I have spring_tiles web application and now trying to add spring security to it:
That is a peace of my TilesConfig.xml:
<definition name="loginPage" extends="commonPage">
<put-attribute name="body" value="/WEB-INF/tiles/jsp/login_body.jsp" />
</definition>
Here comes my spring mapping part:
<bean id="urlMapping"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="interceptors">
<list>
<ref bean="openSessionInViewInterceptor" />
</list>
</property>
<property name="mappings">
<props>
<prop key="/main.htm">mainController</prop>
<prop key="/category.htm">viewCategoryController</prop>
<prop key="/good.htm">goodController</prop>
<prop key="/registration.htm">registrationController</prop>
<prop key="/login.htm">?</prop>
</props>
</property>
</bean>
And here is a part from applicationContext-security.xml:
<http auto-config='true'>
<intercept-url pattern="/**" access="ROLE_USER" />
<intercept-url pattern="/css/**" filters="none"/>
<intercept-url pattern="/js/**" filters="none"/>
<intercept-url pattern="/login.htm*" filters="none"/>
<form-login login-page="/login.htm" />
</http>
But I wonder how should I set up my tiles page definition to the mapping. In all other pages I used controllers but I suppose I should not use any loginController in that case because Spring Security do that instead.
So, here is my question: how to map tiles loginPage to /login.htm within spring security?
By default, there is nothing specific in the configuration for spring security with tiles.
If the name of your login page tile is loginPage, I guess you should have something similar to the following in your applicationContext-security.xml
<intercept-url pattern="/loginPage" filters="none"/>
<form-login login-page="/loginPage" />
If you are using spring security, the login page would have a POST url, which goes to /j_spring_security_check (by default). This is the equivalent of the loginController.
Another option is to have the following controller:
@Controller
@RequestMapping("/login")
public class LoginController {
@RequestMapping(method = RequestMethod.GET)
public String login(Locale locale, Model model) {
return "login";
}
@RequestMapping(value = "/error", method = RequestMethod.GET)
public String loginWithError(Locale locale, Model model) {
model.addAttribute("error", true);
return "login";
}
}
In security-context.xml, configure form-login as follows:
<form-login login-page="/login" authentication-failure-url="/login/error" />
In views.xml declare the login view:
<definition name="login" extends="template">
<put-attribute name="title" value="Nuevo Usuario"/>
<put-attribute name="body" value="/login.jsp"/>
</definition>
finally, in login.jsp, to show the error in case there is one, use the following code:
<c:if test="${not empty error}">
<font color="red"> Error al ingresar. <br /> Motivo :
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</font>
</c:if>
I've found a way to do it. In the spring config I've added this:
<bean id="loginController"
class="org.springframework.web.servlet.mvc.ParameterizableViewController">
<property name="viewName" value="loginPage" />
</bean>
And in the mapping accordingly add that:
<prop key="/login.htm">loginController</prop>
Tiles and security configurations remained the same.
来源:https://stackoverflow.com/questions/4814023/springspring-securitytiles-how-to-set-form-login-with-tiles-page-definition