SEC-724: Create portlet sample

http://jira.springframework.org/browse/SEC-724

samples/portlet/pom.xml

@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
+                             http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.springframework.security</groupId>
+        <artifactId>spring-security-samples</artifactId>
+        <version>2.0-SNAPSHOT</version>
+    </parent>
+    <groupId>org.springframework.security</groupId>
+    <artifactId>spring-security-samples-portlet</artifactId>
+    <name>Spring Security - Portlet Sample</name>
+	<packaging>war</packaging>
+	<dependencies>
+	    <dependency>
+	        <groupId>org.springframework.security</groupId>
+	        <artifactId>spring-security-core</artifactId>
+	        <version>${project.version}</version>
+	    </dependency>
+	    <dependency>
+	        <groupId>org.springframework.security</groupId>
+	        <artifactId>spring-security-portlet</artifactId>
+	        <version>${project.version}</version>
+	    </dependency>	    	    
+		<dependency>
+			<groupId>portlet-api</groupId>
+			<artifactId>portlet-api</artifactId>
+			<version>1.0</version>
+			<scope>provided</scope>
+		</dependency>	    
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>servlet-api</artifactId>
+			<version>2.4</version>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring</artifactId>
+			<version>${spring.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-portlet</artifactId>
+			<version>${spring.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-mock</artifactId>
+			<version>${spring.version}</version>
+			<scope>test</scope>
+		</dependency>
+<!--	    
+		<dependency>
+			<groupId>org.apache.pluto</groupId>
+			<artifactId>pluto-util</artifactId>
+			<version>1.1.4</version>
+			<scope>provided</scope>
+		</dependency>
+-->		
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>jstl</artifactId>
+			<version>${jstl.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>taglibs</groupId>
+			<artifactId>standard</artifactId>
+			<version>${jstl.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.commons</groupId>
+			<artifactId>commons-io</artifactId>
+			<version>1.3.2</version>
+		</dependency>
+	</dependencies>
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-compiler-plugin</artifactId>
+				<configuration>
+					<source>1.5</source>
+					<target>1.5</target>
+				</configuration>
+			</plugin>
+<!--			<plugin>
+				<groupId>org.apache.pluto</groupId>
+				<artifactId>maven-pluto-plugin</artifactId>
+				<version>1.1.4</version>
+				<executions>
+					<execution>
+						<phase>generate-resources</phase>
+						<goals>
+							<goal>assemble</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+			<plugin>
+				<artifactId>maven-war-plugin</artifactId>
+				<configuration>
+					<webXml>
+						${project.build.directory}/pluto-resources/web.xml
+					</webXml>
+				</configuration>
+			</plugin>
+			-->
+		</plugins>
+	</build>
+</project>

samples/portlet/src/main/java/org/springframework/web/portlet/sample/SecurityContextPortlet.java

@@ -0,0 +1,41 @@
+package org.springframework.web.portlet.sample;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Date;
+
+import javax.portlet.GenericPortlet;
+import javax.portlet.PortletException;
+import javax.portlet.PortletSession;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.ui.AbstractProcessingFilter;
+
+
+/**
+ * A simple portlet which prints out the contents of the current {@link SecurityContext} 
+ *  
+ * @author Luke Taylor
+ */
+public class SecurityContextPortlet extends GenericPortlet {
+
+    public void doView(RenderRequest request, RenderResponse response) throws PortletException, IOException {
+        response.setContentType("text/html");
+        PrintWriter out = response.getWriter();
+        out.println("<h2>Security Context Display Portlet</h2>");
+        out.println("<p>");
+        out.println(new Date());
+        out.println("<p>Current Session " + request.getPortletSession().getId() + "</p>");        
+        out.println("</p>");
+        out.println("<p>The security context contains: " +
+        		SecurityContextHolder.getContext().getAuthentication() +
+        		"</p>");
+        Object lastException = request.getPortletSession().getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, PortletSession.APPLICATION_SCOPE);
+        
+        if (lastException != null) {
+        	out.println("Last Exception: " + lastException);
+        }
+    }
+}

samples/portlet/src/main/resources/applicationContext.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
+    
+
+	<!-- Message source for this context, loaded from localized "messages_xx" files -->
+	<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
+		<property name="basenames">
+			<list>
+				<value>messages</value>
+			</list>
+		</property>										
+	</bean>
+
+	<!-- Default View Resolver -->
+	<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
+		<property name="cache" value="false"/>
+		<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
+		<property name="prefix" value="/WEB-INF/jsp/"/>
+		<property name="suffix" value=".jsp"/>
+	</bean>
+
+	<!-- Abstract Default Exception Handler Bean -->
+    <bean id="defaultExceptionHandlerTemplate" class="org.springframework.web.portlet.handler.SimpleMappingExceptionResolver" abstract="true">
+		<property name="defaultErrorView" value="defError"/>
+		<property name="exceptionMappings">
+			<props>
+				<prop key="javax.portlet.PortletSecurityException">notAuthorized</prop>
+				<prop key="javax.portlet.UnavailableException">notAvailable</prop>
+			</props>
+		</property>  
+	</bean>
+
+</beans>

samples/portlet/src/main/resources/log4j.properties

@@ -0,0 +1,19 @@
+#log4j.debug=TRUE
+
+#log4j.rootLogger=FATAL, stdout
+#log4j.rootLogger=ERROR, stdout
+log4j.rootLogger=WARN, stdout
+#log4j.rootLogger=INFO, stdout
+#log4j.rootLogger=DEBUG, stdout
+
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] - <%m>%n
+
+# spring portlet mvc classes
+log4j.logger.org.springframework.web.portlet=INFO
+
+# spring portlet mvc sample classes
+log4j.logger.org.springframework.web.portlet.sample=DEBUG
+
+log4j.logger.org.springframework.security=DEBUG

samples/portlet/src/main/resources/messages.properties

@@ -0,0 +1,23 @@
+
+required=Required
+required.java.util.Date=A date of the form 'MM/dd/yyyy' is required
+
+typeMismatch=Invalid Data Entry
+typeMismatch.java.lang.Integer=Must be a number
+typeMismatch.java.util.Date=Must be of the form 'MM/dd/yyyy'
+
+button.home=Home
+button.edit=Edit
+
+exception.generalError.title=General Error
+
+exception.notAuthorized.title=Access Not Permitted
+exception.notAuthorized.message=You do not have permission to access this area.
+
+exception.notAvailable.title=Resource Not Available
+exception.notAvailable.message=That resource is not available.
+
+exception.contactAdmin=Please contact your System Administrator for assistance.
+
+portlet.exceptions.title=Sample Exceptions
+portlet.exceptions.message=This portlet lets you see what uncaught exceptions will look like in your portlet.  Select one of the exceptions below in order to throw it.

samples/portlet/src/main/resources/messages_de.properties

@@ -0,0 +1,15 @@
+
+# Apologies to those fluent in German -- these translations are straight from BabelFish and are only for demonstration purposes.
+
+exception.generalError.title=Allgemeine Störung
+
+exception.notAuthorized.title=Zugang Nicht Die Erlaubnis Gehabt
+exception.notAuthorized.message=Sie haben nicht Erlaubnis, diesen Bereich zugänglich zu machen.
+
+exception.notAvailable.title=Hilfsmittel Nicht Vorhanden
+exception.notAvailable.message=Dieses Hilfsmittel ist nicht vorhanden.
+
+exception.contactAdmin=Treten Sie bitte mit Ihrem Systemverwalter für Unterstützung in Verbindung.
+
+portlet.exceptions.title=Beispielausnahmen
+portlet.exceptions.message=Dieses portlet läßt Sie sehen, welche uncaught Ausnahmen wie in Ihrem portlet aussehen. Wählen Sie eine der Ausnahmen unten vor, um sie zu werfen.

samples/portlet/src/main/resources/portlet/securityContextPortlet.xml

@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:sec="http://www.springframework.org/schema/security"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+    
+    <bean id="simplePortletHandlerAdapter" class="org.springframework.web.portlet.handler.SimplePortletHandlerAdapter"/>
+    <bean id="simplePortletPostProcessor" class="org.springframework.web.portlet.handler.SimplePortletPostProcessor"/>    
+    <bean id="springSecurityPortlet" class="org.springframework.web.portlet.sample.SecurityContextPortlet"/>    
+
+    <!-- Handler Mapping -->
+    
+    <bean id="portletModeHandlerMapping" class="org.springframework.web.portlet.handler.PortletModeHandlerMapping">
+        <property name="interceptors">
+            <list>
+                <ref bean="portletContextIntegrationInterceptor"/>
+                <ref bean="portletAuthenticationInterceptor"/>
+            </list>            
+        </property>
+        <property name="portletModeMap">
+            <map>
+                <entry key="view" value-ref="springSecurityPortlet"/>
+            </map>
+        </property>
+    </bean>
+    
+    <!-- Exceptions Handler -->
+    
+    <bean id="defaultExceptionHandler" parent="defaultExceptionHandlerTemplate"/>
+
+    <bean id="portletContextIntegrationInterceptor" class="org.springframework.security.context.PortletSessionContextIntegrationInterceptor"/>
+    
+    <bean id="portletAuthenticationInterceptor" class="org.springframework.security.ui.portlet.PortletProcessingInterceptor">
+        <property name="authenticationDetailsSource">
+            <bean class="org.springframework.security.ui.portlet.PortletPreAuthenticatedAuthenticationDetailsSource">
+                <property name="mappableRolesRetriever">
+                    <bean class="org.springframework.security.authoritymapping.SimpleMappableAttributesRetriever">
+                        <property name="mappableAttributes">
+                            <list>
+                                <value>tomcat</value>
+                                <value>admin</value>
+                                <value>manager</value>
+                                <!-- Some standard liferay roles -->
+                                <value>Administrator</value>
+                                <value>Guest</value>
+                                <value>User</value>
+                                <value>Power User</value>
+                            </list>
+                        </property>                        
+                    </bean>
+                </property>
+            </bean>
+        </property>            
+        <property name="authenticationManager" ref="authenticationManager"/>
+        <!-- Liferay doesn't seem to set the authType -->
+        <property name="useAuthTypeAsCredentials" value="false"/>
+    </bean>
+    
+    <sec:authentication-manager alias="authenticationManager"/>
+   
+    <bean id="portletAuthProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
+        <sec:custom-authentication-provider/>
+        <property name="preAuthenticatedUserDetailsService">
+            <bean class="org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
+        </property>
+        <property name="throwExceptionWhenTokenRejected" value="true"/>
+    </bean>
+
+<!--    
+    <bean id="portletAuthProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
+        <sec:custom-authentication-provider/>
+        <property name="preAuthenticatedUserDetailsService">
+            <bean class="org.springframework.security.providers.preauth.UserDetailsByNameServiceWrapper">
+                <property name="userDetailsService" ref="userDetailsService"/>
+            </bean>
+        </property>
+    </bean>
+   
+    <sec:user-service id="userDetailsService">
+        <sec:user name="pluto" password="notused" authorities="ROLE_USER,ROLE_A,ROLE_B"/>
+        <sec:user name="tomcat" password="notused" authorities="ROLE_USER,ROLE_A,ROLE_B"/>
+    </sec:user-service>    
+-->    
+</beans>

samples/portlet/src/main/webapp/WEB-INF/jsp/defError.jsp

@@ -0,0 +1,10 @@
+<%@ include file="/WEB-INF/jsp/include.jsp" %>
+
+<h1><spring:message code="exception.generalError.title"/></h1>
+
+<p>${exception.localizedMessage == null ? exception : exception.localizedMessage }<br/>
+<spring:message code="exception.contactAdmin"/></p>
+
+<p>${exception.class}</p>
+
+<p style="text-align:center;"><a href="<portlet:renderURL portletMode="view"/>">- <spring:message code="button.home"/> -</a></p>

samples/portlet/src/main/webapp/WEB-INF/jsp/include.jsp

@@ -0,0 +1,10 @@
+<%@ page contentType="text/html" isELIgnored="false" %>
+
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+
+<%@ taglib prefix="portlet" uri="http://java.sun.com/portlet" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+
+<%@ taglib prefix="html" tagdir="/WEB-INF/tags/html" %>

samples/portlet/src/main/webapp/WEB-INF/jsp/notAuthorized.jsp

@@ -0,0 +1,9 @@
+<%@ include file="/WEB-INF/jsp/include.jsp" %>
+
+<h1><spring:message code="exception.notAuthorized.title"/></h1>
+
+<p><spring:message code="exception.notAuthorized.message"/><br>
+
+<spring:message code="exception.contactAdmin"/></p>
+
+<p style="text-align:center;"><a href="<portlet:renderURL portletMode="view"/>">- <spring:message code="button.home"/> -</a></p>

samples/portlet/src/main/webapp/WEB-INF/jsp/notAvailable.jsp

@@ -0,0 +1,9 @@
+<%@ include file="/WEB-INF/jsp/include.jsp" %>
+
+<h1><spring:message code="exception.notAvailable.title"/></h1>
+
+<p><spring:message code="exception.notAvailable.message"/><br>
+
+<spring:message code="exception.contactAdmin"/></p>
+
+<p style="text-align:center;"><a href="<portlet:renderURL portletMode="view"/>">- <spring:message code="button.home"/> -</a></p>

samples/portlet/src/main/webapp/WEB-INF/portlet.xml

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<portlet-app
+	xmlns="http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd
+	                    http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd"
+	version="1.0">
+
+    <portlet>
+        <portlet-name>Security Context Portlet</portlet-name>
+        <portlet-class>
+            org.springframework.web.portlet.DispatcherPortlet
+        </portlet-class>
+        <init-param>
+            <name>contextConfigLocation</name>
+            <value>/WEB-INF/classes/portlet/securityContextPortlet.xml</value>
+        </init-param>
+        <supports>
+            <mime-type>text/html</mime-type>
+            <portlet-mode>view</portlet-mode>
+        </supports>
+        <portlet-info>
+            <title>Spring Security Context Display Portlet</title>
+        </portlet-info>
+    </portlet>
+    
+	<user-attribute>
+		<name>user.login.id</name>
+	</user-attribute>
+	<user-attribute>
+		<name>user.name</name>
+	</user-attribute>
+	<user-attribute>
+		<name>user.name.full</name>
+	</user-attribute>
+
+</portlet-app>

samples/portlet/src/main/webapp/WEB-INF/web.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0"?>
+
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
+    
+    <display-name>Spring Portlet MVC Sample Application</display-name>
+    
+    <context-param>
+        <param-name>log4jConfigLocation</param-name>
+        <param-value>/WEB-INF/classes/log4j.properties</param-value>
+    </context-param>
+    
+    <context-param>
+        <param-name>contextConfigLocation</param-name>
+        <param-value>classpath:applicationContext.xml</param-value>
+    </context-param>
+    
+    <listener>
+        <listener-class>
+            org.springframework.web.util.Log4jConfigListener
+        </listener-class>
+    </listener>
+    
+    <listener>
+        <listener-class>
+            org.springframework.web.context.ContextLoaderListener
+        </listener-class>
+    </listener>
+    
+    <servlet>
+        <servlet-name>ViewRendererServlet</servlet-name>
+        <servlet-class>
+            org.springframework.web.servlet.ViewRendererServlet
+        </servlet-class>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+    
+    <servlet-mapping>
+        <servlet-name>ViewRendererServlet</servlet-name>
+        <url-pattern>/WEB-INF/servlet/view</url-pattern>
+    </servlet-mapping>
+    
+</web-app>