I have the following user xhtml page:
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:p="http://primefaces.org/ui"
xmlns:sec="http://www.springframework.org/security/tags">
<head>
<title>User</title>
</head>
<body>
<p>User</p>
<sec:authorize access="hasRole('ROLE_ADMIN')">
<p>Only admin can see this !</p>
</sec:authorize>
</body>
</html>
But when I access to the page with a user who hasn't the role ROLE_ADMIN, he still can see the "Only admin can see this !"
EDIT:
Here is my spring security config:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.2.xsd">
<http pattern="/resources" security="none" />
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login**" access="permitAll" />
<intercept-url pattern="/denied**" access="permitAll" />
<intercept-url pattern="/user/*" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/admin/*" access="hasRole('ROLE_ADMIN')" />
<form-login login-page="/login.xhtml"
authentication-failure-url="/denied.xhtml"
authentication-success-handler-ref="securityAuthenticationSuccessHandler" />
<access-denied-handler error-page="/denied.xhtml" />
<logout logout-success-url="/login.xhtml" delete-cookies="JSESSIONID"
invalidate-session="true" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="securityProviderServiceImpl">
<password-encoder hash="md5" />
</authentication-provider>
</authentication-manager>
</beans:beans>
Is there something wrong with it?
Thank you..
EDIT 2 :
I have a warning for the security tag lib "xmlns:sec="http://www.springframework.org/security/tags""
NLS missing message: CANNOT_FIND_FACELET_TAGLIB in: org.eclipse.jst.jsf.core.validation.internal.facelet.messages
Is it important? is it the cause of the problem?
My maven security dependencies:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${org.springframework.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${org.springframework.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${org.springframework.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${org.springframework.security.version}</version>
</dependency>
Finally I solved the problem.
Here is the links which helped me a lot:
1) The answer of "Amreesh Tyagi" here How to use the Spring Security Facelets tag library in JSF.
and
2) The 3rd part (III Security tags for Facelet) of this article http://doanduyhai.wordpress.com/2012/02/26/spring-security-part-v-security-tags/
I have used the springsecurity.taglib.xml file of Amreesh Tyagi rather that the one of the article, because I had a problem whith the access function.
Adding one answer here as I had the same symptoms but found a different issue.
Our tag was not working as intended. Everyone could see the secured content.
The solution was that our XML namespace was misspelled on the page.
xmlns="http://www.sprinfgramework.org/schema/security"
This took a while to find because there was no errors produced with the misspelling (which was surprising), and it simply ignored the security tag and displayed the content it contained.
Hope this helps someone.
Related
is there any global setting in analysis services multidimensional (cubes) to auto commit transactions?
i.e.:
Step 1: A writeback statement like update cube is executed
<Header>
<BeginSession xmlns="urn:schemas-microsoft-com:xml-analysis"/>
</Header>
<Body>
<Execute xmlns="urn:schemas-microsoft-com:xml-analysis">
<Command>
<Statement xmlns="urn:schemas-microsoft-com:xml-analysis">
UPDATE CUBE [Planung] SET
([Measures].[Kg]
[Artikel].[Produkt].[1])
= 66000
</Statement>
</Command>
<Properties>
<PropertyList>
<LocaleIdentifier>1033</LocaleIdentifier>
</PropertyList>
</Properties>
</Execute>
</Body>
Step 2: I have to commit the statement using the session Id from the response
<Header>
<Session xmlns="urn:schemas-microsoft-com:xml-analysis"
SessionId="9168D94F-BD3C-4E1B-8A9E-6F05BC9B2532" />
</Header>
<Body>
<Execute xmlns="urn:schemas-microsoft-com:xml-analysis">
<Command>
<Statement xmlns="urn:schemas-microsoft-com:xml-analysis">
COMMIT
</Statement>
</Command>
<Properties>
<PropertyList>
<LocaleIdentifier>1033</LocaleIdentifier>
</PropertyList>
</Properties>
</Execute>
</Body>
I already went through many properties of my project and also through the prodiver settings but was not able to find anything helpful.
Thanks in advance.
Best regards
I have the current status of my files in the folders coloured red/brown.
I tried to follow previous discussion on stackoverflow to solve the problem but without result.
How can get rid of the red colour of the file?
What is the correct settings?
with pom.xml
> <?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<groupId>delta.project</groupId>
<artifactId>books</artifactId>
<version>1.0-SNAPSHOT</version>
<modelVersion>4.0.0</modelVersion>
<properties>
<maven.compiler.source>10</maven.compiler.source>
<maven.compiler.target>10</maven.compiler.target>
</properties>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-all</artifactId>
<version>1.9.5</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>2.4</version>
<configuration>
<archive>
<manifest>
<mainClass>app.Run</mainClass>
</manifest>
</archive>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>10</source>
<target>10</target>
</configuration>
</plugin>
</plugins>
</build>
</project>
and iml file:
<?xml version="1.0" encoding="UTF-8"?>
<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
<component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_10">
<output url="file://$MODULE_DIR$/target/classes" />
<output-test url="file://$MODULE_DIR$/target/test-classes" />
<content url="file://$MODULE_DIR$">
<sourceFolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
<sourceFolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
<sourceFolder url="file://$MODULE_DIR$/src/test/resources" type="java-test-resource" />
<sourceFolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
<excludeFolder url="file://$MODULE_DIR$/target" />
</content>
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
<orderEntry type="library" scope="TEST" name="Maven: junit:junit:4.12" level="project" />
<orderEntry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest-core:1.3" level="project" />
<orderEntry type="library" scope="TEST" name="Maven: org.mockito:mockito-all:1.9.5" level="project" />
</component>
</module>
Screenshot of my configuration of the project:
modules:
dependencies:
This is a version control feature that marks files that hasn't been staged yet this color.
To remove this behaviour go to
Settings -> Version Control -> File Status Colors
where you can set colors for all statuses or disable them by removing the checkmark from the "File status color" field.
This is because the files are not added into your version control, e.g. Git. Try to select the files, right click, and add them to version control. After that, they should turn into green.
trying to use the cxf+wss4j using maven. Created both the service and client without any compilation issues. The service runs fine in tomcat.
Issue:
When I run the client code, I get "java.lang.NoSuchMethodError: org.apache.xml.security.utils.I18n.init(Ljava/util/ResourceBundle;)V". This class is in xmlsec jar which comes along with cxf distribution.
pom.xml for service project:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>userNameTokenService</groupId>
<artifactId>userNameTokenService</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<version>1.6.15</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>3.2.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>3.2.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>3.2.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>3.2.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
<version>3.2.6.RELEASE</version>
</dependency>
</dependencies>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<configuration>
<webXml>WebContent\WEB-INF\web.xml</webXml>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>
pom.xml for client project
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>userNameTokenClient</groupId>
<artifactId>userNameTokenClient</artifactId>
<version>0.0.1-SNAPSHOT</version>
<dependencies>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<version>1.6.15</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>3.2.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>3.2.6.RELEASE</version>
</dependency>
</dependencies>
<build>
<sourceDirectory>src</sourceDirectory>
<resources>
<resource>
<directory>src</directory>
<excludes>
<exclude>**/*.java</exclude>
</excludes>
</resource>
</resources>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.0</version>
<configuration>
<source>1.6</source>
<target>1.6</target>
</configuration>
</plugin>
</plugins>
</build>
</project>
Edit:
Using wss4j to try out user name token, client code:
public static void main(String[] args) {
ApplicationContext context = new ClassPathXmlApplicationContext("spring-context.xml");
HelloWorld helloworld= (HelloWorld) context.getBean("helloClient");
HelloRequest hreq = new HelloRequest();
hreq.setRequestMsg("This is client");
HelloResponse hres = helloworld.sayHello(hreq);
System.out.println(hres.getResponseMsg());
}
client wss4j config:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<bean id="logInBound" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean id="logOutBound" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
<jaxws:client id="helloClient" serviceClass="com.ddmwsst.helloworld.HelloWorld"
address="http://localhost:8080/userNameTokenService/services/HelloWorld">
<jaxws:inInterceptors>
<ref bean="logInBound" />
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<ref bean="logOutBound" />
<ref bean="outbound-security" />
</jaxws:outInterceptors>
</jaxws:client>
<!-- WSS4JOutInterceptor for incorporating a UsernameToken in a SOAP -->
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
id="outbound-security">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="user" value="dummy" />
<!--entry key="passwordType" value="PasswordText"/ -->
<entry key="passwordCallbackClass" value="client.ClientPasswordCallback" />
</map>
</constructor-arg>
</bean>
</beans>
service wss4j config:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<bean id="logInBound" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean id="logOutBound" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
<!-- WSS4JInInterceptor for processing a UsernameToken from the SOAP -->
<bean id="inbound-security" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<!--entry key="passwordType" value="PasswordText"/ -->
<entry key="passwordCallbackClass" value="server.ServerPasswordCallback" />
</map>
</constructor-arg>
</bean>
<jaxws:endpoint id="helloWorld" implementor="server.HelloWorldImpl"
address="/HelloWorld">
<jaxws:inInterceptors>
<ref bean="logInBound" />
<ref bean="inbound-security" />
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<ref bean="logOutBound" />
</jaxws:outInterceptors>
</jaxws:endpoint>
</beans>
CXF 3.0.0 does not work with WSS4J 1.6.15. You need to use WSS4J 2.0.0 instead.
Colm.
I too had the same issue. It resolved by using the dependency "wss4j-ws-security-common-2.0.3.jar"
For more detail on wss4j 2.0.0 migration, pl refer "http://ws.apache.org/wss4j/migration/wss4j20.html"
Had the exact same problem. In my case, upgrading to wss4j 2.x.x didn't help. I had 2 overlapping dependencies and once I removed the redundant wss4j one and only relied on spring-ws-security, everything ran fine.
The key thing is to use spring-ws-security 3.x.x and not 2.x.x. Issue was described here: https://jira.spring.io/browse/SWS-970
<dependency>
<groupId>org.springframework.ws</groupId>
<artifactId>spring-ws-security</artifactId>
<version>3.0.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<version>1.6.15</version>
I had a similar issue. It was due to multiple versions of xmlsec being brought in by maven. It was resolved by bringing in the latest version at the top level. At time of writing:
<dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
<version>2.2.0</version>
</dependency>
You can find the wss4j in another groupid in maven:
https://mvnrepository.com/artifact/org.apache.wss4j/wss4j/2.1.7
When you add the wss4j dependency make sure you add it as pom type, otherwise you will have an error. This sould be the dependency in your pom
<dependency>
<groupId>org.apache.wss4j</groupId>
<artifactId>wss4j</artifactId>
<version>2.1.7</version>
<type>pom</type>
</dependency>
Also make sure to specify the maven central repository so it can find it for sure:
<repositories>
<repository>
<id>central</id>
<url>http://central.maven.org/maven2/</url>
<releases>
<enabled>true</enabled>
</releases>
</repository>
</repositories>
Thats it.
In my app I want set set my default logo as wide logo.When user pin to start my app wide logo will be shown how to do that?
I tried to edit manifest file but every thing is fine there
<?xml version="1.0" encoding="utf-8"?>
<Package xmlns="http://schemas.microsoft.com/appx/2010/manifest" xmlns:m2="http://schemas.microsoft.com/appx/2013/manifest">
<Identity Name="eaccc03b-ad21-4762-9c73-39835d6eb23b" Publisher="CN=Admin" Version="1.0.0.0" />
<Properties>
<DisplayName>App5</DisplayName>
<PublisherDisplayName>Admin</PublisherDisplayName>
<Logo>Assets\StoreLogo.png</Logo>
</Properties>
<Prerequisites>
<OSMinVersion>6.3.0</OSMinVersion>
<OSMaxVersionTested>6.3.0</OSMaxVersionTested>
</Prerequisites>
<Resources>
<Resource Language="x-generate" />
</Resources>
<Applications>
<Application Id="App" Executable="$targetnametoken$.exe" EntryPoint="App5.App">
<m2:VisualElements DisplayName="Kids" Square150x150Logo="Assets\Logo.png" Square30x30Logo="Assets\SmallLogo.png" Description="App5" ForegroundText="light" BackgroundColor="#464646">
<m2:DefaultTile Wide310x150Logo="Assets\WideLogo.png">
<m2:ShowNameOnTiles>
<m2:ShowOn Tile="wide310x150Logo" />
</m2:ShowNameOnTiles>
</m2:DefaultTile>
<m2:SplashScreen Image="Assets\SplashScreen.png" BackgroundColor="#ffffff" />
<m2:InitialRotationPreference>
<m2:Rotation Preference="landscape" />
</m2:InitialRotationPreference>
</m2:VisualElements>
</Application>
</Applications>
<Capabilities>
<Capability Name="internetClient" />
</Capabilities>
</Package>
Just add DefaultSize property:
<m2:DefaultTile Wide310x150Logo="Assets\WideLogo.png" DefaultSize="wide310x150Logo">
...
</m2:DefaultTile>
this will make the Wide Tile as Default tile. if you want the 150*150 logo as default,just change DefaultSize as DefaultSize="square150x150Logo"
I'm struggling to get my head around the exact behaviour of exclusions in Ivy.
In the following Ivy file, why does putting commons-logging before log4j pull in javax.activation and javax.mail from log4j whereas putting it after doesn't.
<ivy-module version="2.0">
<info organisation="test" module="test" />
<configurations defaultconfmapping="default->runtime(*)" />
<dependencies>
<dependency org="log4j" name="log4j" rev="1.2.15">
<exclude org="javax.activation" />
<exclude org="javax.mail" />
</dependency>
<dependency org="commons-logging" name="commons-logging" rev="1.1" />
<exclude org="com.sun.jdmk" />
<exclude org="com.sun.jmx" />
<exclude org="javax.jms" />
</dependencies>
</ivy-module>
The activation and mail jars are dependencies of commons logging, yet you've excluded them on the log4j dependency...
When you only use a single configuration this sends a mixed message to ivy, should they be excluded or not? The following would be a lot more explicit:
<dependencies>
<dependency org="log4j" name="log4j" rev="1.2.15"/>
<dependency org="commons-logging" name="commons-logging" rev="1.1" />
<exclude org="javax.activation" />
<exclude org="javax.mail" />
<exclude org="com.sun.jdmk" />
<exclude org="com.sun.jmx" />
<exclude org="javax.jms" />
</dependencies>
It's less confusing when the excludes are set globally.
If you want to keep the dependency resolution separate then you'll need to set up more than one configuration (think of these as dependency sets):
<ivy-module version="2.0">
<info organisation="test" module="test" />
<configurations>
<conf name="log4j_deps" description="log4j dependencies"/>
<conf name="commons_deps" description="commons-logging dependencies"/>
</configurations>
<dependencies>
<dependency org="log4j" name="log4j" rev="1.2.15" conf="log4j_deps->runtime">
<exclude org="javax.activation" />
<exclude org="javax.mail" />
</dependency>
<dependency org="commons-logging" name="commons-logging" rev="1.1" conf="commons_deps->runtime"/>
<exclude org="com.sun.jdmk" />
<exclude org="com.sun.jmx" />
<exclude org="javax.jms" />
</dependencies>
</ivy-module>
Switching around the dependency tags will have no effect now, because the dependency resolution is explicit.
Log4j and its dependencies are associated with the log4j_deps configuration
commons dependencies are placed onto the commons_deps configuration.