Author: echatellier Date: 2012-10-19 10:42:55 +0200 (Fri, 19 Oct 2012) New Revision: 226 Url: http://nuiton.org/repositories/revision/nuiton-web/226 Log: Correction de la redirection apr?\195?\168s login sur la page demand?\195?\169e. La methode "shiro" marche plus :( Added: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecuritySubjectFactory.java Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/LoginAction.java Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java 2012-10-18 15:00:51 UTC (rev 225) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java 2012-10-19 08:42:55 UTC (rev 226) @@ -14,17 +14,12 @@ import org.apache.commons.logging.LogFactory; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; -import org.apache.shiro.mgt.SecurityManager; -import org.apache.shiro.mgt.SubjectFactory; import org.apache.shiro.realm.Realm; import org.apache.shiro.session.Session; -import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.Subject; -import org.apache.shiro.subject.SubjectContext; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.servlet.AbstractShiroFilter; -import org.apache.shiro.web.subject.WebSubjectContext; -import org.apache.shiro.web.subject.support.WebDelegatingSubject; +import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.nuiton.topia.TopiaContext; import org.nuiton.topia.TopiaContextFactory; import org.nuiton.topia.TopiaException; @@ -32,7 +27,7 @@ import org.nuiton.util.ApplicationConfig; import org.nuiton.web.SecurityDAOHelper; -public class SecurityShiroFilter extends AbstractShiroFilter implements SubjectFactory { +public class SecurityShiroFilter extends AbstractShiroFilter { private static final Log log = LogFactory.getLog(SecurityShiroFilter.class); @@ -41,6 +36,8 @@ public static final String ROOT_CONTEXT_CONTEXT = SecurityShiroFilter.class.getName() + "#" + TopiaContext.class.getName(); protected static final String ANON_LOGIN = "anonymous"; + + public static final String SESSION_SAVED_URL = "savedUrl"; protected ApplicationConfig config; @@ -66,10 +63,12 @@ if (log.isInfoEnabled()) { log.info("Overriding shiro realms"); } + Realm realm = new TopiaSecurityRealm(rootContext, config); DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(realm); + securityManager.setSubjectFactory(new SecuritySubjectFactory()); + securityManager.setSessionManager(new DefaultWebSessionManager()); setSecurityManager(securityManager); - securityManager.setSubjectFactory(this); SecurityUtils.setSecurityManager(securityManager); } @@ -130,7 +129,14 @@ if (log.isDebugEnabled()) { log.debug("User is NOT permitted to access " + perm); } + // anon n'est pas considéré comme authenticated if (ANON_LOGIN.equals(subjectUser.getPrincipal())) { + if (log.isDebugEnabled()) { + log.debug("Redirecting user to login page"); + } + // save request and redirect to login + Session session = subjectUser.getSession(); + session.setAttribute(SESSION_SAVED_URL, ((HttpServletRequest)servletRequest).getRequestURL().toString()); ((HttpServletResponse)servletResponse).sendRedirect(config.getOption("topia.security.loginurl")); } else { ((HttpServletResponse)servletResponse).sendError(401, "Not authorized to access " + uri); @@ -152,29 +158,6 @@ } } } - - @Override - public Subject createSubject(SubjectContext context) { - /*if (!(context instanceof WebSubjectContext)) { - return super.createSubject(context); - }*/ - WebSubjectContext wsc = (WebSubjectContext) context; - SecurityManager securityManager = wsc.resolveSecurityManager(); - Session session = wsc.resolveSession(); - boolean sessionEnabled = wsc.isSessionCreationEnabled(); - PrincipalCollection principals = wsc.resolvePrincipals(); - boolean authenticated = wsc.resolveAuthenticated(); - - // dans le cas du module securité, on va dire que non - if (authenticated && ANON_LOGIN.equals(principals.getPrimaryPrincipal())) { - authenticated = false; - } - - String host = wsc.resolveHost(); - ServletRequest request = wsc.resolveServletRequest(); - ServletResponse response = wsc.resolveServletResponse(); - - return new WebDelegatingSubject(principals, authenticated, host, session, sessionEnabled, - request, response, securityManager); - } + + } Added: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecuritySubjectFactory.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecuritySubjectFactory.java (rev 0) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecuritySubjectFactory.java 2012-10-19 08:42:55 UTC (rev 226) @@ -0,0 +1,41 @@ +package org.nuiton.web.security; + +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; + +import org.apache.shiro.mgt.SecurityManager; +import org.apache.shiro.session.Session; +import org.apache.shiro.subject.PrincipalCollection; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.subject.SubjectContext; +import org.apache.shiro.web.mgt.DefaultWebSubjectFactory; +import org.apache.shiro.web.subject.WebSubjectContext; +import org.apache.shiro.web.subject.support.WebDelegatingSubject; + +public class SecuritySubjectFactory extends DefaultWebSubjectFactory { + + @Override + public Subject createSubject(SubjectContext context) { + if (!(context instanceof WebSubjectContext)) { + return super.createSubject(context); + } + WebSubjectContext wsc = (WebSubjectContext) context; + SecurityManager securityManager = wsc.resolveSecurityManager(); + Session session = wsc.resolveSession(); + boolean sessionEnabled = wsc.isSessionCreationEnabled(); + PrincipalCollection principals = wsc.resolvePrincipals(); + boolean authenticated = wsc.resolveAuthenticated(); + + // dans le cas du module securité, on va dire que non + if (authenticated && SecurityShiroFilter.ANON_LOGIN.equals(principals.getPrimaryPrincipal())) { + authenticated = false; + } + + String host = wsc.resolveHost(); + ServletRequest request = wsc.resolveServletRequest(); + ServletResponse response = wsc.resolveServletResponse(); + + return new WebDelegatingSubject(principals, authenticated, host, session, sessionEnabled, + request, response, securityManager); + } +} Property changes on: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecuritySubjectFactory.java ___________________________________________________________________ Added: svn:keywords + Author Date Id Revision HeadURL Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java 2012-10-18 15:00:51 UTC (rev 225) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java 2012-10-19 08:42:55 UTC (rev 226) @@ -55,7 +55,7 @@ for (String permission : role.getPermissions()) { //result.addStringPermission(permission); if (log.isDebugEnabled()) { - log.debug(" - add permission : " + permission); + log.debug("- add permission : " + permission); } for (String prop : props.stringPropertyNames()) { @@ -70,7 +70,7 @@ for (String perm : permTab) { result.addStringPermission(perm); if (log.isDebugEnabled()) { - log.debug(" - add string permission : " + perm); + log.debug(" string permission : " + perm); } } } Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/LoginAction.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/LoginAction.java 2012-10-18 15:00:51 UTC (rev 225) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/LoginAction.java 2012-10-19 08:42:55 UTC (rev 226) @@ -2,6 +2,7 @@ import static org.nuiton.i18n.I18n._; +import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -14,11 +15,13 @@ import org.apache.shiro.authc.LockedAccountException; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; +import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; import org.apache.shiro.web.util.SavedRequest; import org.apache.shiro.web.util.WebUtils; import org.apache.struts2.interceptor.ServletRequestAware; import org.apache.struts2.interceptor.ServletResponseAware; +import org.nuiton.web.security.SecurityShiroFilter; public class LoginAction extends AbstractAction implements ServletRequestAware, ServletResponseAware { @@ -64,6 +67,18 @@ UsernamePasswordToken token = new UsernamePasswordToken(login, password); currentUser.login(token); result = SUCCESS; + + // marche pas :( + //SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(request); + Session session = currentUser.getSession(); + String requestURL = (String)session.getAttribute(SecurityShiroFilter.SESSION_SAVED_URL); + if (request != null) { // can be + if (log.isDebugEnabled()) { + log.debug("Redirecting to saved url " + requestURL); + } + session.removeAttribute(SecurityShiroFilter.SESSION_SAVED_URL); + response.sendRedirect(requestURL); + } } catch (UnknownAccountException ex) { addActionError(_("Identifiant ou mot de passe invalide !")); log.warn("Unknow user account", ex); @@ -85,16 +100,8 @@ log.warn("Authentication error", ex); result = input(); } - - SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(request); - if (savedRequest != null) { // can be - response.sendRedirect(savedRequest.getRequestUrl()); - } } return result; } - - - }