Dong Shin 12.05.2014

  • Web Development Using Spring and AngularJS Tutorials – very long and helpful!
    • Spring, Hibernate, Spring Security
    • grunt (watch), ng-boilerplate, ui-router(state changes), ngroute, ng-resource, build
    • getting the master example/tutorial to work – maven project!
      1. dependencies
        • <dependency>
          <groupId>org.springframework.security</groupId>
          <artifactId>spring-security-web</artifactId>
          <version>3.2.5.RELEASE</version>
          </dependency>
          <dependency>
          <groupId>org.springframework.security</groupId>
          <artifactId>spring-security-config</artifactId>
          <version>3.2.5.RELEASE</version>
          </dependency>
          <dependency>
          <groupId>org.aspectj</groupId>
          <artifactId>aspectjweaver</artifactId>
          <version>1.7.4</version>
          </dependency>
        •  Screenshot 2014-12-05 18.40.47
      2. add component scan to business-config.xml – tutorial.core.security
      3. create tutorial.core.security.SecurityWebAppInitializer class
      4. create tutorial.core.security.SecurityConfig class
        • @Configuration, @EnableWebSecurity
        • configAuthBuilder() – where the authentication happens!
      5. create tutorial.core.security.AuthFailure class to return response.setStatus(HttpServletResponse.SC_UNAUTHORIZED)
      6. create tutorial.core.security.AuthSucess to return response.setStatus(HttpServletResponse.SC_OK)
      7. add AuthFailure and AuthSuccess to SecurityConfig (@Autowired)
      8. add configure() method to SecurityConfig – configuation
        • add AuthFailure and AuthSuccess
        • JSESSIONID will be added to client – expires after 30min
      9. tutorial.core.security.EntryPointUnauthorizedHandler class
        1. add commence method
      10. add EntryPointUnauthorizedHandler to SecurityConfig
      11. add AccountUserDetails and UserDetailServiceImpl classes and add to configAuthBuilder() method in SecurityConfig
      12. modify sessionService, LoginCtrl in account.js
      13. use SecurityContextHolder (AccountController class) to get current user details for further processing
        1. throw Forbidden exception
      14. whitelist access –
        • security:protect-pointcut in mvc-dispacher-servlet.xml
        • @PreAuthorize(“permitAll”)
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: