├── SpringSecurity4.7z
├── SpringSecurity4
    ├── WebContent
    │   ├── META-INF
    │   │   ├── MANIFEST.MF
    │   │   ├── pasos.txt
    │   │   └── tcserver.keystore
    │   ├── WEB-INF
    │   │   ├── jsp
    │   │   │   ├── detalleExpediente.jsp
    │   │   │   └── listadoExpedientes.jsp
    │   │   └── web.xml
    │   ├── css
    │   │   └── estilos.css
    │   ├── imagenes
    │   │   ├── alien.jpg
    │   │   ├── batboy.jpg
    │   │   ├── bigfoot.jpg
    │   │   ├── elvis.jpg
    │   │   └── xfiles.jpg
    │   ├── index.jsp
    │   └── paginas
    │   │   ├── acceso-denegado.jsp
    │   │   ├── desconectado.jsp
    │   │   ├── nuestro-login.jsp
    │   │   └── sesion-expirada.jsp
    ├── pom.xml
    ├── src
    │   └── expedientesx
    │   │   ├── cfg
    │   │       ├── AppInitializer.java
    │   │       ├── Configuracion.java
    │   │       └── ConfiguracionMVC.java
    │   │   ├── controlador
    │   │       ├── ControladorExpedientes.java
    │   │       └── OyenteSesion.java
    │   │   ├── modelo
    │   │       ├── entidad
    │   │       │   └── Expediente.java
    │   │       ├── negocio
    │   │       │   ├── GestorExpedientesImpl.java
    │   │       │   └── GestorExpendientes.java
    │   │       └── persistencia
    │   │       │   ├── ExpedientesDao.java
    │   │       │   └── ExpedientesDaoImpl.java
    │   │   └── util
    │   │       ├── BotonVolverFilter.java
    │   │       ├── HorarioVoter.java
    │   │       ├── PasswordEncoderGenerator.java
    │   │       └── RecordarLoginFilter.java
    └── target
    │   ├── classes
    │       └── expedientesx
    │       │   ├── cfg
    │       │       ├── AppInitializer.class
    │       │       ├── Configuracion.class
    │       │       └── ConfiguracionMVC.class
    │       │   ├── controlador
    │       │       ├── ControladorExpedientes.class
    │       │       └── OyenteSesion.class
    │       │   ├── modelo
    │       │       ├── entidad
    │       │       │   └── Expediente.class
    │       │       ├── negocio
    │       │       │   ├── GestorExpedientesImpl.class
    │       │       │   └── GestorExpendientes.class
    │       │       └── persistencia
    │       │       │   ├── ExpedientesDao.class
    │       │       │   └── ExpedientesDaoImpl.class
    │       │   └── util
    │       │       ├── BotonVolverFilter.class
    │       │       ├── HorarioVoter.class
    │       │       ├── PasswordEncoderGenerator.class
    │       │       └── RecordarLoginFilter.class
    │   └── m2e-wtp
    │       └── web-resources
    │           └── META-INF
    │               ├── MANIFEST.MF
    │               └── maven
    │                   └── SpringSecurity4
    │                       └── SpringSecurity4
    │                           ├── pom.properties
    │                           └── pom.xml
└── readme.txt


/SpringSecurity4.7z:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4.7z


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Class-Path: 
3 | 
4 | 


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/META-INF/pasos.txt:
--------------------------------------------------------------------------------
  1 | ############################################################################################################# 
  2 | # 1. Añadir el filtro de seguridad en el método 'onStartup' de la clase 'AppInitializer'
  3 | ############################################################################################################# 
  4 | servletContext.addFilter("springSecurityFilterChain", 
  5 | 	new DelegatingFilterProxy("springSecurityFilterChain"))
  6 | 		.addMappingForUrlPatterns(null, false, "/*");     
  7 | 
  8 | ############################################################################################################# 
  9 | # 2. Crear una clase para configurar Spring Security
 10 | #############################################################################################################  
 11 | package expedientesx.cfg;
 12 | import org.springframework.context.annotation.Configuration;
 13 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 14 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 15 | 
 16 | @Configuration
 17 | @EnableWebSecurity
 18 | public class ConfiguracionSpringSecurity extends WebSecurityConfigurerAdapter {
 19 | 
 20 | }
 21 | 
 22 | ############################################################################################################# 
 23 | # 3. Añadir la configuración de seguridad con una seguridad mínima 
 24 | ############################################################################################################# 
 25 | @Autowired
 26 | public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
 27 | 	auth.inMemoryAuthentication().withUser("Fernando").password("1234").roles("AGENTE");
 28 | 	auth.inMemoryAuthentication().withUser("Mulder").password("fox").roles("AGENTE_ESPECIAL");
 29 | 	auth.inMemoryAuthentication().withUser("Scully").password("dana").roles("AGENTE_ESPECIAL");
 30 | 	auth.inMemoryAuthentication().withUser("Skinner").password("walter").roles("DIRECTOR");
 31 | }
 32 | 
 33 | @Override
 34 | protected void configure(HttpSecurity http) throws Exception {
 35 | 	http.authorizeRequests().
 36 | 		antMatchers("/**").
 37 | 			access("hasRole('AGENTE_ESPECIAL')").
 38 | 		and().formLogin();
 39 | }
 40 |   
 41 | ############################################################################################################# 
 42 | # 4.  Configurar el login/logout explícitamente
 43 | ############################################################################################################# 
 44 | sustituir el bloque anterior por este.
 45 | 
 46 | http
 47 | .formLogin()
 48 | 	.loginPage("/paginas/nuestro-login.jsp")
 49 | 	.failureUrl("/paginas/nuestro-login.jsp?login_error");
 50 | 
 51 | http
 52 | .logout()
 53 | 	.logoutSuccessUrl("/paginas/desconectado.jsp");
 54 | 
 55 | http
 56 | .authorizeRequests()
 57 | 	.antMatchers("/**").access("hasRole('AGENTE_ESPECIAL')");
 58 | 
 59 | http
 60 | 	.csrf().disable();
 61 | 			
 62 | 
 63 | ############################################################################################################# 
 64 | # 4. (cont). Solucionar problemas de acceso a recursos
 65 | ############################################################################################################# 
 66 | http
 67 | .authorizeRequests()
 68 | 	.antMatchers("/paginas/*").permitAll()
 69 | 	.antMatchers("/css/*").permitAll()
 70 | 	.antMatchers("/imagenes/*").permitAll()
 71 | 	.antMatchers("/**").access("hasRole('AGENTE_ESPECIAL')");
 72 | 
 73 | ############################################################################################################# 
 74 | # 5.  Logout en index.jsp
 75 | ############################################################################################################# 
 76 | 	<!-- LOGOUT -->	
 77 | 	<p> 
 78 | 		Solo los Agentes pueden ver este recurso. Bienvenido <%= request.getUserPrincipal().getName() %> 
 79 | 
 80 | 		<form action="<c:url value='/logout'/>" method="post">
 81 | 			<sec:csrfInput/>
 82 | 			<input type="submit" value="Salir"/>
 83 | 		</form>
 84 | 	</p> 
 85 | 	<hr/>
 86 | 	<%= request.getUserPrincipal() %> 
 87 | 	
 88 | ############################################################################################################# 
 89 | # 6.    UserDetailsService
 90 | ############################################################################################################# 	
 91 | 	@Autowired
 92 | 	public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
 93 | 		auth.userDetailsService(userDetailsService());
 94 | 	}	
 95 | 	
 96 | 	public UserDetailsService userDetailsService(){
 97 |         Properties usuarios = new Properties();
 98 | 		usuarios.put("Fernando","1234,ROLE_AGENTE,enabled");
 99 | 		usuarios.put("Mulder"  ,"fox,ROLE_AGENTE_ESPECIAL,enabled");
100 | 		usuarios.put("Scully"  ,"dana,ROLE_AGENTE_ESPECIAL,enabled");
101 | 		usuarios.put("Skinner" ,"walter,ROLE_DIRECTOR,enabled");
102 |         
103 | 		return new InMemoryUserDetailsManager(usuarios);
104 | 	}
105 | 		
106 | 
107 | ############################################################################################################# 
108 | # 7.    Proteger contraseñas de los usuarios encriptándolas
109 | ############################################################################################################# 	
110 | 	@Bean
111 | 	public PasswordEncoder passwordEncoder(){
112 | 		PasswordEncoder encoder = new BCryptPasswordEncoder();
113 | 		return encoder;
114 | 	}
115 | 	
116 | 	@Autowired
117 | 	public void configureGlobalSecurity(AuthenticationManagerBuilder auth, PasswordEncoder pe) throws Exception {
118 | 		auth.userDetailsService(userDetailsService()).passwordEncoder(pe);
119 | 	}
120 | 	
121 | 	public UserDetailsService userDetailsService(){
122 |         Properties usuarios = new Properties();
123 | 		usuarios.put("Fernando","$2a$10$SMPYtil7Hs2.cV7nrMjrM.dRAkuoLdYM8NdVrF.GeHfs/MrzcQ/zi,ROLE_AGENTE,enabled");
124 | 		usuarios.put("Mulder"  ,"$2a$10$M2JRRHUHTfv4uMR4NWmCLebk1r9DyWSwCMZmuq4LKbImOkfhGFAIa,ROLE_AGENTE_ESPECIAL,enabled");
125 | 		usuarios.put("Scully"  ,"$2a$10$cbF5xp0grCOGcI6jZvPhA.asgmILATW1hNbM2MEqGJEFnRhhQd3ba,ROLE_AGENTE_ESPECIAL,enabled");
126 | 		usuarios.put("Skinner" ,"$2a$10$ZFtPIULMcxPe3r/5VunbVujMD7Lw8hkqAmJlxmK5Y1TK3L1bf8ULG,ROLE_DIRECTOR,enabled");
127 |         
128 | 		return new InMemoryUserDetailsManager(usuarios);
129 | 	}
130 | 		
131 | ############################################################################################################# 
132 | # 8.    Añadir funcionalidad "Remember Me"
133 | #############################################################################################################
134 | http.rememberMe() 
135 | 	.rememberMeParameter("remember-me-param")
136 | 	.rememberMeCookieName("my-remember-me")
137 | 	.tokenValiditySeconds(86400);
138 | 
139 | ############################################################################################################# 
140 | # 9.    Seguridad en el canal de transporte (HTTPS) - Configurar restricciones y puertos
141 | #############################################################################################################
142 | http
143 | 	.requiresChannel()
144 | 	.anyRequest()
145 | 	.requiresSecure()
146 | .and()
147 | 	.portMapper().http(8080).mapsTo(8443);
148 | 	
149 | ############################################################################################################# 
150 | # 10.    Seguridad en el canal de transporte (HTTPS) - Crear conector SSL en Servidor
151 | #############################################################################################################	
152 | server.xml
153 | 
154 | 	<Connector SSLEnabled="true" acceptCount="100" 
155 | 		connectionTimeout="20000" executor="tomcatThreadPool" 
156 | 		keyAlias="tcserver" keystoreFile="${catalina.base}/conf/tcserver.keystore" 
157 | 		keystorePass="changeme" 
158 | 		maxKeepAliveRequests="15" port="8443" protocol="HTTP/1.1" 
159 | 		redirectPort="8443" scheme="https" secure="true"/>
160 | 	
161 | copiar tcserver.keystore al directorio a la configuracion de Tomcat en el workspace	
162 | 	
163 | ############################################################################################################# 
164 | # 11.    Control de la expiración de sesiones
165 | #############################################################################################################
166 | 		http
167 | 		.logout()
168 | 			.logoutSuccessUrl("/paginas/desconectado.jsp")
169 | 			.deleteCookies("JSESSIONID");
170 | 
171 | 		http
172 | 			.sessionManagement()
173 | 			.invalidSessionUrl("/paginas/sesion-expirada.jsp");
174 | 		
175 | ############################################################################################################# 
176 | # 12.    Control de la concurrencia de sesiones
177 | #############################################################################################################	
178 |     public void onStartup(ServletContext servletContext) throws ServletException {
179 | 		//...
180 |         servletContext.addListener(new HttpSessionEventPublisher());
181 | 			
182 | ############################################################################################################# 
183 | # 12 (Cont).    Control de la concurrencia de sesiones
184 | #############################################################################################################	
185 | http
186 | 	.sessionManagement()
187 | 	.invalidSessionUrl("/paginas/sesion-expirada.jsp")
188 | 	.maximumSessions(1)
189 | 	.maxSessionsPreventsLogin(true);
190 | 
191 | ############################################################################################################# 
192 | # 13.    Session fixation
193 | #############################################################################################################	
194 | Configurado por defecto.
195 | 
196 | http.sessionManagement()
197 |     .sessionFixation().migrateSession();
198 |     
199 | ############################################################################################################# 
200 | # 14.	Uso de la librería de etiquetas (Spring Security Taglibs)
201 | #############################################################################################################	  
202 | Deprecated:	
203 | 	<sec:authorize ifAnyGranted="ROLE_AGENTE_ESPECIAL,ROLE_DIRECTOR">
204 | 		<a href="<c:url value='/expedientesx/clasificar?id=${expediente.id}'/>">clasificar</a>
205 | 		<a href="<c:url value='/expedientesx/desclasificar?id=${expediente.id}'/>">desclasificar</a>
206 | 	</sec:authorize>
207 | 
208 | ############################################################################################################# 
209 | # 15.	Uso Expresiones SpEL con etiquetas Security Taglib
210 | #############################################################################################################
211 | <sec:authorize access="hasAnyRole('ROLE_AGENTE_ESPECIAL','ROLE_DIRECTOR')">
212 | 	<a href="#" onclick="clasificar(${expediente.id})">clasificar</a>
213 | 	<a href="#" onclick="desclasificar(${expediente.id})">desclasificar</a>
214 | </sec:authorize>
215 | 
216 | hasRole([role])
217 | hasAnyRole([role1,role2])
218 | permitAll
219 | denyAll
220 | isAnonymous()
221 | isAuthenticated()
222 | 
223 | 
224 | Invocando muestros propios métodos con SpEL
225 | 
226 | @ComponentScan(basePackages = { "expedientesx.util" })
227 | 
228 | @Component
229 | public class Seguridad {
230 | 	public boolean getPermiso(){	
231 | 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
232 | 		System.out.println(authentication.getAuthorities());
233 | 		Collection<SimpleGrantedAuthority> authorities = (Collection<SimpleGrantedAuthority>) authentication.getAuthorities();
234 | 		return authorities.contains(new SimpleGrantedAuthority("ROLE_AGENTE_ESPECIAL"));
235 | 	}	
236 | }
237 | 
238 | <sec:authorize access="@seguridad.getPermiso()">
239 | 	<a href="#" onclick="clasificar(${expediente.id})">clasificar</a>
240 | 	<a href="#" onclick="desclasificar(${expediente.id})">desclasificar</a>
241 | </sec:authorize>
242 | 
243 | ############################################################################################################# 
244 | # 16.	CSRF
245 | #############################################################################################################
246 | 
247 | Comentar en ConfiguracionSpringSecurity:
248 | 
249 | http.csrf().disable();
250 | 
251 | Añadir un campo oculto para guardar el token en todos los formularios que utilicen el método POST:
252 | -nuestro-login.jsp
253 | -listadoExpedientes.jsp
254 | 
255 | <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>	
256 | 
257 | Equivalente con la librería de etiquetas:
258 | 
259 | <sec:csrfInput />
260 | 
261 | 
262 | ############################################################################################################# 
263 | # 17.	Seguridad en la invocación de métodos de negocio con anotaciones Spring Security
264 | #############################################################################################################
265 | @Configuration
266 | @EnableWebSecurity
267 | @EnableGlobalMethodSecurity(securedEnabled = true)
268 | public class ConfiguracionSpringSecurity extends WebSecurityConfigurerAdapter {
269 | 
270 | //...
271 | 
272 | http
273 | 	.exceptionHandling()
274 | 	.accessDeniedPage("/paginas/acceso-denegado.jsp");
275 | 	
276 | ############################################################################################################# 
277 | # 17 (Cont).	Seguridad en la invocación de métodos de negocio con anotaciones Spring Security
278 | #############################################################################################################	
279 | @Secured("ROLE_AGENTE_ESPECIAL,ROLE_DIRECTOR")
280 | void clasificar(Expediente expediente);
281 | 
282 | @Secured("ROLE_AGENTE_ESPECIAL,ROLE_DIRECTOR")
283 | void desclasificar(Expediente expediente);
284 | 
285 | ############################################################################################################# 
286 | # 18.	Seguridad en la invocación de métodos de negocio con anotaciones JSR-250
287 | #############################################################################################################
288 | @EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled=true)
289 | 	
290 | ############################################################################################################# 
291 | # 18 (Cont).	Seguridad en la invocación de métodos de negocio con anotaciones JSR-250
292 | #############################################################################################################
293 | @RolesAllowed("ROLE_AGENTE_ESPECIAL,ROLE_DIRECTOR")
294 | void desclasificar(Expediente expediente);
295 | 
296 | ############################################################################################################# 
297 | # 19.	Seguridad en la invocación de métodos de negocio con Expresiones SpEL (Preinvocación)
298 | #############################################################################################################
299 | @EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled=true, prePostEnabled=true)
300 | 	
301 | ############################################################################################################# 
302 | # 19 (Cont).	Seguridad en la invocación de métodos de negocio con Expresiones SpEL (Preinvocación)
303 | #############################################################################################################
304 | @PreAuthorize("hasRole('ROLE_DIRECTOR')")
305 | void clasificar(Expediente expediente);
306 | 
307 | @PreAuthorize("hasRole('ROLE_DIRECTOR') or #expediente.investigador == authentication.name")
308 | void desclasificar(Expediente expediente);
309 | 
310 | ############################################################################################################# 
311 | # 20.	Seguridad en la invocación de métodos de negocio con Expresiones SpEL (Postinvocación)
312 | #############################################################################################################	
313 | @PreAuthorize("hasAnyRole('ROLE_AGENTE_ESPECIAL','ROLE_DIRECTOR')")
314 | @PostAuthorize("hasRole('ROLE_DIRECTOR') or returnObject.investigador == authentication.name")
315 | Expediente mostrar(Long id);
316 | 	
317 | ############################################################################################################# 
318 | # 21. Seguridad en la invocación de métodos de negocio con Expresiones SpEL (Filtro de resultados)
319 | #############################################################################################################	
320 | @PostFilter("not filterObject.informe.contains(principal.username)")
321 | List<Expediente> mostrarTodos();
322 | 
323 | ############################################################################################################# 
324 | # 22. Utilización del sistema de votantes - Explicitar la configuración del espacio de nombres Security
325 | #############################################################################################################
326 | @Bean
327 | public AffirmativeBased accessDecisionManager() {
328 | 
329 |     AffirmativeBased affirmativeBased = new AffirmativeBased(
330 | 	Arrays.asList(roleVoter(), 
331 | 		      authenticatedVoter(), 
332 | 		      webExpressionVoter(),
333 |     affirmativeBased.setAllowIfAllAbstainDecisions(false);
334 |     return affirmativeBased;
335 | }	
336 | 
337 | http
338 | .authorizeRequests()
339 | 	.accessDecisionManager(accessDecisionManager())
340 | 	.antMatchers("/paginas/*").permitAll()
341 | 	.antMatchers("/css/*").permitAll()
342 | 	.antMatchers("/imagenes/*").permitAll()
343 | 	.antMatchers("/**").access("isAuthenticated()");
344 | 
345 | 
346 | 
347 | ############################################################################################################# 
348 | # 23.  Utilización del sistema de votantes - Personalizar la configuracion del accessDecisionManager
349 | #############################################################################################################
350 | Sustituyendo a la anterior
351 | 
352 | @Bean
353 | public UnanimousBased accessDecisionManager() throws Exception {
354 | 	UnanimousBased unanimousBased = new UnanimousBased(
355 | 			Arrays.asList(new AuthenticatedVoter(), 
356 | 					  new WebExpressionVoter(), 
357 | 					  new RoleVoter(),
358 | 					  new HorarioVoter() ) );
359 | 	unanimousBased.setAllowIfAllAbstainDecisions(false);
360 | 	unanimousBased.afterPropertiesSet();
361 | 
362 | 	return unanimousBased;
363 | }
364 |     


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/META-INF/tcserver.keystore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/WebContent/META-INF/tcserver.keystore


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/WEB-INF/jsp/detalleExpediente.jsp:
--------------------------------------------------------------------------------
 1 | <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
 2 | <%@ taglib prefix="sec"	uri="http://www.springframework.org/security/tags"%>
 3 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 4 | <html>
 5 | <head>
 6 | <meta http-equiv="content-type" content="text/html; charset=UTF-8">
 7 | <link rel="stylesheet" href="<c:url value='/css/estilos.css'/>"	type="text/css" />
 8 | <title>Expedientes X</title>
 9 | </head>
10 | <body>
11 | 	<div id="content">
12 | 
13 | 		<h1>Expedientes X</h1>
14 | 		<a href="<c:url value='/expedientesx/mostrar/todos'/>">
15 | 			VOLVER
16 | 		</a>
17 | 		<br>
18 | 		<br>
19 | 
20 | 		<table>
21 | 			<tr>
22 | 				<td colspan="2">
23 | 					<img src="<c:url value='/${expediente.imagen}'/>" height="200px"/>
24 | 				</td>
25 | 			</tr>
26 | 			<tr>
27 | 				<td><b>Titulo:</b></td>
28 | 				<td>${expediente.titulo}</td>
29 | 			</tr>
30 | 			<tr>
31 | 				<td><b>Informe:</b></td>
32 | 				<td>${expediente.informe}</td>
33 | 			</tr>
34 | 			<tr>
35 | 				<td><b>Investigador</b></td>
36 | 				<td>${expediente.investigador}</td>
37 | 			<tr>
38 | 				<td><b>Clasificado</b></td>
39 | 				<td>${expediente.clasificado}</td>
40 | 			</tr>
41 | 		</table>
42 | 	</div>
43 | </body>
44 | </html>
45 | 
46 | 
47 | 
48 | 
49 | 
50 | 
51 | 
52 | 
53 | 
54 | 
55 | 
56 | 
57 | 
58 | 


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/WEB-INF/jsp/listadoExpedientes.jsp:
--------------------------------------------------------------------------------
 1 | <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
 2 | <%@ taglib prefix="sec"	uri="http://www.springframework.org/security/tags"%>
 3 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 4 | <html>
 5 | <head>
 6 | <meta http-equiv="content-type" content="text/html; charset=UTF-8">
 7 | <link rel="stylesheet" href="<c:url value='/css/estilos.css'/>"	type="text/css" />
 8 | <title>Expedientes X</title>
 9 | </head>
10 | 
11 | <script>
12 | 
13 | 	function clasificar(id){
14 | 		document.formulario.action = "../clasificar";
15 | 		document.getElementById("id").value = id;
16 | 		document.formulario.submit();
17 | 	}
18 | 
19 | 	function desclasificar(id){
20 | 		document.formulario.action = "../desclasificar";
21 | 		document.getElementById("id").value = id;
22 | 		document.formulario.submit();
23 | 	}		
24 | 
25 | </script>
26 | 
27 | <body>
28 | 
29 | 	<div id="content">
30 | 
31 | 		<h1>
32 | 			Expedientes X para
33 | 			<sec:authentication property="principal.username" />
34 | 		</h1>
35 | 		<a href="<c:url value="/index.jsp"/>">Inicio</a><br>
36 | 		<br>
37 | 		
38 | 		<form action="" name="formulario" method="POST">
39 | 		
40 | 			<input type="hidden" id="id" name="id"/>
41 | 
42 | 			<table width="800px">
43 | 				<tr>
44 | 					<th>ID</td>
45 | 					<th align="center">Imagen</th>
46 | 					<th align="right">Titulo</th>
47 | 					<th width="40%">Informe</th>
48 | 					<th align="right">Investigador</th>
49 | 					<th align="center">Clasificado</th>
50 | 					<th>Operaciones</th>
51 | 				</tr>
52 | 				<c:forEach var="expediente" items="${expedientes}">
53 | 					<tr valign="top">
54 | 						<td>${expediente.id}</td>
55 | 						<td align="center"><img src="<c:url value='/${expediente.imagen}'/>" height="100px" /></td>
56 | 						<td align="right"><b>${expediente.titulo}</b></td>
57 | 						<td width="40%"><font size="-1">${expediente.informe}</font></td>
58 | 						<td align="right"><b>${expediente.investigador}</b></td>
59 | 						<td align="center"><b>${expediente.clasificado}</b></td>
60 | 						<td>
61 | 							<a href="<c:url value='/expedientesx/mostrar/${expediente.id}'/>">mostrar</a>
62 | 							<!-- 
63 | 							<a href="<c:url value='/expedientesx/clasificar?id=${expediente.id}'/>">clasificar</a>
64 | 							<a href="<c:url value='/expedientesx/desclasificar?id=${expediente.id}'/>">desclasificar</a>
65 | 							-->
66 | 							<!--  -->
67 | 							<a href="#" onclick="clasificar(${expediente.id})">clasificar</a>
68 | 							<a href="#" onclick="desclasificar(${expediente.id})">desclasificar</a>
69 | 						</td>
70 | 					</tr>
71 | 				</c:forEach>
72 | 			</table>
73 | 
74 | 		</form>		
75 | 
76 | 	</div>
77 | </body>
78 | </html>
79 | 
80 | 
81 | 
82 | 
83 | 
84 | 
85 | 
86 | 
87 | 
88 | 
89 | 
90 | 
91 | 
92 | 


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
 3 |          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |          xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee 
 5 |          http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
 6 |          version="3.1">
 7 |   <display-name>SpringSecurity4</display-name>
 8 |   <welcome-file-list>
 9 |     <welcome-file>index.jsp</welcome-file>
10 |   </welcome-file-list>
11 | </web-app>


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/css/estilos.css:
--------------------------------------------------------------------------------
 1 | 
 2 | body {
 3 |     background-color: gray;
 4 | }
 5 | 
 6 | #content {
 7 |     margin: 5em auto;
 8 |     width: 40em;
 9 | }
10 | 
11 | .securityHiddenUI, .securityHiddenUI * {
12 |     background-color: #ff4500;
13 | }
14 | 


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/imagenes/alien.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/WebContent/imagenes/alien.jpg


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/imagenes/batboy.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/WebContent/imagenes/batboy.jpg


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/imagenes/bigfoot.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/WebContent/imagenes/bigfoot.jpg


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/imagenes/elvis.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/WebContent/imagenes/elvis.jpg


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/imagenes/xfiles.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/WebContent/imagenes/xfiles.jpg


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/index.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page session="false" %>
 2 | <%@ page contentType="text/html;charset=UTF-8" language="java" %>
 3 | <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 4 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 5 | 
 6 | <html>
 7 |   <head>
 8 |       <meta http-equiv="content-type" content="text/html; charset=UTF-8">
 9 |       <link rel="stylesheet" href="<c:url value='/css/estilos.css'/>" type="text/css" />
10 |       <title>Bienvenido a los Expedientes X del FBI</title>
11 |   </head>
12 | <body>
13 | 
14 | <img src="imagenes/xfiles.jpg" align="right"/>
15 | 
16 | <div id="content">
17 | 
18 | 	<h1>Página Principal</h1>
19 | 	<p>
20 | 		Cualquiera puede ver este recurso.
21 | 	</p>
22 | 	
23 | 	<p>
24 | 		<a href="<c:url value='/expedientesx/mostrar/todos'/>">
25 | 			Mostrar	expedientes
26 | 		</a>
27 | 	</p>
28 | 	
29 | 
30 | </div>
31 | 
32 | </body>
33 | </html>
34 | 


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/paginas/acceso-denegado.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/WebContent/paginas/acceso-denegado.jsp


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/paginas/desconectado.jsp:
--------------------------------------------------------------------------------
 1 | <%@page session="false"%>
 2 | <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
 3 | 
 4 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 5 | 
 6 | <html>
 7 | <head>
 8 | <meta http-equiv="content-type" content="text/html; charset=UTF-8">
 9 | <link rel="stylesheet" href="<c:url value='/css/estilos.css'/>"	type="text/css" />
10 | <title>Desconectado</title>
11 | </head>
12 | <body>
13 | 	<div id="content">
14 | 		<h2>Desconectado.</h2>
15 | 		<p>
16 | 			Te has desconectado. 
17 | 			<a href="<c:url value='/'/>">Comenzar de nuevo</a>.
18 | 		</p>
19 | 	</div>
20 | </body>
21 | </html>
22 | 


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/paginas/nuestro-login.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/WebContent/paginas/nuestro-login.jsp


--------------------------------------------------------------------------------
/SpringSecurity4/WebContent/paginas/sesion-expirada.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/WebContent/paginas/sesion-expirada.jsp


--------------------------------------------------------------------------------
/SpringSecurity4/pom.xml:
--------------------------------------------------------------------------------
  1 | <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  2 | 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  3 | 	<modelVersion>4.0.0</modelVersion>
  4 | 	<groupId>SpringSecurity4</groupId>
  5 | 	<artifactId>SpringSecurity4</artifactId>
  6 | 	<version>0.0.1-SNAPSHOT</version>
  7 | 	<packaging>war</packaging>
  8 | 	<build>
  9 | 		<sourceDirectory>src</sourceDirectory>
 10 | 		<plugins>
 11 | 			<plugin>
 12 | 				<artifactId>maven-compiler-plugin</artifactId>
 13 | 				<version>3.8.0</version>
 14 | 				<configuration>
 15 | 					<source>1.8</source>
 16 | 					<target>1.8</target>
 17 | 				</configuration>
 18 | 			</plugin>
 19 | 			<plugin>
 20 | 				<artifactId>maven-war-plugin</artifactId>
 21 | 				<version>3.2.2</version>
 22 | 				<configuration>
 23 | 					<warSourceDirectory>WebContent</warSourceDirectory>
 24 | 					<failOnMissingWebXml>false</failOnMissingWebXml>
 25 | 				</configuration>
 26 | 			</plugin>
 27 | 		</plugins>
 28 | 	</build>
 29 | 
 30 | 	<properties>
 31 | 
 32 | 		<!-- Generic properties -->
 33 | 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 34 | 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 35 | 
 36 | 		<!-- Web 
 37 | 		<jsp.version>2.2</jsp.version>
 38 | 		<servlet.version>3.1</servlet.version>
 39 | 		-->
 40 | 		<jstl.version>1.2</jstl.version>
 41 | 
 42 | 		<!-- Spring -->
 43 | 		<spring-framework.version>4.2.6.RELEASE</spring-framework.version>
 44 | 		<springsecurity.version>4.1.0.RELEASE</springsecurity.version>
 45 | 
 46 | 		<!-- Logging -->
 47 | 		<logback.version>1.0.13</logback.version>
 48 | 		<slf4j.version>1.7.5</slf4j.version>
 49 | 
 50 | 	</properties>
 51 | 
 52 | 	<dependencies>
 53 | 
 54 | 		<!-- Spring MVC -->
 55 | 		<dependency>
 56 | 			<groupId>org.springframework</groupId>
 57 | 			<artifactId>spring-webmvc</artifactId>
 58 | 			<version>${spring-framework.version}</version>
 59 | 		</dependency>
 60 | 
 61 | 		<!-- Other Web dependencies -->
 62 | 		<dependency>
 63 | 			<groupId>javax.servlet</groupId>
 64 | 			<artifactId>jstl</artifactId>
 65 | 			<version>${jstl.version}</version>
 66 | 		</dependency>
 67 | 
 68 | 		<!-- Logging with SLF4J & LogBack -->
 69 | 		<dependency>
 70 | 			<groupId>org.slf4j</groupId>
 71 | 			<artifactId>slf4j-api</artifactId>
 72 | 			<version>${slf4j.version}</version>
 73 | 			<scope>compile</scope>
 74 | 		</dependency>
 75 | 		<dependency>
 76 | 			<groupId>ch.qos.logback</groupId>
 77 | 			<artifactId>logback-classic</artifactId>
 78 | 			<version>${logback.version}</version>
 79 | 			<scope>runtime</scope>
 80 | 		</dependency>
 81 | 
 82 | 		<!-- Spring security -->
 83 | 		<dependency>
 84 | 			<groupId>org.springframework.security</groupId>
 85 | 			<artifactId>spring-security-web</artifactId>
 86 | 			<version>${springsecurity.version}</version>
 87 | 		</dependency>
 88 | 		<dependency>
 89 | 			<groupId>org.springframework.security</groupId>
 90 | 			<artifactId>spring-security-config</artifactId>
 91 | 			<version>${springsecurity.version}</version>
 92 | 		</dependency>
 93 | 		<dependency>
 94 | 			<groupId>org.springframework.security</groupId>
 95 | 			<artifactId>spring-security-taglibs</artifactId>
 96 | 			<version>${springsecurity.version}</version>
 97 | 		</dependency>
 98 | 
 99 | 	</dependencies>
100 | 
101 | 
102 | 
103 | 
104 | </project>


--------------------------------------------------------------------------------
/SpringSecurity4/src/expedientesx/cfg/AppInitializer.java:
--------------------------------------------------------------------------------
 1 | package expedientesx.cfg;
 2 | 
 3 | import javax.servlet.ServletContext;
 4 | import javax.servlet.ServletException;
 5 | import javax.servlet.ServletRegistration;
 6 | 
 7 | import org.springframework.security.web.session.HttpSessionEventPublisher;
 8 | import org.springframework.web.WebApplicationInitializer;
 9 | import org.springframework.web.context.ContextLoaderListener;
10 | import org.springframework.web.context.WebApplicationContext;
11 | import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
12 | import org.springframework.web.filter.DelegatingFilterProxy;
13 | import org.springframework.web.servlet.DispatcherServlet;
14 | 
15 | public class AppInitializer implements WebApplicationInitializer {
16 | 	
17 |     @Override
18 |     public void onStartup(ServletContext servletContext) throws ServletException {
19 |     	
20 |     	WebApplicationContext context = getContext();
21 |         servletContext.addListener(new ContextLoaderListener(context));
22 |         ServletRegistration.Dynamic dispatcher = servletContext.addServlet("DispatcherServlet", new DispatcherServlet(context));
23 |         dispatcher.setLoadOnStartup(1);
24 |         dispatcher.addMapping("/expedientesx/*");
25 |        
26 |     }
27 |     
28 | 
29 |     private AnnotationConfigWebApplicationContext getContext() {
30 |         AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
31 |         context.setConfigLocation("expedientesx.cfg");
32 |         return context;
33 |     }
34 | }


--------------------------------------------------------------------------------
/SpringSecurity4/src/expedientesx/cfg/Configuracion.java:
--------------------------------------------------------------------------------
 1 | package expedientesx.cfg;
 2 | 
 3 | import org.springframework.context.annotation.ComponentScan;
 4 | import org.springframework.context.annotation.Configuration;
 5 | import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 6 | 
 7 | @Configuration
 8 | @ComponentScan(basePackages = { "expedientesx.modelo" })
 9 | public class Configuracion {
10 | 
11 | }
12 | 


--------------------------------------------------------------------------------
/SpringSecurity4/src/expedientesx/cfg/ConfiguracionMVC.java:
--------------------------------------------------------------------------------
 1 | package expedientesx.cfg;
 2 | 
 3 | import org.springframework.context.annotation.Bean;
 4 | import org.springframework.context.annotation.ComponentScan;
 5 | import org.springframework.context.annotation.Configuration;
 6 | import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 7 | import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 8 | import org.springframework.web.servlet.view.InternalResourceViewResolver;
 9 | 
10 | @EnableWebMvc
11 | @Configuration
12 | @ComponentScan(basePackages={ "expedientesx.controlador" })
13 | public class ConfiguracionMVC extends WebMvcConfigurerAdapter {
14 | 
15 |     @Bean
16 |     public InternalResourceViewResolver viewResolver() {
17 |         InternalResourceViewResolver resolver = new InternalResourceViewResolver();
18 |         resolver.setPrefix("/WEB-INF/jsp/");
19 |         resolver.setSuffix(".jsp");
20 |         return resolver;
21 |     }	
22 | 	
23 | }
24 | 


--------------------------------------------------------------------------------
/SpringSecurity4/src/expedientesx/controlador/ControladorExpedientes.java:
--------------------------------------------------------------------------------
 1 | package expedientesx.controlador;
 2 | 
 3 | import org.springframework.beans.factory.annotation.Autowired;
 4 | import org.springframework.stereotype.Controller;
 5 | import org.springframework.ui.Model;
 6 | import org.springframework.web.bind.annotation.PathVariable;
 7 | import org.springframework.web.bind.annotation.RequestMapping;
 8 | import org.springframework.web.bind.annotation.RequestMethod;
 9 | import org.springframework.web.bind.annotation.RequestParam;
10 | import org.springframework.web.servlet.ModelAndView;
11 | 
12 | import expedientesx.modelo.entidad.Expediente;
13 | import expedientesx.modelo.negocio.GestorExpendientes;
14 | 
15 | @Controller
16 | public class ControladorExpedientes {
17 | 	@Autowired 
18 | 	private GestorExpendientes gestionExpendientes;
19 | 	
20 | 	@RequestMapping("/mostrar/todos")
21 | 	public ModelAndView mostrarTodos() {
22 | 		System.out.println("Peticion Mostrar Expedientes Recibida");
23 | 		ModelAndView mav=new ModelAndView();
24 | 		mav.setViewName("listadoExpedientes");
25 | 		mav.addObject("expedientes", gestionExpendientes.listarTodos());
26 | 		return mav;
27 | 	}
28 | 	
29 | 	@RequestMapping("/mostrar/{id}")
30 | 	public ModelAndView mostrar(@PathVariable Long id) {
31 | 		System.out.println("Peticion Mostrar Expediente Recibida");
32 | 		ModelAndView mav=new ModelAndView();
33 | 		mav.setViewName("detalleExpediente");
34 | 		mav.addObject("expediente", gestionExpendientes.mostrar(id));
35 | 		return mav;
36 | 	}
37 | 	
38 | 	@RequestMapping(value="/clasificar", method=RequestMethod.POST)
39 | 	public String clasificar( @RequestParam("id") Long id, Model model){
40 | 		System.out.println("Clasificar el expediente: "+id);
41 | 		Expediente expediente = gestionExpendientes.mostrar(id);
42 | 		gestionExpendientes.clasificar(expediente);
43 | 		return "redirect:/expedientesx/mostrar/todos";
44 | 	}
45 | 	
46 | 	@RequestMapping(value="/desclasificar", method=RequestMethod.POST)
47 | 	public String desclasificar( @RequestParam("id") Long id, Model model){
48 | 		System.out.println("Desclasificar el expediente: "+id);
49 | 		Expediente expediente = gestionExpendientes.mostrar(id);
50 | 		gestionExpendientes.desclasificar(expediente);
51 | 		return "redirect:/expedientesx/mostrar/todos";
52 | 	}
53 | 
54 | 
55 | }
56 | 


--------------------------------------------------------------------------------
/SpringSecurity4/src/expedientesx/controlador/OyenteSesion.java:
--------------------------------------------------------------------------------
 1 | package expedientesx.controlador;
 2 | 
 3 | import javax.servlet.annotation.WebListener;
 4 | import javax.servlet.http.HttpSessionEvent;
 5 | import javax.servlet.http.HttpSessionListener;
 6 | 
 7 | @WebListener
 8 | public class OyenteSesion implements HttpSessionListener {
 9 | 
10 |     public OyenteSesion() {
11 |     }
12 | 
13 |     public void sessionCreated(HttpSessionEvent arg0)  { 
14 |     	System.out.println("SESIÓN CREADA");
15 |     }
16 | 
17 |     public void sessionDestroyed(HttpSessionEvent ev)  { 
18 |     	System.out.println("SESIÓN INVALIDADA");
19 |     }
20 | 	
21 | }
22 | 


--------------------------------------------------------------------------------
/SpringSecurity4/src/expedientesx/modelo/entidad/Expediente.java:
--------------------------------------------------------------------------------
 1 | package expedientesx.modelo.entidad;
 2 | 
 3 | public class Expediente {
 4 | 	public static final long NUEVO_EXPEDIENTE = -1L;
 5 | 	private Long id = NUEVO_EXPEDIENTE;
 6 | 	private String titulo;
 7 | 	private String informe;
 8 | 	private String imagen;
 9 | 	private String investigador;
10 | 	private boolean clasificado;
11 | 
12 | 	public Expediente() {
13 | 	}
14 | 
15 | 	public Expediente(String titulo, String informe, String imagen,
16 | 			String investigador, boolean clasificado) {
17 | 		this.titulo = titulo;
18 | 		this.informe = informe;
19 | 		this.imagen = imagen;
20 | 		this.investigador = investigador;
21 | 		this.clasificado = clasificado;
22 | 	}
23 | 
24 | 	public Long getId() {
25 | 		return id;
26 | 	}
27 | 
28 | 	public void setId(Long id) {
29 | 		this.id = id;
30 | 	}
31 | 
32 | 	public String getTitulo() {
33 | 		return titulo;
34 | 	}
35 | 
36 | 	public void setTitulo(String titulo) {
37 | 		this.titulo = titulo;
38 | 	}
39 | 
40 | 	public String getInforme() {
41 | 		return informe;
42 | 	}
43 | 
44 | 	public void setInforme(String informe) {
45 | 		this.informe = informe;
46 | 	}
47 | 
48 | 	public String getImagen() {
49 | 		return imagen;
50 | 	}
51 | 
52 | 	public void setImagen(String imagen) {
53 | 		this.imagen = imagen;
54 | 	}
55 | 
56 | 	public String getInvestigador() {
57 | 		return investigador;
58 | 	}
59 | 
60 | 	public void setInvestigador(String investigador) {
61 | 		this.investigador = investigador;
62 | 	}
63 | 
64 | 	public boolean isClasificado() {
65 | 		return clasificado;
66 | 	}
67 | 
68 | 	public void setClasificado(boolean clasificado) {
69 | 		this.clasificado = clasificado;
70 | 	}
71 | 
72 | 	@Override
73 | 	public String toString() {
74 | 		return "Expediente [id=" + id + ", titulo=" + titulo + ", informe="
75 | 				+ informe + ", imagen=" + imagen + ", investigador=" + investigador
76 | 				+ ", clasificado=" + clasificado + "]";
77 | 	}
78 | 
79 | }
80 | 


--------------------------------------------------------------------------------
/SpringSecurity4/src/expedientesx/modelo/negocio/GestorExpedientesImpl.java:
--------------------------------------------------------------------------------
 1 | package expedientesx.modelo.negocio;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import org.springframework.beans.factory.annotation.Autowired;
 6 | import org.springframework.stereotype.Service;
 7 | 
 8 | import expedientesx.modelo.entidad.Expediente;
 9 | import expedientesx.modelo.persistencia.ExpedientesDao;
10 | 
11 | @Service
12 | public class GestorExpedientesImpl implements GestorExpendientes {
13 | 	
14 | 	@Autowired
15 | 	private ExpedientesDao expedientesDao;
16 | 
17 | 	public void actualizar(Expediente expediente) {
18 | 		expedientesDao.guardar(expediente);
19 | 		System.out.println("Actualizado Expediente: " + expediente);
20 | 	}
21 | 
22 | 	public void clasificar(Expediente expediente) {
23 | 		if (!expediente.isClasificado()) {
24 | 			expediente.setClasificado(true);
25 | 			actualizar(expediente);
26 | 			System.out.println("Expediente Clasificado: " + expediente);
27 | 		}
28 | 	}
29 | 
30 | 	public void desclasificar(Expediente expediente) {
31 | 		if (expediente.isClasificado()) {
32 | 			expediente.setClasificado(false);
33 | 			actualizar(expediente);
34 | 			System.out.println("Expediente Desclasificado: " + expediente);
35 | 		}
36 | 	}
37 | 
38 | 	public List<Expediente> listarTodos() {
39 | 		List<Expediente>expedientes=expedientesDao.listar();
40 | 		System.out.println("Mostrar "+expedientes.size()+" Expedientes: " + expedientes.toString());
41 | 		return expedientes;
42 | 	}
43 | 
44 | 	public Expediente mostrar(Long id) {
45 | 		Expediente expediente=expedientesDao.buscar(id);
46 | 		System.out.println("Mostrar Expediente: " + expediente.toString());
47 | 		return expediente;
48 | 	}
49 | 
50 | }
51 | 


--------------------------------------------------------------------------------
/SpringSecurity4/src/expedientesx/modelo/negocio/GestorExpendientes.java:
--------------------------------------------------------------------------------
 1 | package expedientesx.modelo.negocio;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import org.springframework.security.access.prepost.PostAuthorize;
 6 | import org.springframework.security.access.prepost.PostFilter;
 7 | import org.springframework.security.access.prepost.PreAuthorize;
 8 | 
 9 | import expedientesx.modelo.entidad.Expediente;
10 | 
11 | public interface GestorExpendientes {
12 | 	
13 | 	//@Secured("ROLE_AGENTE_ESPECIAL,ROLE_DIRECTOR")
14 | 	//@PreAuthorize("hasRole('ROLE_DIRECTOR')")
15 | 	void clasificar(Expediente expediente);
16 | 
17 | 	//@Secured("ROLE_AGENTE_ESPECIAL,ROLE_DIRECTOR")
18 | 	//@RolesAllowed("ROLE_AGENTE_ESPECIAL,ROLE_DIRECTOR")
19 | 	//@PreAuthorize("hasRole('ROLE_DIRECTOR') "+
20 | 	//		      "or #expediente.investigador == authentication.name")
21 | 	void desclasificar(Expediente expediente);
22 | 
23 | 	//@PostFilter("not filterObject.informe.contains(principal.username)")
24 | 	List<Expediente> listarTodos();
25 | 
26 | 	//@PreAuthorize("hasAnyRole('ROLE_AGENTE_ESPECIAL','ROLE_DIRECTOR')")
27 | 	//@PostAuthorize("hasRole('ROLE_DIRECTOR') "
28 | 	//		+ "or returnObject.investigador == authentication.name")
29 | 	Expediente mostrar(Long id);
30 | }
31 | 
32 | 
33 | 
34 | 
35 | 


--------------------------------------------------------------------------------
/SpringSecurity4/src/expedientesx/modelo/persistencia/ExpedientesDao.java:
--------------------------------------------------------------------------------
 1 | package expedientesx.modelo.persistencia;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import expedientesx.modelo.entidad.Expediente;
 6 | 
 7 | public interface ExpedientesDao {
 8 | 	Expediente buscar(Long id);
 9 | 	List<Expediente> listar();
10 | 	void guardar(Expediente expediente);
11 | 	void borrar(Expediente expediente);
12 | }
13 | 


--------------------------------------------------------------------------------
/SpringSecurity4/src/expedientesx/modelo/persistencia/ExpedientesDaoImpl.java:
--------------------------------------------------------------------------------
 1 | package expedientesx.modelo.persistencia;
 2 | 
 3 | import java.util.ArrayList;
 4 | import java.util.HashMap;
 5 | import java.util.List;
 6 | import java.util.Map;
 7 | 
 8 | import org.springframework.beans.factory.InitializingBean;
 9 | import org.springframework.stereotype.Repository;
10 | 
11 | import expedientesx.modelo.entidad.Expediente;
12 | 
13 | @Repository
14 | public class ExpedientesDaoImpl implements ExpedientesDao, InitializingBean {
15 | 	private Long id = 0L;
16 | 	private Map<Long, Expediente> expedientes = new HashMap<Long, Expediente>();
17 | 
18 | 	public Expediente buscar(Long id) {
19 | 		return expedientes.get(id);
20 | 	}
21 | 
22 | 	public List<Expediente> listar() {
23 | 		return new ArrayList<Expediente>(expedientes.values());
24 | 	}
25 | 
26 | 	public void guardar(Expediente expediente) {
27 | 		if (expediente.getId() == Expediente.NUEVO_EXPEDIENTE) {
28 | 			expediente.setId(id++);
29 | 		}
30 | 		expedientes.put(expediente.getId(), expediente);
31 | 	}
32 | 
33 | 	public void borrar(Expediente expediente) {
34 | 		if(expediente.getId()!=null){
35 | 			expedientes.remove(expediente.getId());
36 | 		}
37 | 	}
38 | 
39 | 	@Override
40 | 	public void afterPropertiesSet() throws Exception {
41 | 		guardar(new Expediente("El Niño Murciélago","En 2004, medía cinco metros de altura y su peso era desconocido. Cambia sus alas cada tres años, y regenera un nuevo par.", "imagenes/batboy.jpg", "Mulder", true));
42 | 		guardar(new Expediente("Avistamiento Big Foot","Bigfoot se describe en los informes como una gran peluda criatura simiesca, que oscila entre 6-10 pies de altura  (3.2 m), con un peso de m�s de 500 libras (230 kg), y cubierto de pelo marr�n rojizo oscuro u oscuro. ", "imagenes/bigfoot.jpg", "Scully", false));
43 | 		guardar(new Expediente("Elvis esta vivo","Se asegura que el cantante estadounidense de rock no habr�a muerto realmente en 1977, y que vivir�a de incógnito viajando por el mundo. Dónde ha sido visto Elvis? En Montana, Cambridge, Southampton,...", "imagenes/elvis.jpg", "Mulder", false));
44 | 		guardar(new Expediente("Abduciones por Alien","El 27 de noviembre de 1973, Samantha Mulder desaparece misteriosamente. Es abducida mientras juega con su hermano, estando sus padres esa noche fuera de casa.", "imagenes/alien.jpg", "Scully", true));
45 | 	}
46 | }
47 | 


--------------------------------------------------------------------------------
/SpringSecurity4/src/expedientesx/util/BotonVolverFilter.java:
--------------------------------------------------------------------------------
 1 | package expedientesx.util;
 2 | 
 3 | import java.io.IOException;
 4 | import java.util.Date;
 5 | 
 6 | import javax.servlet.FilterChain;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.http.HttpServletRequest;
 9 | import javax.servlet.http.HttpServletResponse;
10 | 
11 | import org.springframework.web.filter.OncePerRequestFilter;
12 | 
13 | public class BotonVolverFilter extends OncePerRequestFilter {
14 | 
15 | 	@Override
16 | 	protected void doFilterInternal(HttpServletRequest request,
17 | 			HttpServletResponse response, FilterChain chain)
18 | 			throws ServletException, IOException {
19 | 		response.setHeader("Expires", "Tue, 03 Jul 2001 06:00:00 GMT");
20 | 		response.setHeader("Last-Modified", new Date().toString());
21 | 		response.setHeader("Cache-Control",
22 | 				"no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0");
23 | 		response.setHeader("Pragma", "no-cache");
24 | 
25 | 		chain.doFilter(request, response);
26 | 	}
27 | 
28 | }
29 | 


--------------------------------------------------------------------------------
/SpringSecurity4/src/expedientesx/util/HorarioVoter.java:
--------------------------------------------------------------------------------
 1 | package expedientesx.util;
 2 | 
 3 | import java.util.Calendar;
 4 | import java.util.Collection;
 5 | 
 6 | import org.springframework.security.access.AccessDecisionVoter;
 7 | import org.springframework.security.access.ConfigAttribute;
 8 | import org.springframework.security.core.Authentication;
 9 | 
10 | public class HorarioVoter implements AccessDecisionVoter<Object> {
11 | 
12 | 	@Override
13 | 	public boolean supports(ConfigAttribute configAttribute) {
14 | 		return true;
15 | 	}
16 | 
17 | 	@Override
18 | 	public boolean supports(Class<?> clazz) {
19 | 		return true;
20 | 	}
21 | 
22 | 	@Override
23 | 	public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) {
24 | 		int voto=AccessDecisionVoter.ACCESS_DENIED;
25 | 		int minutoActual = Calendar.getInstance().get(Calendar.MINUTE);
26 | 		
27 | 		if (minutoActual%2==0){
28 | 			voto=AccessDecisionVoter.ACCESS_GRANTED;
29 | 		}
30 | 		System.out.println("=======================================================");
31 | 		System.out.println("=======================================================");
32 | 		System.out.println("=======================================================");
33 | 		System.out.println("=======================================================");
34 | 		System.out.println("=======================================================");
35 | 		System.out.println("=======================================================");
36 | 		System.out.println("Votando: "+voto +" para el minuto "+minutoActual);
37 | 		return voto;
38 | 	}
39 | 
40 | }
41 | 


--------------------------------------------------------------------------------
/SpringSecurity4/src/expedientesx/util/PasswordEncoderGenerator.java:
--------------------------------------------------------------------------------
 1 | package expedientesx.util;
 2 | 
 3 | import java.util.Scanner;
 4 | 
 5 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 6 | 
 7 | public class PasswordEncoderGenerator {
 8 | 
 9 | 	public static void main(String[] args) {
10 | 
11 | 	
12 | 		Scanner sc = new Scanner(System.in);
13 | 		System.out.println("Introduzca la clave:");
14 | 		String password = sc.nextLine();
15 | 		BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
16 | 		String hashedPassword = passwordEncoder.encode(password);
17 | 
18 | 		System.out.println(hashedPassword);
19 | 
20 | 	}
21 | }


--------------------------------------------------------------------------------
/SpringSecurity4/src/expedientesx/util/RecordarLoginFilter.java:
--------------------------------------------------------------------------------
 1 | package expedientesx.util;
 2 | 
 3 | import java.io.IOException;
 4 | 
 5 | import javax.servlet.FilterChain;
 6 | import javax.servlet.ServletException;
 7 | import javax.servlet.http.Cookie;
 8 | import javax.servlet.http.HttpServletRequest;
 9 | import javax.servlet.http.HttpServletResponse;
10 | 
11 | import org.springframework.web.filter.OncePerRequestFilter;
12 | 
13 | public class RecordarLoginFilter extends OncePerRequestFilter {
14 | 
15 | 	@Override
16 | 	protected void doFilterInternal(HttpServletRequest request,
17 | 			HttpServletResponse response, FilterChain chain)
18 | 			throws ServletException, IOException {
19 | 		String login = request.getParameter("j_username");
20 | 		if(login!=null&&!login.isEmpty()){
21 | 			System.out.println("RecordarLoginFilter  login:"+login);
22 | 			response.addCookie(new Cookie("SPRING_SECURITY_LAST_USERNAME", login));
23 | 		}
24 | 		chain.doFilter(request, response);
25 | 	}
26 | 
27 | }
28 | 


--------------------------------------------------------------------------------
/SpringSecurity4/target/classes/expedientesx/cfg/AppInitializer.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/target/classes/expedientesx/cfg/AppInitializer.class


--------------------------------------------------------------------------------
/SpringSecurity4/target/classes/expedientesx/cfg/Configuracion.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/target/classes/expedientesx/cfg/Configuracion.class


--------------------------------------------------------------------------------
/SpringSecurity4/target/classes/expedientesx/cfg/ConfiguracionMVC.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/target/classes/expedientesx/cfg/ConfiguracionMVC.class


--------------------------------------------------------------------------------
/SpringSecurity4/target/classes/expedientesx/controlador/ControladorExpedientes.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/target/classes/expedientesx/controlador/ControladorExpedientes.class


--------------------------------------------------------------------------------
/SpringSecurity4/target/classes/expedientesx/controlador/OyenteSesion.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/target/classes/expedientesx/controlador/OyenteSesion.class


--------------------------------------------------------------------------------
/SpringSecurity4/target/classes/expedientesx/modelo/entidad/Expediente.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/target/classes/expedientesx/modelo/entidad/Expediente.class


--------------------------------------------------------------------------------
/SpringSecurity4/target/classes/expedientesx/modelo/negocio/GestorExpedientesImpl.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/target/classes/expedientesx/modelo/negocio/GestorExpedientesImpl.class


--------------------------------------------------------------------------------
/SpringSecurity4/target/classes/expedientesx/modelo/negocio/GestorExpendientes.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/target/classes/expedientesx/modelo/negocio/GestorExpendientes.class


--------------------------------------------------------------------------------
/SpringSecurity4/target/classes/expedientesx/modelo/persistencia/ExpedientesDao.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/target/classes/expedientesx/modelo/persistencia/ExpedientesDao.class


--------------------------------------------------------------------------------
/SpringSecurity4/target/classes/expedientesx/modelo/persistencia/ExpedientesDaoImpl.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/target/classes/expedientesx/modelo/persistencia/ExpedientesDaoImpl.class


--------------------------------------------------------------------------------
/SpringSecurity4/target/classes/expedientesx/util/BotonVolverFilter.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/target/classes/expedientesx/util/BotonVolverFilter.class


--------------------------------------------------------------------------------
/SpringSecurity4/target/classes/expedientesx/util/HorarioVoter.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/target/classes/expedientesx/util/HorarioVoter.class


--------------------------------------------------------------------------------
/SpringSecurity4/target/classes/expedientesx/util/PasswordEncoderGenerator.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/target/classes/expedientesx/util/PasswordEncoderGenerator.class


--------------------------------------------------------------------------------
/SpringSecurity4/target/classes/expedientesx/util/RecordarLoginFilter.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lrag/SpringSecurity/aa5cc9e6063fe61b9b2242cdf0e56914efda0aa4/SpringSecurity4/target/classes/expedientesx/util/RecordarLoginFilter.class


--------------------------------------------------------------------------------
/SpringSecurity4/target/m2e-wtp/web-resources/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Built-By: uno
3 | Build-Jdk: 1.8.0_181
4 | Created-By: Maven Integration for Eclipse
5 | 
6 | 


--------------------------------------------------------------------------------
/SpringSecurity4/target/m2e-wtp/web-resources/META-INF/maven/SpringSecurity4/SpringSecurity4/pom.properties:
--------------------------------------------------------------------------------
1 | #Generated by Maven Integration for Eclipse
2 | #Sun Mar 31 12:07:50 CEST 2019
3 | version=0.0.1-SNAPSHOT
4 | groupId=SpringSecurity4
5 | m2e.projectName=SpringSecurity4
6 | m2e.projectLocation=D\:\\JAVA\\workspaces\\SeguridadWeb\\ws_seguridad_2018_mejoras\\SpringSecurity4
7 | artifactId=SpringSecurity4
8 | 


--------------------------------------------------------------------------------
/SpringSecurity4/target/m2e-wtp/web-resources/META-INF/maven/SpringSecurity4/SpringSecurity4/pom.xml:
--------------------------------------------------------------------------------
  1 | <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  2 | 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  3 | 	<modelVersion>4.0.0</modelVersion>
  4 | 	<groupId>SpringSecurity4</groupId>
  5 | 	<artifactId>SpringSecurity4</artifactId>
  6 | 	<version>0.0.1-SNAPSHOT</version>
  7 | 	<packaging>war</packaging>
  8 | 	<build>
  9 | 		<sourceDirectory>src</sourceDirectory>
 10 | 		<plugins>
 11 | 			<plugin>
 12 | 				<artifactId>maven-compiler-plugin</artifactId>
 13 | 				<version>3.8.0</version>
 14 | 				<configuration>
 15 | 					<source>1.8</source>
 16 | 					<target>1.8</target>
 17 | 				</configuration>
 18 | 			</plugin>
 19 | 			<plugin>
 20 | 				<artifactId>maven-war-plugin</artifactId>
 21 | 				<version>3.2.2</version>
 22 | 				<configuration>
 23 | 					<warSourceDirectory>WebContent</warSourceDirectory>
 24 | 					<failOnMissingWebXml>false</failOnMissingWebXml>
 25 | 				</configuration>
 26 | 			</plugin>
 27 | 		</plugins>
 28 | 	</build>
 29 | 
 30 | 	<properties>
 31 | 
 32 | 		<!-- Generic properties -->
 33 | 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 34 | 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 35 | 
 36 | 		<!-- Web 
 37 | 		<jsp.version>2.2</jsp.version>
 38 | 		<servlet.version>3.1</servlet.version>
 39 | 		-->
 40 | 		<jstl.version>1.2</jstl.version>
 41 | 
 42 | 		<!-- Spring -->
 43 | 		<spring-framework.version>4.2.6.RELEASE</spring-framework.version>
 44 | 		<springsecurity.version>4.1.0.RELEASE</springsecurity.version>
 45 | 
 46 | 		<!-- Logging -->
 47 | 		<logback.version>1.0.13</logback.version>
 48 | 		<slf4j.version>1.7.5</slf4j.version>
 49 | 
 50 | 	</properties>
 51 | 
 52 | 	<dependencies>
 53 | 
 54 | 		<!-- Spring MVC -->
 55 | 		<dependency>
 56 | 			<groupId>org.springframework</groupId>
 57 | 			<artifactId>spring-webmvc</artifactId>
 58 | 			<version>${spring-framework.version}</version>
 59 | 		</dependency>
 60 | 
 61 | 		<!-- Other Web dependencies -->
 62 | 		<dependency>
 63 | 			<groupId>javax.servlet</groupId>
 64 | 			<artifactId>jstl</artifactId>
 65 | 			<version>${jstl.version}</version>
 66 | 		</dependency>
 67 | 
 68 | 		<!-- Logging with SLF4J & LogBack -->
 69 | 		<dependency>
 70 | 			<groupId>org.slf4j</groupId>
 71 | 			<artifactId>slf4j-api</artifactId>
 72 | 			<version>${slf4j.version}</version>
 73 | 			<scope>compile</scope>
 74 | 		</dependency>
 75 | 		<dependency>
 76 | 			<groupId>ch.qos.logback</groupId>
 77 | 			<artifactId>logback-classic</artifactId>
 78 | 			<version>${logback.version}</version>
 79 | 			<scope>runtime</scope>
 80 | 		</dependency>
 81 | 
 82 | 		<!-- Spring security -->
 83 | 		<dependency>
 84 | 			<groupId>org.springframework.security</groupId>
 85 | 			<artifactId>spring-security-web</artifactId>
 86 | 			<version>${springsecurity.version}</version>
 87 | 		</dependency>
 88 | 		<dependency>
 89 | 			<groupId>org.springframework.security</groupId>
 90 | 			<artifactId>spring-security-config</artifactId>
 91 | 			<version>${springsecurity.version}</version>
 92 | 		</dependency>
 93 | 		<dependency>
 94 | 			<groupId>org.springframework.security</groupId>
 95 | 			<artifactId>spring-security-taglibs</artifactId>
 96 | 			<version>${springsecurity.version}</version>
 97 | 		</dependency>
 98 | 
 99 | 	</dependencies>
100 | 
101 | 
102 | 
103 | 
104 | </project>


--------------------------------------------------------------------------------
/readme.txt:
--------------------------------------------------------------------------------
1 | El fichero de pasos a seguir asi como el keystore se encuentran en
2 | 
3 | WebContent/META-INF/pasos.txt
4 | 
5 | Luis Ramón Álvarez González
6 | Pronoide S.L.
7 | 
8 | 


--------------------------------------------------------------------------------