Aug 4 2010

Spring Security Minimal Setup

Sometimes you need to do a project and it doesn’t have to have the worlds best security. But rather something small that is easy to implement where you can statically add a user with roles.

So as an introduction I would like to show you the minimum to add security to a java web application.

1. Add the spring-context.xml to your WEB-INF folder.

The spring-context xml should look something like this:

<?xml version=”1.0″ encoding=”UTF-8″?>
<beans xmlns=”http://www.springframework.org/schema/beans
 xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance
 xmlns:sec=”http://www.springframework.org/schema/security
 xsi:schemaLocation=”http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
  http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd“>

 <sec:http auto-config=”true” access-denied-page=”/denied.htm”>
  <sec:intercept-url pattern=”/**” access=”ROLE_USER”/>
  <sec:concurrent-session-control max-sessions=”100″ exception-if-maximum-exceeded=”true”/>
 </sec:http>

 <sec:authentication-provider>
  <sec:user-service>
   <sec:user password=”pass” name=”user” authorities=”ROLE_USER”/>
  </sec:user-service>
 </sec:authentication-provider>
</beans>

Above you can see we have declared a user “user” with password “pass”, and this user has the authority of a “ROLE_USER”.

In the <sec section above we declare the security to filter out anything that tries to get into the root or below folders, unless the user logs in and his/her role is that of “ROLE_USER”.

2. Considering there is nothing linking or indicating to the web application that this security context even exists we shall inform the webapplication that it should use a filter for all requests. The filter will dispatch all requests to the setup spring security. To do this you should add the following lines to the web.xml file in the WEB-INF directory.

   <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
     /WEB-INF/security-context.xml
    </param-value>
  </context-param>

<filter>
 <filter-name>springSecurityFilterChain</filter-name>
 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
 <filter-name>springSecurityFilterChain</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>

3. Dont feels its odd that you have not created a login page as spring will provide a default.

That is how you add simple authentication to your application.

no comments   |  tags: , , | posted in Java Development, Software Development

Jul 22 2010

Read an Oracle Stored Procedures Cursor using Spring

I came accross the problem where hibernate is restricted in the way it can access an oracles stored procedure that returns a reference cursor. In hibernate the reference cursor should be the first parameter in the stored procedure. Now working with stored procedures writted differently you could always just extend the “org.springframework.jdbc.object.StoredProcedure” abstract class, if you are using spring that is. 

Since my blog is all about the samples here it is:


package com.bayestech.sampleprocedure; 

import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Types; 

import javax.sql.DataSource; 

import oracle.jdbc.driver.OracleTypes; 

import org.springframework.jdbc.core.RowMapper;
import org.springframework.jdbc.core.SqlOutParameter;
import org.springframework.jdbc.core.SqlParameter;
import org.springframework.jdbc.object.StoredProcedure; 

import uk.co.pruhealth.admin.communication.notificationengine.PolicyLinks; 

/**
 * This class reads a stored procedure named 'sample_procedure' which has the following usag:
 * call sample_procedure (? <= p_Number_Input, ? <= p_String_Input, ? <= p_Date, ? => Pr_Returned_Cursor, ? => Pr_Error_Code, ? => Pr_Error_Message)
 *
 *
 * @author Kevin Bayes
 *
 */
public class SampleStoredProcedure extends StoredProcedure {

 /** Name of procedure in database. */
 public static final String PROC_NAME = "sample_procedure";�
 public GetPolicyLinksStoredProcedure(DataSource ds) {
  super(ds, PROC_NAME);

  declareParameter(new SqlParameter("p_Number_Input", Types.NUMERIC));
  declareParameter(new SqlParameter("p_String_Input", Types.VARCHAR));
  declareParameter(new SqlParameter("p_Date", Types.DATE));
  declareParameter(new SqlOutParameter("Pr_Returned_Cursor", OracleTypes.CURSOR, new RowMapper() {
   public Object mapRow(ResultSet rs, int rowNum) throws SQLException {
    SampleReturnClass sampleClass = new SampleReturnClass();
    policyLink.setColumn1Name(rs.getString("COLUMN_1_NAME"));
    policyLink.setColumn2Name(rs.getString("COLUMN_2_NAME"));
    policyLink.setColumn3Name(rs.getString("COLUMN_3_NAME"));
    return sampleClass;
   }
  }));
  declareParameter(new SqlOutParameter("Pr_Error_Code", Types.NUMERIC));
  declareParameter(new SqlOutParameter("Pr_Error_Message", Types.VARCHAR));

     compile();
 }   

}

Once you have created the above class you need to execute it by setting the datasource and passing in the desired parameters like so:


public Collection getList(DataSource dataSource, Long inputNumber, String inputString, Date effectiveDate) {

	SampleStoredProcedure sampleStoredProcedure = new SampleStoredProcedure(dataSource);
	Map parameters = new HashMap();
	parameters.put("p_Number_Input", targetEntityNumber);
	parameters.put("p_String_Input", null);
	parameters.put("p_Date", effectiveDate);

       	Map m = SampleStoredProcedure.execute(parameters);
       	return (Collection) m.get("Pr_Returned_Cursor");
}

And that is all there is to it!

no comments   |  tags: , , , | posted in Software Development