tags:

views:

965

answers:

3
Q: 

method @Secured suppose to throw error when no user authenticated yet

my service look like below

@Controller
@GwtRpcEndPoint
public class ServerServiceImpl implements ServerService {

@org.springframework.security.annotation.Secured("ROLE_ADMIN")
public String runGwtSprMvcHibJpaDemo(String s) {

 System.out.println("SecurityContextHolder.getContext()="+SecurityContextHolder.getContext());
 System.out.println("SecurityContextHolder.getContext().getAuthentication()="+SecurityContextHolder.getContext().getAuthentication());
 }

}

my applicationContext.xml

<security:global-method-security secured-annotations="enabled" jsr250-annotations="disabled" />

but when i call the serviceImpl through gwt-rpc, aren't runGwtSprMvcHibJpaDemo suppose to print out security error since user not yet authenticated? Rather, the method runGwtSprMvcHibJpaDemo is executed with output

 SecurityContextHolder.getContext()=org.springframework.security.context.SecurityContextImpl@ffffffff: Null authentication  SecurityContextHolder.getContext().getAuthentication()=null
+1  A: 

Add

<security:http auto-config="true">
        <security:intercept-url pattern="/**" access="ROLE_ADMIN" />
</security:http>

to your xml config and see if that fixes it.

Gandalf  2009-05-29 18:10:15
A: 

i put like what you mentioned but get error ; by the way i trying to follow tutorial at http://seewah.blogspot.com/2009/02/gwt-and-spring-security.html in my service I annotated the method with @Secured("ROLE_ADMIN"); and in my xml, I put <security:global-method-security secured-annotations="enabled" jsr250-annotations="disabled" />

when app is startup is there any log message that i need aware of whether my method already successfully secured by spring?

org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainProxy': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainList': Cannot resolve reference to bean '_rememberMeFilter' while setting bean property 'filters' with key [6]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_rememberMeFilter': Cannot resolve reference to bean '_rememberMeServices' while setting bean property 'rememberMeServices'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_rememberMeServices': Initialization of bean failed; nested exception is org.springframework.security.config.SecurityConfigurationException: No UserDetailsService registered.

cometta  2009-05-30 03:17:08
You need a **UserDetailsService** implementation defined. This is the Spring Security component that takes the users request and add an **AuthenticationToken** (User object) to the request. This is where things like **GrantedAuthorities** (ROLE_ADMIN for example) are created/stored during a request.
Gandalf  2009-06-01 18:13:16
A: 

Define bean in your spring context like:

bean id="userDetailsService" class="packagename.MyUserService">.

Please note that bean name should be extactly same. Spring use this bean internally to start this service.

MyUserService is a implementation of UserDetailsService.

arviarya  2010-08-03 07:47:08

related questions

Stop a event from bubbling in GWT
How can I format text in GWT label widget
GWT FileUpload initial path
Can't compile class calling a method in an interface with a generic list argument
Which effects library should I integrate with GWT?
Client side Callback in GWT
GWT Table that supports sorting, scrolling and filtering
Google Web Toolkit
Extract all string from a java project
http/AJAX (GWT) vs Eclipse gui for thin client deployment
Why does GWT ignore browser locale?
How do I add a type to GWT's Serialization Policy whitelist?
How do I make a gwt-ext window not resize when its content resizes?
Best practice for parameterizing GWT app?
GWT-EXT - What is the best way to widgets to a specific ContentPanel after an event?
GWT or DOJO or something else?
How can I best connect Seam and GWT in a stateful web application?
Biggest GWT Pitfalls?
Creating a fluid panel in GWT to fill the page?
Widget notifying other widget(s)
gwt lazy loading
GWT context.xml in shell mode
Should I use Google Web Toolkit for my new webapp?
how to get locale information on a GWT application
Stand alone charts in GWT