Hello, I have configured my web application with the following config file: <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springfra...
Hi there. I need to pass the user name and password in the URL for a REST web services call. I know that if I pass it this way in Firefox, it works: https://{UserName}:{Password}@api.opsourcecloud.net/oec/0.9/myaccount Is there a proper way to pass user name and password aside from the above example? It's a Spring Security Context?...
I have a web application using Spring 2.5.6 and Spring Security 2.0.4. I have implemented a working login page, which authenticates the user against a web service. The authentication is done by defining a custom authentincation manager, like this: <beans:bean id="customizedFormLoginFilter" class="org.springframework.security.ui.web...
Hello, i tried to search for any previous post related to my issue but couldnt find any. I have a scenario where in page handles 3 different scenarios and one of them not working. This page returns different content depending on if the user is authenticated or anonymous. localhost:8080/myApp/muUrl?test=authenticatedContent - > used for ...
I am considering using Spring Security annotations for my application, with the EL (expression language) feature. For example: @PreAuthorize("hasPermission(#contact, 'admin')") public void deletePermission(Contact contact, Sid recipient, Permission permission); I need the EL capability because I have built my own ACL implementation. ...
I am adding security to my web service and chose to sign the Timestamp and Token. While reading docs I found a lot of examples where they sign the Body of the SOAP message. My question is: what is best to sign? From what I understand signing the Body could lead to performance issues if the Body is pretty large. Thanks. ...
I defined an afterLogoutUrl in my SecurityConfig.groovy. This url is to /logout/back; i put a back method in the LogoutController provided by acegi which redirects to the URL of another app (the other app is the "gatekeeper" app in our space). even though I have the rule /logout/back=IS_AUTHENTICATED_ANONYMOUSLY in my SecurityConfig...
I find that the tag <sec:IfAnyGranted roles="ROLE_ADMIN" > is ignored and on the .xhtml page I am getting following message. The attribute **roles** is not defined in Component's interface Thanks for the help in advance. Reply With Quote ...
This code get's the currently logged in user, using the Spring Security Plugin (acegi): def principalInfo = authenticateService.principal() def person = null if (principalInfo != "anonymousUser" && principalInfo.username) { person = Person.findByUsername(principalInfo.username) } I would then like to do: session.user = person T...
I'm trying to implement Spring 3 Security in a project, but I can not get rid of the following error: SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_methodSecur...
In my application which uses spring security I want to define two different areas both using their own spring security filter-chain. My question is: is it possible to define two regex expressions as follows: every path starting with /foobar/* every other path not starting with /foobar The important part here is that the second path ...
I have an application where I am using spring security along with grails melody. I am planning to run grails melody in production environment, but don't want visitors to have access to it. How should I achieve that ? I tried creating a filter in grails (just showing the sample of what I am trying, not the actual code)- def filters = { ...
We are having trouble getting Spring Security/Kerberos/AD to work for our web app. Our diagnosis is that our AD server sending an NTLM token (we can tell as it starts with "TlRMTVNT.....") to IE and IE is then sending this to our application and it's failing. Our AD server should be sending a Kerberos/SPNEGO token to IE. The "moving par...
I am working to configure Spring-Security with an existing application, for just basic security (i.e. what pages a user can see based on their roles). The question came up wondering if we could set what roles are required for each page in java instead of the ApplicationContext.xml. The idea is to store them in a table in our database, ...
I am new to spring-security in general and am a bit confused. The project I am trying to integrate this with uses X509 certificates to identify users for signing in to the application. There are no usernames or passwords. We validate the certificates are good, and that they have been given access to our app. The question is how do I i...
Hey, I'm using spring 3.0.2 and ApacheDS 1.5.5 and I'm trying to run the embedded server using: The content of the user.s.ldif file is : dn: cn=The Postmaster,dc=example,dc=com objectClass: organizationalRole cn: The Postmaster But I always get this error: 16566 [main] INFO org.apache.directory.server.protocol.shared.store. LdifFil...
How to check user authority or permission in Java Code ? For example - I want to show or hide button for user depending on role. There are annotations like: @PreAuthorize("hasRole('ROLE_USER')") How to make it in Java code? Something like : if(somethingHere.hasRole("ROLE_MANAGER")) { layout.addComponent(new Button("Edit users"));...
One of my colleague in QA team reported a bug to me, the bug said that can't change password to lowercase, otherwise login was rejected,using number or uppercase was all fine. The login system was implemented using acegi 1.0 (now called Spring Security). This was a very strange bug,changing password is done by encrypting the user input ...
After asking: http://stackoverflow.com/questions/3009740/ldap-user-data-caching-on-local-database I want to cache LDAP user data in the application local database to allow fast queries. How may I cache LDAP user data in the local database using Spring Security. ...
Hi everyone, I don't know if there is someone using Tibco Portal Builder with Spring security, or even just Tibco Portal Builder, XD, but I'm goint to ask just in case there is somebody who faced this issue before. Well, I'm developing on a legacy web application built on top of Tibco Portal Builder. It was configured to authenticate u...