Enhance tutorial to also demonstrate Spring Security method

authorization, and add a services layer accordingly.

samples/tutorial/pom.xml

@@ -11,15 +11,25 @@
     <name>Spring Security - Tutorial sample</name>
     <packaging>war</packaging>
     <dependencies>
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-core</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-web</artifactId>
-        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core-tiger</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-webmvc</artifactId>
+	        <version>${spring.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-jdbc</artifactId>

samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security-ns.xml

@@ -12,9 +12,15 @@
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
 
+	<annotation-driven/>
+
     <http auto-config="true">
         <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
         <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
+		<!-- Disable web URI authorization, as we're using <annotation-driven> and have @Secured the services layer instead
+        <intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />
+        <intercept-url pattern="/post.html" access="ROLE_TELLER" /> 
+        -->
         <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
 
 		<!-- All of this is unnecessary if auto-config="true"
@@ -32,8 +38,8 @@
 
 	<repository>
 	    <user-service hash="md5-hex">
-	        <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR,ROLE_USER" /> <!--  koala -->
-	        <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER" /> <!--  emu -->
+	        <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR,ROLE_USER,ROLE_TELLER" /> <!--  koala -->
+	        <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" /> <!--  emu -->
 	        <user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" /> <!--  wombat -->
 	        <user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" /> <!--  opal -->
 	    </user-service>

samples/tutorial/src/main/webapp/WEB-INF/web.xml

@@ -11,7 +11,7 @@
 
 <web-app>
 
-    <display-name>Acegi Security Tutorial Application</display-name>
+    <display-name>Spring Security Tutorial Application</display-name>
 
 	<!--
 	  - Location of the XML file that defines the root application context
@@ -20,6 +20,7 @@
 	<context-param>
 		<param-name>contextConfigLocation</param-name>
 		<param-value>
+			classpath:applicationContext-business.xml
 			/WEB-INF/applicationContext-security-ns.xml
 		</param-value>
 	</context-param>
@@ -50,6 +51,20 @@
     <listener>
       <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
     </listener>
+
+  <!--
+	- Provides core MVC application controller. See contacts-servlet.xml.
+    -->
+	<servlet>
+		<servlet-name>bank</servlet-name>
+		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+		<load-on-startup>1</load-on-startup>
+	</servlet>
+
+	<servlet-mapping>
+    	<servlet-name>bank</servlet-name>
+    	<url-pattern>*.html</url-pattern>
+ 	</servlet-mapping>
 
      <welcome-file-list>
 		<welcome-file>index.jsp</welcome-file>

samples/tutorial/src/main/webapp/index.jsp

@@ -3,6 +3,9 @@
 <h1>Home Page</h1>
 Anyone can view this page.<br><br>
 
+If you're logged in, you can <a href="listAccounts.html">list accounts</a>.<br><br>
+
+
 Your principal object is....: <%= request.getUserPrincipal() %><br><br>
 
 <p><a href="secure/index.jsp">Secure page</a>