From dd57224ab51cc377dd7dfb34487f95f16895baaf Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Thu, 19 Nov 2009 17:26:28 +0000
Subject: [PATCH] Introduce form login

git-svn-id: https://svn.argeo.org/commons/trunk@3116 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 .../META-INF/MANIFEST.MF                      |   4 +-
 .../WEB-INF/security.xml                      |  39 +-
 .../security/mvc/UsersRolesController.java    |  26 +-
 .../META-INF/MANIFEST.MF                      |   3 +-
 .../WEB-INF/applicationContext.xml            |   1 +
 .../WEB-INF/web-orig.xml                      | 381 ++++++++++++++++++
 6 files changed, 429 insertions(+), 25 deletions(-)
 create mode 100644 server/modules/org.argeo.server.jackrabbit.webapp/WEB-INF/web-orig.xml

diff --git a/security/modules/org.argeo.security.webapp/META-INF/MANIFEST.MF b/security/modules/org.argeo.security.webapp/META-INF/MANIFEST.MF
index 50e07d832..4df4ae832 100644
--- a/security/modules/org.argeo.security.webapp/META-INF/MANIFEST.MF
+++ b/security/modules/org.argeo.security.webapp/META-INF/MANIFEST.MF
@@ -1,5 +1,6 @@
 Bundle-SymbolicName: org.argeo.security.webapp
 Bundle-Version: 0.1.2.SNAPSHOT
+Web-ContextPath: org.argeo.security.webapp
 Import-Package: javax.servlet,
  javax.servlet.http,
  javax.servlet.resources,
@@ -10,8 +11,9 @@ Import-Package: javax.servlet,
  org.springframework.ldap.core.support,
  org.springframework.osgi.web.context.support,
  org.springframework.security,
+ org.springframework.security.config,
+ org.springframework.security.ui.webapp,
  org.springframework.web.context,
  org.springframework.web.context.support,
  org.springframework.web.filter,
  org.springframework.web.servlet
-Web-ContextPath: org.argeo.security.webapp
diff --git a/security/modules/org.argeo.security.webapp/WEB-INF/security.xml b/security/modules/org.argeo.security.webapp/WEB-INF/security.xml
index 7b9bc9d80..3ae36186f 100644
--- a/security/modules/org.argeo.security.webapp/WEB-INF/security.xml
+++ b/security/modules/org.argeo.security.webapp/WEB-INF/security.xml
@@ -1,12 +1,31 @@
-<beans:beans xmlns="http://www.springframework.org/schema/security"
-	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
-              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="
+       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
+       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
 
-	<http realm="User Interface">
-		<intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN" />
-		<http-basic />
-		<anonymous />
-	</http>
+	<bean id="authenticationProcessingFilterEntryPoint"
+		class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+		<property name="loginFormUrl" value="/getCredentials.security" />
+		<property name="forceHttps" value="false" />
+	</bean>
 
-</beans:beans>
+	<security:http entry-point-ref="authenticationProcessingFilterEntryPoint">
+		<security:intercept-url pattern="/**"
+			access="ROLE_USER,ROLE_ADMIN" />
+		<security:logout logout-url="/logout.ria" />
+	</security:http>
+
+	<bean id="authenticationProcessingFilter"
+		class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
+		<security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
+		<property name="authenticationManager" ref="_authenticationManager" />
+		<property name="authenticationFailureUrl" value="/getCredentials.security" />
+		<property name="defaultTargetUrl" value="/getCredentials.security" />
+		<property name="filterProcessesUrl" value="/login.ria" />
+		<property name="usernameParameter" value="username" />
+		<property name="passwordParameter" value="password" />
+	</bean>
+</beans>
\ No newline at end of file
diff --git a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
index 662c20fb3..8f096937f 100644
--- a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
+++ b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
@@ -32,19 +32,19 @@ public class UsersRolesController implements MvcConstants {
 		return securityService.getSecurityDao().getCurrentUser();
 	}
 
-	@RequestMapping("/login.security")
-	@ModelAttribute(ANSWER_MODEL_KEY)
-	public ArgeoUser login(@RequestParam("username") String username,
-			@RequestParam("password") String password) {
-		//SecurityContextHolder.getContext().getAuthentication().
-		return securityService.getSecurityDao().getCurrentUser();
-	}
-
-	@RequestMapping("/logout.security")
-	@ModelAttribute(ANSWER_MODEL_KEY)
-	public ServerAnswer logout() {
-		return ServerAnswer.ok("Logged out");
-	}
+//	@RequestMapping("/login.security")
+//	@ModelAttribute(ANSWER_MODEL_KEY)
+//	public ArgeoUser login(@RequestParam("username") String username,
+//			@RequestParam("password") String password) {
+//		//SecurityContextHolder.getContext().getAuthentication().
+//		return securityService.getSecurityDao().getCurrentUser();
+//	}
+//
+//	@RequestMapping("/logout.security")
+//	@ModelAttribute(ANSWER_MODEL_KEY)
+//	public ServerAnswer logout() {
+//		return ServerAnswer.ok("Logged out");
+//	}
 
 	@RequestMapping("/getUsersList.security")
 	@ModelAttribute(ANSWER_MODEL_KEY)
diff --git a/server/modules/org.argeo.server.catalina/META-INF/MANIFEST.MF b/server/modules/org.argeo.server.catalina/META-INF/MANIFEST.MF
index 90b6df90d..7313b4b36 100644
--- a/server/modules/org.argeo.server.catalina/META-INF/MANIFEST.MF
+++ b/server/modules/org.argeo.server.catalina/META-INF/MANIFEST.MF
@@ -8,4 +8,5 @@ Import-Package: org.springframework.security;resolution:=optional,
  org.springframework.security.ui;resolution:=optional,
  org.springframework.security.ui.savedrequest;resolution:=optional,
  org.springframework.security.userdetails;resolution:=optional,
- org.springframework.security.context;resolution:=optional
+ org.springframework.security.context;resolution:=optional,
+ org.argeo.security.core;resolution:=optional
diff --git a/server/modules/org.argeo.server.jackrabbit.webapp/WEB-INF/applicationContext.xml b/server/modules/org.argeo.server.jackrabbit.webapp/WEB-INF/applicationContext.xml
index 39d17be83..d2403d92b 100644
--- a/server/modules/org.argeo.server.jackrabbit.webapp/WEB-INF/applicationContext.xml
+++ b/server/modules/org.argeo.server.jackrabbit.webapp/WEB-INF/applicationContext.xml
@@ -9,4 +9,5 @@
 
 	<import resource="osgi.xml" />
 
+	<bean class="org.apache.jackrabbit.j2ee.SimpleWebdavServlet"></bean>
 </beans>
\ No newline at end of file
diff --git a/server/modules/org.argeo.server.jackrabbit.webapp/WEB-INF/web-orig.xml b/server/modules/org.argeo.server.jackrabbit.webapp/WEB-INF/web-orig.xml
new file mode 100644
index 000000000..a8e5fdd8f
--- /dev/null
+++ b/server/modules/org.argeo.server.jackrabbit.webapp/WEB-INF/web-orig.xml
@@ -0,0 +1,381 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+  -->
+
+<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
+<web-app>
+    <display-name>Jackrabbit JCR Server</display-name>
+
+    <!-- ====================================================================== -->
+    <!-- L O G G I N G   S E R V L E T                                          -->
+    <!-- ====================================================================== -->
+    
+    <!-- mbaudier
+    <servlet>
+        <servlet-name>Logging</servlet-name>
+        <description>The logging servlet configures the Log4J logging facility.</description>
+        <servlet-class>org.apache.jackrabbit.j2ee.LoggingServlet</servlet-class>
+
+        <init-param>
+            <param-name>log4j-config</param-name>
+            <param-value>/WEB-INF/log4j.xml</param-value>
+            <description>initial log4j configuration</description>
+        </init-param>
+
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+ -->
+    <!-- ====================================================================== -->
+    <!-- R E P O S I T O R Y   S T A R T U P  S E R V L E T                     -->
+    <!-- ====================================================================== -->
+    <!-- mbaudier
+    <servlet>
+        <servlet-name>RepositoryStartup</servlet-name>
+        <description>
+            Repository servlet that starts the repository and registers it to JNDI ans RMI.
+            If you already have the repository registered in this appservers JNDI context,
+            or if its accessible via RMI, you do not need to use this servlet.
+        </description>
+        <servlet-class>org.apache.jackrabbit.j2ee.RepositoryStartupServlet</servlet-class>
+
+        <init-param>
+            <param-name>bootstrap-config</param-name>
+            <param-value>jackrabbit/bootstrap.properties</param-value>
+            <description>
+                Property file that hold the same initialization properties than
+                the init-params below. If a parameter is specified in both
+                places the one in the bootstrap-config wins.
+            </description>
+        </init-param>
+ -->
+        <!--
+        <init-param>
+            <param-name>repository-config</param-name>
+            <param-value>/WEB-INF/repository/repository.xml</param-value>
+            <description>the repository config location</description>
+        </init-param>
+
+        <init-param>
+            <param-name>repository-home</param-name>
+            <param-value>jackrabbit/repository</param-value>
+            <description>the repository home</description>
+        </init-param>
+
+        <init-param>
+            <param-name>repository-name</param-name>
+            <param-value>jackrabbit.repository</param-value>
+            <description>Repository Name under which the repository is registered via JNDI/RMI</description>
+        </init-param>
+        -->
+
+        <!--
+            the following 3 parameters deal with registering the repository to
+            a RMI registry. if all parameters are omitted, the repository will
+            not be registered.
+        -->
+        <!--
+        <init-param>
+            <param-name>rmi-port</param-name>
+            <param-value>0</param-value>
+            <description>
+                The RMI port for registering the repository in the RMI Registry.
+                If equals 0, the default port is used.
+            </description>
+        </init-param>
+        <init-param>
+            <param-name>rmi-host</param-name>
+            <param-value>localhost</param-value>
+            <description>
+                The RMI host for registering the repository in the RMI Registry.
+                If equals "" or missing, the default host is used.
+            </description>
+        </init-param>
+        <init-param>
+            <param-name>rmi-uri</param-name>
+            <param-value></param-value>
+            <description>
+                The RMI uri for registering the repository in the RMI Registry.
+                If missing, the uri is composed using the other rmi parameters
+                and will have the format: //{rmi-host}:{rmi-port}/{repository-name}
+            </description>
+        </init-param>
+        -->
+        <!--
+            JNDI environment variables for creating the initial context
+            (all init parameters starting with java.naming.* will be added to the initial context environment).
+        -->
+        <!--
+        <init-param>
+            <param-name>java.naming.provider.url</param-name>
+            <param-value>http://www.apache.org/jackrabbit</param-value>
+        </init-param>
+        <init-param>
+            <param-name>java.naming.factory.initial</param-name>
+            <param-value>org.apache.jackrabbit.core.jndi.provider.DummyInitialContextFactory</param-value>
+        </init-param>
+        -->
+        
+        <!-- mbaudier
+        <load-on-startup>2</load-on-startup>
+    </servlet>
+ -->
+
+    <!-- ====================================================================== -->
+    <!-- R E P O S I T O R Y   S E R V L E T                                    -->
+    <!-- ====================================================================== -->
+    <servlet>
+        <servlet-name>Repository</servlet-name>
+        <description>
+            This servlet provides other servlets and jsps a common way to access
+            the repository. The repository can be accessed via JNDI, RMI or Webdav.
+        </description>
+        <servlet-class>org.apache.jackrabbit.j2ee.RepositoryAccessServlet</servlet-class>
+
+        <init-param>
+            <param-name>bootstrap-config</param-name>
+            <param-value>jackrabbit/bootstrap.properties</param-value>
+            <description>
+                Property file that hold the same initialization properties than
+                the init-params below. If a parameter is specified in both
+                places the one in the bootstrap-config wins.
+            </description>
+        </init-param>
+        <!-- 
+        <init-param>
+          <param-name>repository.context.attribute.name</param-name>
+          <param-value>javax.jcr.Repository</param-value>
+          <description>
+            If this is set, the RepositoryAccessServlet expects a Repository in the ServletContext 
+            attribute having this name. This allows servlets of this module to be used with repositories
+            intialized by the jackrabbit-jcr-servlet module utilities.
+          </description>
+        </init-param>
+         -->
+        <!--
+        <init-param>
+            <param-name>repository-name</param-name>
+            <param-value>jackrabbit.repository</param-value>
+            <description>Repository Name that is used to retrieve it via JNDI</description>
+        </init-param>
+        -->
+        <!--
+            JNDI environment variables for creating the initial context
+            (all init parameters starting with java.naming.* will be added to the initial context environment).
+        -->
+        <!--
+        <init-param>
+            <param-name>java.naming.provider.url</param-name>
+            <param-value>http://www.apache.org/jackrabbit</param-value>
+        </init-param>
+        <init-param>
+            <param-name>java.naming.factory.initial</param-name>
+            <param-value>org.apache.jackrabbit.core.jndi.provider.DummyInitialContextFactory</param-value>
+        </init-param>
+        -->
+        <!--
+            RMI url, if RMI remoting is needed
+        -->
+        <!--
+        <init-param>
+            <param-name>rmi-uri</param-name>
+            <param-value>///jackrabbit.repository</param-value>
+            <description>The URI for the RMI connection.</description>
+        </init-param>
+        -->
+
+        <load-on-startup>3</load-on-startup>
+    </servlet>
+
+    <!-- ====================================================================== -->
+    <!-- W E B D A V  S E R V L E T                                              -->
+    <!-- ====================================================================== -->
+    <servlet>
+        <servlet-name>Webdav</servlet-name>
+        <description>
+            The webdav servlet that connects HTTP request to the repository.
+        </description>
+        <servlet-class>org.apache.jackrabbit.j2ee.SimpleWebdavServlet</servlet-class>
+
+        <init-param>
+            <param-name>resource-path-prefix</param-name>
+            <param-value>/repository</param-value>
+            <description>
+                defines the prefix for spooling resources out of the repository.
+            </description>
+        </init-param>
+        <!--
+         <init-param>
+             <param-name>missing-auth-mapping</param-name>
+             <param-value>anonymous:anonymous</param-value>
+             <description>
+                 Defines how a missing authorization header should be handled.
+                 1) If this init-param is missing, a 401 response is generated.
+                    This is suiteable for clients (eg. webdav clients) for which
+                    sending a proper authorization header is not possible if the
+                    server never sent a 401.
+                 2) If this init-param is present with an empty value,
+                    null-credentials are returned, thus forcing an null login
+                    on the repository.
+                 3) If this init-param has a 'user:password' value, the respective
+                    simple credentials are generated.
+             </description>
+         </init-param>
+         -->
+        <!--
+            Optional parameter to define the value of the 'WWW-Authenticate' header
+        -->
+        <!--
+        <init-param>
+            <param-name>authenticate-header</param-name>
+            <param-value>Basic realm="Jackrabbit Webdav Server"</param-value>
+            <description>
+                Defines the value of the 'WWW-Authenticate' header.
+            </description>
+        </init-param>
+        -->
+        <!--
+            Parameter used to configure behaviour of webdav resources such as:
+            - destinction between collections and non-collections
+            - resource filtering
+        -->
+        <init-param>
+            <param-name>resource-config</param-name>
+            <param-value>/WEB-INF/config.xml</param-value>
+            <description>
+                Defines various dav-resource configuration parameters.
+            </description>
+        </init-param>
+        <load-on-startup>4</load-on-startup>
+    </servlet>
+
+    <!-- ====================================================================== -->
+    <!-- J C R  R E M O T I N G  S E R V L E T                                  -->
+    <!-- ====================================================================== -->
+    <servlet>
+        <servlet-name>JCRWebdavServer</servlet-name>
+        <description>
+            The servlet used to remote JCR calls over HTTP.
+        </description>
+        <servlet-class>org.apache.jackrabbit.j2ee.JcrRemotingServlet</servlet-class>
+        <init-param>
+            <param-name>missing-auth-mapping</param-name>
+            <param-value></param-value>
+            <description>
+                Defines how a missing authorization header should be handled.
+                1) If this init-param is missing, a 401 response is generated.
+                This is suiteable for clients (eg. webdav clients) for which
+                sending a proper authorization header is not possible if the
+                server never sent a 401.
+                2) If this init-param is present with an empty value,
+                null-credentials are returned, thus forcing an null login
+                on the repository.
+                3) If this init-param has a 'user:password' value, the respective
+                simple credentials are generated.
+            </description>
+        </init-param>
+        <!--
+            Optional parameter to define the value of the 'WWW-Authenticate' header
+        -->
+        <!--
+        <init-param>
+            <param-name>authenticate-header</param-name>
+            <param-value>Basic realm="Jackrabbit Webdav Server"</param-value>
+            <description>
+                Defines the value of the 'WWW-Authenticate' header.
+            </description>
+        </init-param>
+        -->
+        <init-param>
+            <param-name>resource-path-prefix</param-name>
+            <param-value>/server</param-value>
+            <description>
+                defines the prefix for spooling resources out of the repository.
+            </description>
+        </init-param>
+        <!--
+            Init parameters specific for JcrRemotingServlet
+        -->
+        <!--
+        <init-param>
+            <param-name>home</param-name>
+            <param-value></param-value>
+            <description>JcrRemotingServlet: Optional home directory for JcrRemotingServlet temporary files (default: "jackrabbit")</description>
+        </init-param>
+        <init-param>
+            <param-name>temp-directory</param-name>
+            <param-value></param-value>
+            <description>JcrRemotingServlet: Optional temporary directory name (under home, default: "tmp")</description>
+        </init-param>
+        -->
+        <init-param>
+            <param-name>batchread-config</param-name>
+            <param-value>/WEB-INF/batchread.properties</param-value>
+            <description>JcrRemotingServlet: Optional mapping from node type names to default depth.</description>
+        </init-param>        
+        <load-on-startup>5</load-on-startup>
+    </servlet>
+
+    <!-- ====================================================================== -->
+    <!-- R M I   B I N D I N G   S E R V L E T                                  -->
+    <!-- ====================================================================== -->
+    <!-- mbaudier
+    <servlet>
+      <servlet-name>RMI</servlet-name>
+      <servlet-class>org.apache.jackrabbit.servlet.remote.RemoteBindingServlet</servlet-class>
+    </servlet>
+ -->
+    <!-- ====================================================================== -->
+    <!-- S E R V L E T   M A P P I N G                                          -->
+    <!-- ====================================================================== -->
+    
+    <!-- mbaudier
+    <servlet-mapping>
+        <servlet-name>RepositoryStartup</servlet-name>
+        <url-pattern>/admin/*</url-pattern>
+    </servlet-mapping>
+     -->
+    <servlet-mapping>
+        <servlet-name>Webdav</servlet-name>
+        <url-pattern>/repository/*</url-pattern>
+    </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>JCRWebdavServer</servlet-name>
+        <url-pattern>/server/*</url-pattern>
+    </servlet-mapping>
+    <!-- mbaudier
+    <servlet-mapping>
+        <servlet-name>RMI</servlet-name>
+        <url-pattern>/rmi</url-pattern>
+    </servlet-mapping>
+ -->
+    <!-- ====================================================================== -->
+    <!-- W E L C O M E   F I L E S                                              -->
+    <!-- ====================================================================== -->
+    <welcome-file-list>
+      <welcome-file>index.jsp</welcome-file>
+    </welcome-file-list>
+
+    <error-page>
+        <exception-type>org.apache.jackrabbit.j2ee.JcrApiNotFoundException</exception-type>
+        <location>/error/classpath.jsp</location>
+    </error-page>
+    <error-page>
+        <exception-type>javax.jcr.RepositoryException</exception-type>
+        <location>/error/repository.jsp</location>
+    </error-page>
+    
+</web-app>
-- 
2.30.2