Java Reference
In-Depth Information
As shown in Listing 7-3, I have used an in-memory DAO for now. This is because the
customer was unsure of the security provider. When the first iteration started, they were
still deciding between an OpenID provider and an LDAP server. However, this did not
affect the progress of the project. You can easily set up an in-memory DAO security
provider for testing purposes. Spring Security provides support to easily switch to either
an OpenID or an LDAP authentication provider. Note that in order to use the in-memory
DAO, you need to create the
user.properties
file in the
WEB-INF
folder. Listing 7-4 shows a
sample
user.properties
file. This file also stores the role or authorities of the user as a
comma-separated list.
Listing 7-4.
/WEB-INF/users.properties
dhrubo=kayal,ROLE_USER
harry=potter,ROLE_ADMIN
peter=parker,ROLE_USER
You are familiar with most of the configuration shown in Listing 7-3 from Chapter 6.
The application-specific beans are configured in the dispatcher servlet application
context. This application context is loaded from the configuration file, as shown in
Listing 7-5.
Listing 7-5.
/WEB-INF/oms-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="
http://www.springframework.org/schema/beans"
xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
"
>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<bean name="/login.do"
class="org.springframework.web.servlet.mvc.UrlFilenameViewController">
