Temporarily store webflow test sample in sandbox

sandbox/webflow/pom.xml

@@ -0,0 +1,108 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+<!--    
+    <parent>
+        <groupId>org.springframework.security</groupId>
+        <artifactId>spring-security-samples</artifactId>
+        <version>2.0.4-SNAPSHOT</version>
+    </parent>
+-->    
+    <groupId>org.springframework.security</groupId>
+    <artifactId>spring-security-samples-webflow</artifactId>
+    <name>Spring Security - Webflow sample</name>
+    <version>2.0.5-SNAPSHOT</version>
+    <packaging>war</packaging>
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+            <version>2.0.4</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core-tiger</artifactId>
+            <version>2.0.4</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-taglibs</artifactId>
+            <version>2.0.4</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.webflow</groupId>
+            <artifactId>org.springframework.webflow</artifactId>
+            <version>2.0.3.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>ognl</groupId>
+            <artifactId>ognl</artifactId>
+            <version>2.7.3</version>            
+        </dependency>        
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-web</artifactId>
+            <version>2.5.5</version>            
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-core</artifactId>
+            <version>2.5.5</version>            
+        </dependency>                
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-context</artifactId>
+            <version>2.5.5</version>            
+        </dependency>        
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-webmvc</artifactId>
+            <version>2.5.5</version>            
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <scope>provided</scope>
+            <version>2.4</version>
+        </dependency>
+        <dependency>
+            <groupId>org.freemarker</groupId>
+            <artifactId>freemarker</artifactId>
+            <scope>runtime</scope>
+            <version>2.3.12</version>
+        </dependency>
+        <dependency>
+            <groupId>log4j</groupId>
+            <artifactId>log4j</artifactId>
+            <scope>runtime</scope>
+            <version>1.2.14</version>
+        </dependency>        
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>1.5</source>
+                    <target>1.5</target>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.mortbay.jetty</groupId>
+                <artifactId>maven-jetty-plugin</artifactId>
+                <version>6.1.7</version>
+                <configuration>
+                    <contextPath>/webflow</contextPath>
+                    <connectors>
+                        <connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
+                            <port>8080</port>
+                            <confidentialPort>8443</confidentialPort>
+                        </connector>
+                    </connectors>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

sandbox/webflow/src/main/resources/applicationContext-business.xml

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:security="http://www.springframework.org/schema/security"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<bean id="bankDao" class="bigbank.BankDaoStub"/>
+
+	<bean id="seedData" class="bigbank.SeedData">
+		<property name="bankDao" ref="bankDao"/>
+	</bean>
+
+	<bean id="bankService" class="bigbank.BankServiceImpl">
+		<constructor-arg ref="bankDao"/>
+        <!-- This will add a security interceptor to the bean
+        <security:intercept-methods>
+            <security:protect method="bigbank.BankService.*" access="IS_AUTHENTICATED_REMEMBERED" />
+            <security:protect method="bigbank.BankService.post" access="ROLE_TELLER" />
+        </security:intercept-methods>  -->
+	</bean>
+
+</beans>

sandbox/webflow/src/main/webapp/META-INF/MANIFEST.MF

@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+

sandbox/webflow/src/main/webapp/WEB-INF/classes/log4j.properties

@@ -0,0 +1,18 @@
+# Global logging configuration
+log4j.rootLogger=DEBUG, stdout, fileout
+
+log4j.logger.org.springframework.security=DEBUG, stdout, fileout
+
+# Console output...
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.conversionPattern=[%p,%c{1},%t] %m%n
+
+# Rolling log file output...
+log4j.appender.fileout=org.apache.log4j.RollingFileAppender
+log4j.appender.fileout.File=spring-security-tutorial.log
+#log4j.appender.fileout.File=${webapp.root}/WEB-INF/log4j.log
+log4j.appender.fileout.MaxFileSize=1024KB
+log4j.appender.fileout.MaxBackupIndex=1
+log4j.appender.fileout.layout=org.apache.log4j.PatternLayout
+log4j.appender.fileout.layout.conversionPattern=%d{ABSOLUTE} %5p %c{1},%t:%L - %m%n

sandbox/webflow/src/main/webapp/WEB-INF/freemarker/form.ftl

@@ -0,0 +1,13 @@
+
+<html>
+	<head>
+        <title>Form</title>
+	</head>
+	<body>
+
+    <form action="secure">
+        <input name="x" value='${x!"change me"}' type="text"/> <br/>
+        <input  type='submit' value='submit' />
+    </form>
+    </body>
+</html>

sandbox/webflow/src/main/webapp/WEB-INF/freemarker/login.ftl

@@ -0,0 +1,22 @@
+<html>
+  <head>
+    <title>Spring Security Login</title>
+  </head>
+
+  <body onload="document.f.j_username.focus();">
+    <h1>Spring Security Login (Freemarker)</h1>
+
+    <form name="f" action="authenticate" method="POST">
+      <table>
+        <tr><td>User:</td><td><input type='text' name='j_username' value=''/></td></tr>
+        <tr><td>Password:</td><td><input type='password' name='j_password' value=''/></td></tr>
+        <tr><td><input type="checkbox" name="_spring_security_remember_me"/></td><td>Don't ask for my password for two weeks</td></tr>
+
+        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
+        <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
+      </table>
+
+    </form>
+
+  </body>
+</html>

sandbox/webflow/src/main/webapp/WEB-INF/jsp/listAccounts.jsp

@@ -0,0 +1,27 @@
+<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core_rt"%>
+
+<h1>Accounts</h1>
+
+<a href="index.jsp">Home3</a><br><br>
+
+<table>
+<c:forEach var="account" items="${accounts}">
+  <tr>
+  <td>
+      <c:out value="${account.id}"/>
+  </td>
+  <td>
+      <c:out value="${account.holder}"/>
+  </td>
+  <td>
+      <c:out value="${account.balance}"/>
+  </td>
+  <td>
+      <a href="post.html?id=<c:out value="${account.id}"/>&amount=-20.00">-$20</a>
+      <a href="post.html?id=<c:out value="${account.id}"/>&amount=-5.00">-$5</a>
+      <a href="post.html?id=<c:out value="${account.id}"/>&amount=5.00">+$5</a>
+      <a href="post.html?id=<c:out value="${account.id}"/>&amount=20.00">+$20</a>
+  </td>
+  </tr>
+</c:forEach>
+</table>

sandbox/webflow/src/main/webapp/WEB-INF/secure.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<flow xmlns="http://www.springframework.org/schema/webflow"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
+
+	<secured attributes="ROLE_USER" />
+	
+	<input name="x"/>
+	
+	<view-state id="form">
+		<transition on="submit" to="finish" />
+	</view-state>
+	
+	<end-state id="finish">
+	    <output name="x"/>
+	</end-state>
+
+			
+</flow>

sandbox/webflow/src/main/webapp/WEB-INF/security-config.xml

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:security="http://www.springframework.org/schema/security"
+       xsi:schemaLocation="
+           http://www.springframework.org/schema/beans
+           http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
+           http://www.springframework.org/schema/security
+           http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
+
+	<!-- Configure Spring Security -->
+	<security:http auto-config="true">
+		<security:form-login login-page="/app/login" login-processing-url="/app/authenticate" authentication-failure-url="/app/login?login_error=1" />
+		<security:logout logout-url="/app/logout" />
+	</security:http>
+	
+	<!--
+		Define local authentication provider, a real app would use an external provider (JDBC, LDAP, CAS, etc)
+		
+		usernames/passwords are:
+			keith/melbourne
+			erwin/leuven
+			jeremy/atlanta
+			scott/rochester
+	-->
+	<security:authentication-provider>
+		<security:password-encoder hash="md5" />
+		<security:user-service>
+			<security:user name="keith" password="417c7382b16c395bc25b5da1398cf076" authorities="ROLE_USER, ROLE_SUPERVISOR" />
+			<security:user name="erwin" password="12430911a8af075c6f41c6976af22b09" authorities="ROLE_USER, ROLE_SUPERVISOR" />
+			<security:user name="jeremy" password="57c6cbff0d421449be820763f03139eb" authorities="ROLE_USER" />
+			<security:user name="scott" password="942f2339bf50796de535a384f0d1af3e" authorities="ROLE_USER" />
+		</security:user-service>
+	</security:authentication-provider>
+	
+</beans>

sandbox/webflow/src/main/webapp/WEB-INF/web.xml

@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  - Tutorial web application
+  -
+  - $Id: web.xml 2995 2008-04-24 00:27:37Z luke_t $
+  -->
+
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
+
+    <display-name>Spring Security Tutorial Application</display-name>
+    
+    <!--
+	  - Location of the XML file that defines the root application context
+	  - Applied by ContextLoaderListener.
+	  -->
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>
+			/WEB-INF/security-config.xml
+		</param-value>
+	</context-param>
+	
+    <context-param>
+        <param-name>log4jConfigLocation</param-name>
+        <param-value>/WEB-INF/classes/log4j.properties</param-value>
+    </context-param>	
+
+    <filter>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+    </filter>
+
+    <filter-mapping>
+      <filter-name>springSecurityFilterChain</filter-name>
+      <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+	<!--
+	  - Loads the root application context of this web app at startup.
+	  - The application context is then available via
+	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+    -->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
+
+	<!--
+	  - Publishes events for session creation and destruction through the application
+	  - context. Optional unless concurrent session control is being used.
+      -->
+    <listener>
+      <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
+    </listener>
+    
+    <listener>
+        <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
+    </listener>    
+
+  <!--
+	- Provides core MVC application controller. See contacts-servlet.xml.
+    -->
+	<servlet>
+		<servlet-name>webflow</servlet-name>
+		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+		<load-on-startup>1</load-on-startup>
+	</servlet>
+
+	<servlet-mapping>
+    	<servlet-name>webflow</servlet-name>
+    	<url-pattern>/app/*</url-pattern>
+ 	</servlet-mapping>
+
+</web-app>

sandbox/webflow/src/main/webapp/WEB-INF/webflow-servlet.xml

@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:webflow="http://www.springframework.org/schema/webflow-config"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
+        http://www.springframework.org/schema/webflow-config
+        http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd">
+
+	<bean class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
+		<property name="mappings">
+		    <value>
+	            /secure=flowController
+		    </value>
+		</property>		    
+		<property name="defaultHandler">
+			<bean class="org.springframework.web.servlet.mvc.UrlFilenameViewController" />
+		</property>
+	</bean>
+
+	<bean id="freemarkerConfig" class="org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer">
+	  <property name="templateLoaderPath" value="/WEB-INF/freemarker/"/>
+	</bean>
+
+	<bean id="viewResolver" class="org.springframework.web.servlet.view.freemarker.FreeMarkerViewResolver">
+		<property name="prefix" value=""/>
+		<property name="suffix" value=".ftl"/>
+	</bean>
+	
+	<bean class="org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter" />
+
+    <bean id="flowController" class="org.springframework.webflow.mvc.servlet.FlowController">
+        <property name="flowExecutor" ref="flowExecutor"/>
+    </bean>
+
+	<!-- Executes flows: the entry point into the Spring Web Flow system -->
+	<webflow:flow-executor id="flowExecutor">
+		<webflow:flow-execution-listeners>
+			<webflow:listener ref="securityFlowExecutionListener" />
+		</webflow:flow-execution-listeners>
+	</webflow:flow-executor>
+	
+	<!-- The registry of executable flow definitions -->
+	<webflow:flow-registry id="flowRegistry" flow-builder-services="flowBuilderServices">
+		<webflow:flow-location id="secure" path="/WEB-INF/secure.xml" />
+	</webflow:flow-registry>
+		
+	<!-- Plugs in a custom creator for Web Flow views -->
+	<webflow:flow-builder-services id="flowBuilderServices" view-factory-creator="mvcViewFactoryCreator" />
+
+	<bean id="mvcViewFactoryCreator" class="org.springframework.webflow.mvc.builder.MvcViewFactoryCreator"> 
+		<property name="viewResolvers" ref="viewResolver"/> 
+	</bean>
+
+	<bean id="securityFlowExecutionListener" class="org.springframework.webflow.security.SecurityFlowExecutionListener" />
+
+</beans>

sandbox/webflow/src/main/webapp/index.html

@@ -0,0 +1 @@
+Hi. I'm the index.

sandbox/webflow/src/main/webapp/secure/extreme/index.jsp

@@ -0,0 +1,15 @@
+<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags" %>
+
+<html>
+<body>
+<h1>VERY Secure Page</h1>
+This is a protected page. You can only see me if you are a supervisor.
+
+<authz:authorize ifAllGranted="ROLE_SUPERVISOR">
+   You have "ROLE_SUPERVISOR" (this text is surrounded by &lt;authz:authorize&gt; tags).
+</authz:authorize>
+
+<p><a href="../../">Home</a>
+<p><a href="../../j_spring_security_logout">Logout</a>
+</body>
+</html>

sandbox/webflow/src/main/webapp/secure/index.jsp

@@ -0,0 +1,36 @@
+<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
+
+<html>
+<body>
+<h1>Secure Page</h1>
+<p>
+This is a protected page. You can get to me if you've been remembered,
+or if you've authenticated this session.
+</p>
+
+<sec:authorize ifAllGranted="ROLE_SUPERVISOR">
+	You are a supervisor! You can therefore see the <a href="extreme/index.jsp">extremely secure page</a>.<br/><br/>
+</sec:authorize>
+
+<h3>Properties obtained using &lt;sec:authentication /&gt; tag</h3>
+<table border="1">
+<tr><th>Tag</th><th>Value</th></tr>
+<tr>
+<td>&lt;sec:authentication property='name' /&gt;</td><td><sec:authentication property="name"/></td>
+</tr>
+<tr>
+<td>&lt;sec:authentication property='principal.username' /&gt;</td><td><sec:authentication property="principal.username"/></td>
+</tr>
+<tr>
+<td>&lt;sec:authentication property='principal.enabled' /&gt;</td><td><sec:authentication property="principal.enabled"/></td>
+</tr>
+<tr>
+<td>&lt;sec:authentication property='principal.accountNonLocked' /&gt;</td><td><sec:authentication property="principal.accountNonLocked"/></td>
+</tr>
+</table>
+
+
+<p><a href="../">Home</a>
+<p><a href="../j_spring_security_logout">Logout</a>
+</body>
+</html>