Sealyu

--- 博客已迁移至: http://www.sealyu.com/blog

  BlogJava :: 首页 :: 新随笔 :: 联系 :: 聚合  :: 管理 ::
  618 随笔 :: 87 文章 :: 225 评论 :: 0 Trackbacks

After given a demo to the customer, they wished to modify the specification so that after login, the page always shows the name of the user logged in. Also they would prefer if the navigation was customized to the type of user that has logged in. e.g. standard users with ROLE_USER should not see the link to the admin page on the common navigation.

The specification has been updated as follows:

User Story 7: Create common navigation that all secure pages will contain.
Note: There will be links to home, admin pages and a logout link.
Note: only admin users should see the admin link on the common navigation.

User Story 10: A common information bar should exist on all secure pages that displays whether the user is logged in or not.

The solution

To customize the common navigation per user role type and display the logged in username, we are going to use spring security’s tag libs, specifically the authorize and authentication tags.

Add spring security taglibs as dependency

Add spring-security-taglibs-2.0.4.jar to our WAR projects lib folder.

The implementation

The first step is to update our acceptance tests that verify behavior on the common navigation:

@Test
public void shouldNotBeAbleToSeeAdminLinkOnCommonNavigationWhenNotLoggedInAsStandardUser() {

driver.get("http://localhost:8080/springsecuritywebapp/home.htm");
login(driver);

// verify
assertThat(driver.getTitle(),
is("Home: Spring Security Web Application"));

try {
driver.findElement(By.linkText("Admin"));
fail("should not be able to see a link to admin page when logged in as standard user");
} catch (final NoSuchElementException e) {
assertNotNull(e);
}

}

@Test
public void shouldBeAbleToViewUsernameOfUserOnAdminPageWhenSuccessfullyAuthenticated() {
loginAsUser(driver, withAdminRole());

// state verification
assertThat(driver.getTitle(),
is("Admin: Spring Security Web Application"));
assertThat(driver.findElement(By.id("loginstatus")).getText(),
containsString("Logged in as: admin"));

}

@Test
public void shouldBeAbleToViewUsernameOfUserOnHomePageWhenSuccessfullyAuthenticated() {
login(driver);

// state verification
assertThat(driver.getTitle(),
is("Home: Spring Security Web Application"));
assertThat(driver.findElement(By.id("loginstatus")).getText(),
containsString("Logged in as: username"));

}

Next step is to create a userinfobar.jsp file that will be included in each secure page:

<span id="loginstatus">Logged in as: <security:authentication property="principal.username"/>
</span>

<br />

Things to note:

  1. we are using the authentication tag from spring security’s tag libs (which will be included at top of each jsp that includes this file)

Next this should be included in the home.jsp and admin.jsp pages. Here is home.jsp:

<%@ page session="true"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
<%@ taglib prefix='security' uri='http://www.springframework.org/security/tags' %>
<html>

<head>
<title>Home: Spring Security Web Application</title>

</head>

<body>

<%@ include file="/WEB-INF/jsp/navigation.jsp" %>
<%@ include file="/WEB-INF/jsp/userinfobar.jsp"%>

home page: only logged in users should see this page.

</body>

</html>

Things to note:

  1. The spring security tablib is included at top of page
  2. The userinfobar.jsp file is included so will display username of logged in users.

Build, deploy and run all acceptance tests.

Getting the code

The code for this part is tagged and available for viewing online at: http://code.google.com/p/spring-security-series/source/browse/#svn/tags/SpringSecuritySeriesWAR-Part8

SVN Url: https://spring-security-series.googlecode.com/svn/tags/SpringSecuritySeriesWAR-Part8

posted on 2009-12-24 17:01 seal 阅读(370) 评论(0)  编辑  收藏 所属分类: Spring

只有注册用户登录后才能发表评论。


网站导航: