; -import org.apache.struts2.interceptor.ServletRequestAware; -import org.nuiton.topia.TopiaContext; -import org.nuiton.web.filter.TopiaTransactionFilter; - -import com.opensymphony.xwork2.ActionSupport; - -public class AbstractSecuAction extends ActionSupport implements ServletRequestAware, ParameterAware { - - /** serialVersionUID. */ - private static final long serialVersionUID = -1097798007319592593L; - - /** Topia context associated with request. */ - protected TopiaContext transaction; - - protected Map<String, String[]> actionParameters; - - @Override - public void setParameters(Map<String, String[]> parameters) { - this.actionParameters = parameters; - } - - @Override - public void setServletRequest(HttpServletRequest request) { - transaction = TopiaTransactionFilter.getTransaction(request); - } - - /** - * Renvoie la valeur d'un paramètre de la request. Cette méthode peut - * être appelée pour récupérer la valeur d'un paramètre avant que - * l'intercepteur pousse les valeurs saisies dans un formulaire. - * - * @param parameterKey l'identifiant du paramètre - * @return sa valeur - */ - public String getParameter(String parameterKey) { - String result = null; - if (actionParameters != null) { - String[] parameterValues = actionParameters.get(parameterKey); - if (parameterValues != null && parameterValues.length >= 1) { - result = parameterValues[0]; - } - } - return result; - } - - /** - * Renvoie la valeur d'un paramètre de la request. Cette méthode peut - * être appelée pour récupérer la valeur d'un paramètre avant que - * l'intercepteur pousse les valeurs saisies dans un formulaire. - * - * @param parameterKey l'identifiant du paramètre - * @return sa valeur - */ - public String[] getParameters(String parameterKey) { - String[] result = null; - if (actionParameters != null) { - result = actionParameters.get(parameterKey); - } - return result; - } -} Copied: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/LoginAction.java (from rev 214, branches/nuiton-web-1.11-security/nuiton-secu/src/main/java/org/nuiton/web/secu/actions/SecuLogin.java) =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/LoginAction.java (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/LoginAction.java 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,100 @@ +package org.nuiton.web.security.actions; + +import static org.nuiton.i18n.I18n._; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.authc.AuthenticationException; +import org.apache.shiro.authc.ExcessiveAttemptsException; +import org.apache.shiro.authc.IncorrectCredentialsException; +import org.apache.shiro.authc.LockedAccountException; +import org.apache.shiro.authc.UnknownAccountException; +import org.apache.shiro.authc.UsernamePasswordToken; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.web.util.SavedRequest; +import org.apache.shiro.web.util.WebUtils; +import org.apache.struts2.interceptor.ServletRequestAware; +import org.apache.struts2.interceptor.ServletResponseAware; + +public class LoginAction extends AbstractAction implements ServletRequestAware, ServletResponseAware { + + private static final Log log = LogFactory.getLog(LoginAction.class); + + /** serialVersionUID. */ + private static final long serialVersionUID = 1L; + + protected String login; + + protected String password; + + protected HttpServletRequest request; + protected HttpServletResponse response; + + @Override + public void setServletRequest(HttpServletRequest request) { + this.request = request; + } + + @Override + public void setServletResponse(HttpServletResponse response) { + this.response = response; + } + + public void setLogin(String login) { + this.login = login; + } + + public void setPassword(String password) { + this.password = password; + } + + @Override + public String execute() throws Exception { + String result = null; + + if (login == null || password == null) { + result = input(); + } else { + try { + Subject currentUser = SecurityUtils.getSubject(); + UsernamePasswordToken token = new UsernamePasswordToken(login, password); + currentUser.login(token); + result = SUCCESS; + } catch (UnknownAccountException ex) { + addActionError(_("Identifiant ou mot de passe invalide !")); + log.warn("Unknow user account", ex); + result = input(); + } catch (IncorrectCredentialsException ex) { + addActionError(_("Identifiant ou mot de passe invalide !")); + log.warn("Invalid password", ex); + result = input(); + } catch (LockedAccountException ex) { + addActionError(_("Compte bloqué. Contacter un administrateur")); + log.error("Account locked error", ex); + result = input(); + } catch (ExcessiveAttemptsException ex) { + addActionError(_("Nombre de tentatives dépassé")); + log.error("Excessive attemps error", ex); + result = input(); + } catch (AuthenticationException ex) { + addActionError(ex.getMessage()); + log.warn("Authentication error", ex); + result = input(); + } + + SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(request); + if (savedRequest != null) { // can be + response.sendRedirect(savedRequest.getRequestUrl()); + } + } + return result; + } + + + + +} Copied: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/LogoutAction.java (from rev 214, branches/nuiton-web-1.11-security/nuiton-secu/src/main/java/org/nuiton/web/secu/actions/SecuLogout.java) =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/LogoutAction.java (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/LogoutAction.java 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,21 @@ +package org.nuiton.web.security.actions; + +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.subject.Subject; +import org.nuiton.web.security.SecurityUserDAO; + +public class LogoutAction extends AbstractAction { + + /** serialVersionUID. */ + private static final long serialVersionUID = 1L; + + protected SecurityUserDAO securityUserDAO; + + @Override + public String execute() throws Exception { + Subject currentUser = SecurityUtils.getSubject(); + currentUser.logout(); + + return SUCCESS; + } +} Copied: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/RoleAction.java (from rev 214, branches/nuiton-web-1.11-security/nuiton-secu/src/main/java/org/nuiton/web/secu/actions/SecuRole.java) =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/RoleAction.java (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/RoleAction.java 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,55 @@ +package org.nuiton.web.security.actions; + +import org.apache.commons.lang3.StringUtils; +import org.nuiton.topia.TopiaContext; +import org.nuiton.topia.TopiaException; +import org.nuiton.topia.TopiaRuntimeException; +import org.nuiton.web.security.SecurityRole; +import org.nuiton.web.security.SecurityRoleDAO; +import org.nuiton.web.security.SecurityRoleImpl; + +public class RoleAction extends AbstractAction { + + /** serialVersionUID. */ + private static final long serialVersionUID = 1L; + + protected SecurityRoleDAO securityRoleDAO; + + protected SecurityRole role; + + public SecurityRole getRole() { + if (role == null) { + String roleId = getParameter("roleId"); + if (StringUtils.isNotBlank(roleId)) { + try { + role = securityRoleDAO.findByTopiaId(roleId); + } catch (TopiaException ex) { + throw new TopiaRuntimeException(ex); + } + } else { + role = new SecurityRoleImpl(); + } + } + return role; + } + + @Override + public String execute() throws Exception { + String result = super.execute(); + + try { + TopiaContext transaction = rootContext.beginTransaction(); + if (role.getTopiaId() == null) { + securityRoleDAO.create(role); + } else { + securityRoleDAO.update(role); + } + transaction.commitTransaction(); + transaction.closeContext(); + } catch (Exception ex) { + addActionError(ex.getMessage()); + result = input(); + } + return result; + } +} Added: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/RolePermissionsAction.java =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/RolePermissionsAction.java (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/RolePermissionsAction.java 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,128 @@ +package org.nuiton.web.security.actions; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import org.apache.commons.lang3.StringUtils; +import org.nuiton.topia.TopiaContext; +import org.nuiton.web.SecurityDAOHelper; +import org.nuiton.web.security.SecurityRole; +import org.nuiton.web.security.SecurityRoleDAO; +import org.nuiton.web.security.SecurityUser; +import org.nuiton.web.security.SecurityUserDAO; + +public class RolePermissionsAction extends AbstractAction { + + /** serialVersionUID. */ + private static final long serialVersionUID = 1L; + + protected SecurityUserDAO securityUserDAO; + + protected SecurityRoleDAO securityRoleDAO; + + /** Id categories with name. */ + protected Map<String, String> categories; + /** Id permission with name. */ + protected Map<String, String> permissions; + /** Id categories with permissions ids. */ + protected Map<String, Collection<String>> categoryPermissions; + /** Id permission with permissions strings. */ + protected Map<String, Collection<String>> shiroPerms; + + protected List<SecurityRole> roles; + + protected List<String> userIds; + + @Override + public String input() throws Exception { + TopiaContext transaction = rootContext.beginTransaction(); + securityRoleDAO = SecurityDAOHelper.getSecurityRoleDAO(transaction); + roles = securityRoleDAO.findAllWithOrder(SecurityRole.NAME); + transaction.closeContext(); + + categories = new HashMap<String, String>(); + permissions = new HashMap<String, String>(); + categoryPermissions = new HashMap<String, Collection<String>>(); + shiroPerms = new HashMap<String, Collection<String>>(); + Properties props = config.getFlatOptions(); + for (String prop : props.stringPropertyNames()) { + if (prop.startsWith("topia.security.permission.")) { + String endProp = StringUtils.removeStart(prop, "topia.security.permission."); + String[] subs = endProp.split("\\."); + if (subs.length == 1) { + categories.put(subs[0], props.getProperty(prop)); + } else if (subs.length == 2) { + String perms = props.getProperty(prop); + String[] permTab = perms.split("\\s*\\.\\s*"); + Collection<String> permList = Arrays.asList(permTab); + shiroPerms.put(subs[0], permList); + } else if (subs.length == 3) { + // name + String name = props.getProperty(prop); + permissions.put(subs[1], name); + // association + Collection<String> categoryPermissionCol = categoryPermissions.get(subs[0]); + if (categoryPermissionCol == null) { + categoryPermissionCol = new ArrayList<String>(); + categoryPermissions.put(subs[0], categoryPermissionCol); + } + categoryPermissionCol.add(subs[1]); + } + } + } + return super.input(); + } + + public List<SecurityRole> getRoles() { + return roles; + } + + public Map<String, String> getCategories() { + return categories; + } + + public Map<String, String> getPermissions() { + return permissions; + } + + public Map<String, Collection<String>> getCategoryPermissions() { + return categoryPermissions; + } + + @Override + public String execute() throws Exception { + String result = super.execute(); + + if (userIds == null) { + result = input(); + } else { + try { + TopiaContext transaction = rootContext.beginTransaction(); + securityUserDAO = SecurityDAOHelper.getSecurityUserDAO(transaction); + securityRoleDAO = SecurityDAOHelper.getSecurityRoleDAO(transaction); + for (String userId : userIds) { + SecurityUser securityUser = securityUserDAO.findByTopiaId(userId); + securityUser.clearRoles(); + + String[] roleIds = getParameters("roles-" + userId); + if (roleIds != null) { + for (String roleId : roleIds) { + SecurityRole secuRole = securityRoleDAO.findByTopiaId(roleId); + securityUser.addRoles(secuRole); + } + } + } + transaction.commitTransaction(); + } catch (Exception ex) { + addActionError(ex.getMessage()); + result = input(); + } + } + return result; + } +} Property changes on: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/RolePermissionsAction.java ___________________________________________________________________ Added: svn:keywords + Author Date Id Revision HeadURL Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/SecuMatrix.java =================================================================== --- branches/nuiton-web-1.11-security/nuiton-secu/src/main/java/org/nuiton/web/secu/actions/SecuMatrix.java 2012-10-10 15:30:37 UTC (rev 211) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/SecuMatrix.java 2012-10-16 15:25:31 UTC (rev 216) @@ -1,89 +0,0 @@ -package org.nuiton.web.secu.actions; - -import java.util.List; - -import javax.servlet.http.HttpServletRequest; - -import org.nuiton.web.SecuDAOHelper; -import org.nuiton.web.filter.TopiaTransactionFilter; -import org.nuiton.web.secu.SecuRole; -import org.nuiton.web.secu.SecuRoleDAO; -import org.nuiton.web.secu.SecuUser; -import org.nuiton.web.secu.SecuUserDAO; - -import com.opensymphony.xwork2.Preparable; - -public class SecuMatrix extends AbstractSecuAction implements Preparable { - - /** serialVersionUID. */ - private static final long serialVersionUID = 1L; - - protected SecuUserDAO secuUserDAO; - - protected SecuRoleDAO secuRoleDAO; - - protected List<SecuUser> users; - - protected List<SecuRole> roles; - - protected List<String> userIds; - - @Override - public void setServletRequest(HttpServletRequest request) { - transaction = TopiaTransactionFilter.getTransaction(request); - } - - @Override - public void prepare() throws Exception { - secuUserDAO = SecuDAOHelper.getSecuUserDAO(transaction); - secuRoleDAO = SecuDAOHelper.getSecuRoleDAO(transaction); - } - - @Override - public String input() throws Exception { - users = secuUserDAO.findAllWithOrder(SecuUser.LOGIN); - roles = secuRoleDAO.findAllWithOrder(SecuRole.NAME); - return super.input(); - } - - public List<SecuUser> getUsers() { - return users; - } - - public List<SecuRole> getRoles() { - return roles; - } - - public void setUserIds(List<String> userIds) { - this.userIds = userIds; - } - - @Override - public String execute() throws Exception { - String result = super.execute(); - - if (userIds == null) { - result = input(); - } else { - try { - for (String userId : userIds) { - SecuUser secuUser = secuUserDAO.findByTopiaId(userId); - secuUser.clearPermissions(); - - String[] permissions = getParameters("permissions-" + userId); - if (permissions != null) { - for (String permission : permissions) { - SecuRole secuRole = secuRoleDAO.findByTopiaId(permission); - secuUser.addPermissions(secuRole); - } - } - } - transaction.commitTransaction(); - } catch (Exception ex) { - addActionError(ex.getMessage()); - result = input(); - } - } - return result; - } -} Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/SecuRole.java =================================================================== --- branches/nuiton-web-1.11-security/nuiton-secu/src/main/java/org/nuiton/web/secu/actions/SecuRole.java 2012-10-10 15:30:37 UTC (rev 211) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/SecuRole.java 2012-10-16 15:25:31 UTC (rev 216) @@ -1,76 +0,0 @@ -package org.nuiton.web.secu.actions; - -import javax.servlet.http.HttpServletRequest; - -import org.apache.commons.lang3.StringUtils; -import org.nuiton.topia.TopiaContext; -import org.nuiton.topia.TopiaException; -import org.nuiton.topia.TopiaRuntimeException; -import org.nuiton.web.SecuDAOHelper; -import org.nuiton.web.filter.TopiaTransactionFilter; -import org.nuiton.web.secu.SecuRoleDAO; -import org.nuiton.web.secu.SecuRoleImpl; - -import com.opensymphony.xwork2.Preparable; - -public class SecuRole extends AbstractSecuAction implements Preparable { - - /** serialVersionUID. */ - private static final long serialVersionUID = 1L; - - /** Topia context associated with request. */ - protected TopiaContext transaction; - - protected SecuRoleDAO secuRoleDAO; - - protected org.nuiton.web.secu.SecuRole role; - - @Override - public void setServletRequest(HttpServletRequest request) { - transaction = TopiaTransactionFilter.getTransaction(request); - } - - @Override - public void prepare() throws Exception { - secuRoleDAO = SecuDAOHelper.getSecuRoleDAO(transaction); - } - - @Override - public String input() throws Exception { - return super.input(); - } - - public org.nuiton.web.secu.SecuRole getRole() { - if (role == null) { - String roleId = getParameter("roleId"); - if (StringUtils.isNotBlank(roleId)) { - try { - role = secuRoleDAO.findByTopiaId(roleId); - } catch (TopiaException ex) { - throw new TopiaRuntimeException(ex); - } - } else { - role = new SecuRoleImpl(); - } - } - return role; - } - - @Override - public String execute() throws Exception { - String result = super.execute(); - - try { - if (role.getTopiaId() == null) { - secuRoleDAO.create(role); - } else { - secuRoleDAO.update(role); - } - transaction.commitTransaction(); - } catch (Exception ex) { - addActionError(ex.getMessage()); - result = input(); - } - return result; - } -} Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/SecuUser.java =================================================================== --- branches/nuiton-web-1.11-security/nuiton-secu/src/main/java/org/nuiton/web/secu/actions/SecuUser.java 2012-10-10 15:30:37 UTC (rev 211) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/SecuUser.java 2012-10-16 15:25:31 UTC (rev 216) @@ -1,76 +0,0 @@ -package org.nuiton.web.secu.actions; - -import javax.servlet.http.HttpServletRequest; - -import org.apache.commons.lang3.StringUtils; -import org.nuiton.topia.TopiaContext; -import org.nuiton.topia.TopiaException; -import org.nuiton.topia.TopiaRuntimeException; -import org.nuiton.web.SecuDAOHelper; -import org.nuiton.web.filter.TopiaTransactionFilter; -import org.nuiton.web.secu.SecuUserDAO; -import org.nuiton.web.secu.SecuUserImpl; - -import com.opensymphony.xwork2.Preparable; - -public class SecuUser extends AbstractSecuAction implements Preparable { - - /** serialVersionUID. */ - private static final long serialVersionUID = 1L; - - /** Topia context associated with request. */ - protected TopiaContext transaction; - - protected SecuUserDAO secuUserDAO; - - protected org.nuiton.web.secu.SecuUser user; - - @Override - public void setServletRequest(HttpServletRequest request) { - transaction = TopiaTransactionFilter.getTransaction(request); - } - - @Override - public void prepare() throws Exception { - secuUserDAO = SecuDAOHelper.getSecuUserDAO(transaction); - } - - @Override - public String input() throws Exception { - return super.input(); - } - - public org.nuiton.web.secu.SecuUser getUser() { - if (user == null) { - String roleId = getParameter("userId"); - if (StringUtils.isNotBlank(roleId)) { - try { - user = secuUserDAO.findByTopiaId(roleId); - } catch (TopiaException ex) { - throw new TopiaRuntimeException(ex); - } - } else { - user = new SecuUserImpl(); - } - } - return user; - } - - @Override - public String execute() throws Exception { - String result = super.execute(); - - try { - if (user.getTopiaId() == null) { - secuUserDAO.create(user); - } else { - secuUserDAO.update(user); - } - transaction.commitTransaction(); - } catch (Exception ex) { - addActionError(ex.getMessage()); - result = input(); - } - return result; - } -} Copied: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/UserAction.java (from rev 214, branches/nuiton-web-1.11-security/nuiton-secu/src/main/java/org/nuiton/web/secu/actions/SecuUser.java) =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/UserAction.java (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/UserAction.java 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,57 @@ +package org.nuiton.web.security.actions; + +import org.apache.commons.lang3.StringUtils; +import org.nuiton.topia.TopiaContext; +import org.nuiton.topia.TopiaException; +import org.nuiton.topia.TopiaRuntimeException; +import org.nuiton.web.SecurityDAOHelper; +import org.nuiton.web.security.SecurityUser; +import org.nuiton.web.security.SecurityUserDAO; +import org.nuiton.web.security.SecurityUserImpl; + +public class UserAction extends AbstractAction { + + /** serialVersionUID. */ + private static final long serialVersionUID = 1L; + + protected SecurityUserDAO securityUserDAO; + + protected SecurityUser user; + + public SecurityUser getUser() { + if (user == null) { + String roleId = getParameter("userId"); + if (StringUtils.isNotBlank(roleId)) { + try { + user = securityUserDAO.findByTopiaId(roleId); + } catch (TopiaException ex) { + throw new TopiaRuntimeException(ex); + } + } else { + user = new SecurityUserImpl(); + } + } + return user; + } + + @Override + public String execute() throws Exception { + String result = super.execute(); + + try { + TopiaContext transaction = rootContext.beginTransaction(); + securityUserDAO = SecurityDAOHelper.getSecurityUserDAO(transaction); + if (user.getTopiaId() == null) { + securityUserDAO.create(user); + } else { + securityUserDAO.update(user); + } + transaction.commitTransaction(); + transaction.closeContext(); + } catch (Exception ex) { + addActionError(ex.getMessage()); + result = input(); + } + return result; + } +} Copied: branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/UserRolesAction.java (from rev 211, branches/nuiton-web-1.11-security/nuiton-secu/src/main/java/org/nuiton/web/secu/actions/SecuMatrix.java) =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/UserRolesAction.java (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/java/org/nuiton/web/security/actions/UserRolesAction.java 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,82 @@ +package org.nuiton.web.security.actions; + +import java.util.List; + +import org.nuiton.topia.TopiaContext; +import org.nuiton.web.SecurityDAOHelper; +import org.nuiton.web.security.SecurityRole; +import org.nuiton.web.security.SecurityRoleDAO; +import org.nuiton.web.security.SecurityUser; +import org.nuiton.web.security.SecurityUserDAO; + +public class UserRolesAction extends AbstractAction { + + /** serialVersionUID. */ + private static final long serialVersionUID = 1L; + + protected SecurityUserDAO securityUserDAO; + + protected SecurityRoleDAO securityRoleDAO; + + protected List<SecurityUser> users; + + protected List<SecurityRole> roles; + + protected List<String> userIds; + + @Override + public String input() throws Exception { + TopiaContext transaction = rootContext.beginTransaction(); + securityUserDAO = SecurityDAOHelper.getSecurityUserDAO(transaction); + securityRoleDAO = SecurityDAOHelper.getSecurityRoleDAO(transaction); + users = securityUserDAO.findAllWithOrder(SecurityUser.LOGIN); + roles = securityRoleDAO.findAllWithOrder(SecurityRole.NAME); + transaction.closeContext(); + return super.input(); + } + + public List<SecurityUser> getUsers() { + return users; + } + + public List<SecurityRole> getRoles() { + return roles; + } + + public void setUserIds(List<String> userIds) { + this.userIds = userIds; + } + + @Override + public String execute() throws Exception { + String result = super.execute(); + + if (userIds == null) { + result = input(); + } else { + try { + TopiaContext transaction = rootContext.beginTransaction(); + securityUserDAO = SecurityDAOHelper.getSecurityUserDAO(transaction); + securityRoleDAO = SecurityDAOHelper.getSecurityRoleDAO(transaction); + for (String userId : userIds) { + SecurityUser securityUser = securityUserDAO.findByTopiaId(userId); + securityUser.clearRoles(); + + String[] roleIds = getParameters("roles-" + userId); + if (roleIds != null) { + for (String roleId : roleIds) { + SecurityRole secuRole = securityRoleDAO.findByTopiaId(roleId); + securityUser.addRoles(secuRole); + } + } + } + transaction.commitTransaction(); + transaction.closeContext(); + } catch (Exception ex) { + addActionError(ex.getMessage()); + result = input(); + } + } + return result; + } +} Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/secu/secu-login.jsp =================================================================== --- branches/nuiton-web-1.11-security/nuiton-secu/src/main/resources/WEB-INF/secu/secu-login.jsp 2012-10-10 15:30:37 UTC (rev 211) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/secu/secu-login.jsp 2012-10-16 15:25:31 UTC (rev 216) @@ -1,22 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<%@taglib uri="/struts-tags" prefix="s" %> -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <title>Sécurité</title> - </head> - - <body> - - <h1>Sécurité</h1> - - <h2>Utilisateur</h2> - - <s:form action="secu-login" namespace="/secu"> - <s:actionerror /> - <s:textfield label="Identifiant" name="login" /> - <s:password label="Mot de passe" name="password" /> - <s:submit label="Connexion" /> - </s:form> - </body> -</html> \ No newline at end of file Copied: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/login.jsp (from rev 214, branches/nuiton-web-1.11-security/nuiton-secu/src/main/resources/WEB-INF/secu/secu-login.jsp) =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/login.jsp (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/login.jsp 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,22 @@ +<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<%@taglib uri="/struts-tags" prefix="s" %> +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <title>Authentification requise</title> + </head> + + <body> + + <h1>Authentification requise</h1> + + <h2>Connexion</h2> + + <s:form action="login" namespace="/security"> + <s:actionerror /> + <s:textfield label="Identifiant" name="login" /> + <s:password label="Mot de passe" name="password" /> + <s:submit label="Connexion" /> + </s:form> + </body> +</html> \ No newline at end of file Copied: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/role.jsp (from rev 211, branches/nuiton-web-1.11-security/nuiton-secu/src/main/resources/WEB-INF/secu/secu-role.jsp) =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/role.jsp (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/role.jsp 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,22 @@ +<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<%@taglib uri="/struts-tags" prefix="s" %> +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <title>Sécurité</title> + </head> + + <body> + + <h1>Sécurité</h1> + + <h2>Role</h2> + + <s:form action="role" namespace="/security"> + <s:actionerror /> + <s:hidden name="roleId" value="%{role.topiaId}" /> + <s:textfield label="Nom" name="role.name" value="%{role.name}"/> + <s:submit label="Valider" /> + </s:form> + </body> +</html> \ No newline at end of file Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/secu-login.jsp =================================================================== --- branches/nuiton-web-1.11-security/nuiton-secu/src/main/resources/WEB-INF/secu/secu-login.jsp 2012-10-10 15:30:37 UTC (rev 211) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/secu-login.jsp 2012-10-16 15:25:31 UTC (rev 216) @@ -1,22 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<%@taglib uri="/struts-tags" prefix="s" %> -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <title>Sécurité</title> - </head> - - <body> - - <h1>Sécurité</h1> - - <h2>Utilisateur</h2> - - <s:form action="secu-login" namespace="/secu"> - <s:actionerror /> - <s:textfield label="Identifiant" name="login" /> - <s:password label="Mot de passe" name="password" /> - <s:submit label="Connexion" /> - </s:form> - </body> -</html> \ No newline at end of file Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/secu-matrix.jsp =================================================================== --- branches/nuiton-web-1.11-security/nuiton-secu/src/main/resources/WEB-INF/secu/secu-matrix.jsp 2012-10-10 15:30:37 UTC (rev 211) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/secu-matrix.jsp 2012-10-16 15:25:31 UTC (rev 216) @@ -1,72 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<%@taglib uri="/struts-tags" prefix="s" %> -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <title>Sécurité</title> - </head> - - <body> - - <h1>Sécurité</h1> - - <h2>Permission</h2> - - <form action="<s:url action="secu-matrix" namespace="/secu" />" method="post"> - <table class="secu-roletable"> - <tr> - <td colspan="2" class="empty"/> - <s:if test="!roles.empty"> - <th colspan="<s:property value="roles.size()" />">Rôles</th> - </s:if> - </tr> - <tr> - <td colspan="2" class="empty"/> - <s:iterator value="roles"> - <td> - <a href="<s:url action='secu-role!input' namespace='/secu'> - <s:param name="roleId"><s:property value="topiaId" /></s:param> - </s:url>"> - <s:property value="name" /> - </a> - </td> - </s:iterator> - </tr> - <s:iterator value="users" var="user" status="userStatus"> - <input type="hidden" name="userIds" value="<s:property value="topiaId" />" /> - <tr> - <s:if test="#userStatus.first"> - <th rowspan="<s:property value="users.size()" />" class="vertical">Utilisateurs</th> - </s:if> - <td> - <a href="<s:url action='secu-user!input' namespace='/secu'> - <s:param name="userId"><s:property value="topiaId" /></s:param> - </s:url>"> - <s:property value="login" /> - </a> - </td> - <s:iterator value="roles" var="role"> - <td> - <input id="<s:property value="#user.topiaId" /><s:property value="#user.topiaId" />" - type="checkbox" name="permissions-<s:property value="#user.topiaId" />" value="<s:property value="#role.topiaId" />" - <s:if test="#user.permissions.contains(#role)" > - checked="checked" - </s:if> /> - </td> - </s:iterator> - </tr> - </s:iterator> - </table> - <input type="submit" value="Valider" /> - </form> - - <h2>Gestion</h2> - - <div class="secu-newuser"> - <a href="<s:url action='secu-user!input' namespace='/secu' />">Nouvel utilisateur</a> - </div> - <div class="secu-newrole"> - <a href="<s:url action='secu-role!input' namespace='/secu' />">Nouveau rôle</a> - </div> - </body> -</html> \ No newline at end of file Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/secu-role.jsp =================================================================== --- branches/nuiton-web-1.11-security/nuiton-secu/src/main/resources/WEB-INF/secu/secu-role.jsp 2012-10-10 15:30:37 UTC (rev 211) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/secu-role.jsp 2012-10-16 15:25:31 UTC (rev 216) @@ -1,22 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<%@taglib uri="/struts-tags" prefix="s" %> -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <title>Sécurité</title> - </head> - - <body> - - <h1>Sécurité</h1> - - <h2>Role</h2> - - <s:form action="secu-role" namespace="/secu"> - <s:actionerror /> - <s:hidden name="roleId" value="%{role.topiaId}" /> - <s:textfield label="Nom" name="role.name" value="%{role.name}"/> - <s:submit label="Valider" /> - </s:form> - </body> -</html> \ No newline at end of file Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/secu-user.jsp =================================================================== --- branches/nuiton-web-1.11-security/nuiton-secu/src/main/resources/WEB-INF/secu/secu-user.jsp 2012-10-10 15:30:37 UTC (rev 211) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/secu-user.jsp 2012-10-16 15:25:31 UTC (rev 216) @@ -1,21 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<%@taglib uri="/struts-tags" prefix="s" %> -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <title>Secu</title> - </head> - - <body> - - <h1>Sécurité</h1> - - <s:form action="secu-user" namespace="/secu"> - <s:actionerror /> - <s:hidden name="userId" value="%{user.topiaId}" /> - <s:textfield label="Identifiant" name="user.login" value="%{user.login}"/> - <s:password label="Mot de passe" name="user.password" value="%{user.password}" /> - <s:submit label="Valider" /> - </s:form> - </body> -</html> \ No newline at end of file Copied: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/user-roles.jsp (from rev 211, branches/nuiton-web-1.11-security/nuiton-secu/src/main/resources/WEB-INF/secu/secu-matrix.jsp) =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/user-roles.jsp (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/user-roles.jsp 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,72 @@ +<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<%@taglib uri="/struts-tags" prefix="s" %> +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <title>Sécurité</title> + </head> + + <body> + + <h1>Sécurité</h1> + + <h2>Permission</h2> + + <form action="<s:url action="user-roles" namespace="/security" />" method="post"> + <table class="secu-roletable"> + <tr> + <td colspan="2" class="empty"/> + <s:if test="!roles.empty"> + <th colspan="<s:property value="roles.size()" />">Rôles</th> + </s:if> + </tr> + <tr> + <td colspan="2" class="empty"/> + <s:iterator value="roles"> + <td> + <a href="<s:url action='role!input' namespace='/security'> + <s:param name="roleId"><s:property value="topiaId" /></s:param> + </s:url>"> + <s:property value="name" /> + </a> + </td> + </s:iterator> + </tr> + <s:iterator value="users" var="user" status="userStatus"> + <input type="hidden" name="userIds" value="<s:property value="topiaId" />" /> + <tr> + <s:if test="#userStatus.first"> + <th rowspan="<s:property value="users.size()" />" class="vertical">Utilisateurs</th> + </s:if> + <td> + <a href="<s:url action='user!input' namespace='/security'> + <s:param name="userId"><s:property value="topiaId" /></s:param> + </s:url>"> + <s:property value="login" /> + </a> + </td> + <s:iterator value="roles" var="role"> + <td> + <input id="<s:property value="#user.topiaId" /><s:property value="#user.topiaId" />" + type="checkbox" name="roles-<s:property value="#user.topiaId" />" value="<s:property value="#role.topiaId" />" + <s:if test="#user.roles.contains(#role)" > + checked="checked" + </s:if> /> + </td> + </s:iterator> + </tr> + </s:iterator> + </table> + <input type="submit" value="Valider" /> + </form> + + <h2>Gestion</h2> + + <div class="secu-newuser"> + <a href="<s:url action='secu-user!input' namespace='/secu' />">Nouvel utilisateur</a> + </div> + <div class="secu-newrole"> + <a href="<s:url action='secu-role!input' namespace='/secu' />">Nouveau rôle</a> + </div> + </body> +</html> \ No newline at end of file Copied: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/user.jsp (from rev 211, branches/nuiton-web-1.11-security/nuiton-secu/src/main/resources/WEB-INF/secu/secu-user.jsp) =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/user.jsp (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/WEB-INF/security/user.jsp 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,21 @@ +<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<%@taglib uri="/struts-tags" prefix="s" %> +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <title>Secu</title> + </head> + + <body> + + <h1>Sécurité</h1> + + <s:form action="secu-user" namespace="/secu"> + <s:actionerror /> + <s:hidden name="userId" value="%{user.topiaId}" /> + <s:textfield label="Identifiant" name="user.login" value="%{user.login}"/> + <s:password label="Mot de passe" name="user.password" value="%{user.password}" /> + <s:submit label="Valider" /> + </s:form> + </body> +</html> \ No newline at end of file Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/i18n/nuiton-secu_en_GB.properties =================================================================== Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/i18n/nuiton-secu_fr_FR.properties =================================================================== Added: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/i18n/nuiton-security_en_GB.properties =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/i18n/nuiton-security_en_GB.properties (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/i18n/nuiton-security_en_GB.properties 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,3 @@ +Compte\ bloqué.\ Contacter\ un\ administrateur= +Identifiant\ ou\ mot\ de\ passe\ invalide\ \!= +Nombre\ de\ tentatives\ dépassé= Added: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/i18n/nuiton-security_fr_FR.properties =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/i18n/nuiton-security_fr_FR.properties (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/i18n/nuiton-security_fr_FR.properties 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,3 @@ +Compte\ bloqué.\ Contacter\ un\ administrateur= +Identifiant\ ou\ mot\ de\ passe\ invalide\ \!= +Nombre\ de\ tentatives\ dépassé= Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/i18n/secu-lib_fr_FR.properties =================================================================== Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/struts.xml =================================================================== --- branches/nuiton-web-1.11-security/nuiton-secu/src/main/resources/struts.xml 2012-10-10 15:30:37 UTC (rev 211) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/struts.xml 2012-10-16 15:25:31 UTC (rev 216) @@ -1,34 +0,0 @@ -<!DOCTYPE struts PUBLIC - "-//Apache Software Foundation//DTD Struts Configuration 2.3//EN" - "http://struts.apache.org/dtds/struts-2.3.dtd"> -<struts> - - <package name="secu" abstract="true" extends="struts-default"> - - </package> - - - <package name="org.nuiton.web.secu.actions" namespace="/secu" extends="secu"> - <default-action-ref name="secu-matrix"/> - - <action name="secu-matrix" class="org.nuiton.web.secu.actions.SecuMatrix"> - <result name="input">/WEB-INF/secu/secu-matrix.jsp</result> - <result name="success" type="redirectAction"> - <param name="actionName">secu-matrix</param> - </result> - </action> - <action name="secu-role" class="org.nuiton.web.secu.actions.SecuRole"> - <result name="input">/WEB-INF/secu/secu-role.jsp</result> - <result name="success" type="redirectAction"> - <param name="actionName">secu-matrix</param> - </result> - </action> - <action name="secu-user" class="org.nuiton.web.secu.actions.SecuUser"> - <result name="input">/WEB-INF/secu/secu-user.jsp</result> - <result name="success" type="redirectAction"> - <param name="actionName">secu-matrix</param> - </result> - </action> - </package> - -</struts> Copied: branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/struts.xml (from rev 214, branches/nuiton-web-1.11-security/nuiton-secu/src/main/resources/struts.xml) =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/struts.xml (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/resources/struts.xml 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,47 @@ +<!DOCTYPE struts PUBLIC + "-//Apache Software Foundation//DTD Struts Configuration 2.3//EN" + "http://struts.apache.org/dtds/struts-2.3.dtd"> +<struts> + + <package name="org.nuiton.web.secu.actions" namespace="/security" extends="struts-default"> + <default-action-ref name="user-roles"/> + + <action name="user-roles" class="org.nuiton.web.security.actions.UserRolesAction"> + <result name="input">/WEB-INF/security/user-roles.jsp</result> + <result name="success" type="redirectAction"> + <param name="actionName">user-roles</param> + </result> + </action> + <action name="role-permissions" class="org.nuiton.web.security.actions.RolePermissionsAction"> + <result name="input">/WEB-INF/security/role-permissions.jsp</result> + <result name="success" type="redirectAction"> + <param name="actionName">user-roles</param> + </result> + </action> + <action name="role" class="org.nuiton.web.security.actions.RoleAction"> + <result name="input">/WEB-INF/security/role.jsp</result> + <result name="success" type="redirectAction"> + <param name="actionName">user-roles</param> + </result> + </action> + <action name="user" class="org.nuiton.web.security.actions.UserAction"> + <result name="input">/WEB-INF/security/user.jsp</result> + <result name="success" type="redirectAction"> + <param name="actionName">user-roles</param> + </result> + </action> + <action name="login" class="org.nuiton.web.security.actions.LoginAction"> + <result name="input">/WEB-INF/security/login.jsp</result> + <result name="success" type="redirectAction"> + <param name="actionName">user-roles</param> + </result> + </action> + <action name="logout" class="org.nuiton.web.security.actions.LogoutAction"> + <result name="success" type="redirectAction"> + <param name="actionName">index</param> + <param name="namespace">/</param> + </result> + </action> + </package> + +</struts> Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/xmi/secu.properties =================================================================== --- branches/nuiton-web-1.11-security/nuiton-secu/src/main/xmi/secu.properties 2012-10-10 15:30:37 UTC (rev 211) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/xmi/secu.properties 2012-10-16 15:25:31 UTC (rev 216) @@ -1 +0,0 @@ -model.tagvalue.String=text Deleted: branches/nuiton-web-1.11-security/nuiton-security/src/main/xmi/secu.zargo =================================================================== (Binary files differ) Copied: branches/nuiton-web-1.11-security/nuiton-security/src/main/xmi/security.properties (from rev 211, branches/nuiton-web-1.11-security/nuiton-secu/src/main/xmi/secu.properties) =================================================================== --- branches/nuiton-web-1.11-security/nuiton-security/src/main/xmi/security.properties (rev 0) +++ branches/nuiton-web-1.11-security/nuiton-security/src/main/xmi/security.properties 2012-10-16 15:25:31 UTC (rev 216) @@ -0,0 +1,2 @@ +model.tagvalue.String=text +org.nuiton.web.security.SecurityUser.attribute.roles.tagvalue.lazy=false \ No newline at end of file Added: branches/nuiton-web-1.11-security/nuiton-security/src/main/xmi/security.zargo =================================================================== (Binary files differ) Property changes on: branches/nuiton-web-1.11-security/nuiton-security/src/main/xmi/security.zargo ___________________________________________________________________ Added: svn:mime-type + application/zip Modified: branches/nuiton-web-1.11-security/pom.xml =================================================================== --- branches/nuiton-web-1.11-security/pom.xml 2012-10-16 15:22:08 UTC (rev 215) +++ branches/nuiton-web-1.11-security/pom.xml 2012-10-16 15:25:31 UTC (rev 216) @@ -23,7 +23,7 @@ <module>nuiton-tapestry</module> <module>nuiton-rss</module> <module>nuiton-gwt</module> - <module>nuiton-secu</module> + <module>nuiton-security</module> </modules> <dependencyManagement> @@ -177,8 +177,13 @@ <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> - <version>1.2.1</version> + <version>${shiroVersion}</version> </dependency> + <dependency> + <groupId>org.apache.shiro</groupId> + <artifactId>shiro-web</artifactId> + <version>${shiroVersion}</version> + </dependency> </dependencies> @@ -249,7 +254,7 @@ <projectId>nuiton-web</projectId> <nuitonI18nVersion>2.5</nuitonI18nVersion> - <nuitonUtilsVersion>2.4.8</nuitonUtilsVersion> + <nuitonUtilsVersion>2.6.3</nuitonUtilsVersion> <nuitonI18nPluginVersion>${nuitonI18nVersion}</nuitonI18nPluginVersion> <topiaVersion>2.6.10</topiaVersion> @@ -265,6 +270,7 @@ <!-- Strust 2 --> <struts2Version>2.3.4</struts2Version> + <shiroVersion>1.2.1</shiroVersion> <servletApiVersion>2.5</servletApiVersion> <jettyVersion>${jettyPluginVersion}</jettyVersion> <windstoneVersion>0.9.10-hudson-24</windstoneVersion>