I have a system that already authenticates the user, and controls access to pages that require authentication, I need to use spring security to control access to pages by user rules and to control access to certain resources, such as a user only have permission to list records and not have to delete records.
I tried to deploy a login with spring securiy and pass the responsibility of the authentication to my class that takes care of login to the system, making an implementation of the UserDetailsService, but I did not succeed.
The tutorials I found on the web address authentication and give little attention to authorization, does anyone know of an interesting link to my need?
My code looks like this:
web.xml
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces-config.xml</param-value>
</context-param>
<display-name>Ultracar Web</display-name>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<!--<context-param>
<param-name>javax.faces.FACELETS_REFRESH_PERIOD</param-name>
<param-value>-1</param-value>
</context-param>
-->
<welcome-file-list>
<welcome-file>Principal/index.xhtml</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring-security:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="Principal/index*" access="permitAll" />
<intercept-url pattern="/Principal/*" access="permitAll"/>
<form-login login-page="/Principal/index.xhtml"
default-target-url="/"
authentication-failure-url="/"/>
<logout logout-success-url="/" />
</http>
login page:
<?xml version='1.0' encoding='UTF-8' ?>
<h:head>
<link rel="SHORTCUT ICON" href="../Imagens/logo.png"/>
</h:head>
<h:body>
<ui:composition template="./../Principal/template_inicio.xhtml">
<ui:define name="content">
<div class="slider">
<div class="container" style="padding: 10px;">
<div class="col-lg-9 col-xs-9 col-sm-9">
<ui:include src="slider.xhtml"/>
</div>
<div class="col-lg-3 col-xs-3 col-sm-3" style="padding: 17px 0;background-color: #B3B3B3;">
<img class="img-responsive" style="margin: 0 auto" src="#{request.contextPath}/Imagens/logo.png" />
<h:form id="frmLogin" class="form-group" >
<div class="row">
<div class="col-lg-12 col-xs-12 col-sm-12 ">
<h:outputLabel style="color: #303030;" value="#{Utils.getStrLanguage('Usuario')}:" />
</div>
</div>
<div class="row">
<div class="col-lg-12 col-xs-12 col-sm-12">
<p:inputText value="#{MBControl.login}" required="true"
style="width: 100%;-moz-box-shadow: none !important; -webkit-box-shadow: none !important;
box-shadow: none !important; -moz-border-radius: 0 !important;
-webkit-border-radius: 0 !important; border-radius: 0 !important;"
requiredMessage="#{Utils.getStrLanguage('Usuario_requerido')}"/>
</div>
</div>
<div class="row">
<div class="col-lg-12 col-xs-12 col-sm-12">
<h:outputLabel style="color: #303030;" value="#{Utils.getStrLanguage('Senha')}:" />
</div>
</div>
<div class="row">
<div class="col-lg-12 col-xs-12 col-sm-12">
<p:password value="#{MBControl.senha}" required="true" id="txtSenha" styleClass="reset-style"
style="width: 100%;-moz-box-shadow: none !important; -webkit-box-shadow: none !important;
box-shadow: none !important; -moz-border-radius: 0 !important;
-webkit-border-radius: 0 !important; border-radius: 0 !important;"
requiredMessage="#{Utils.getStrLanguage('Senha_requerida')}"/>
</div>
</div>
<div class="row" style="margin-top: 15px;">
<div class="col-lg-4 col-xs-6 col-sm-12">
<p:commandLink id="btnLogin" styleClass="btn button-green" ajax="false" action="#{MBControl.logar()}"
update="frmLogin" value="#{Utils.getStrLanguage('Login')}" style="border-radius: 0 !important;"/>
</div>
</h:form>
</div>
</div>
</div>
</ui:define>
</ui:composition>
</h:body>
I do not know how to make spring call my login class, and then how to handle permissions through spring.
Thanks in advance for all the help