I would like to parse standard security expressions like hasRole etc. to get their value in a variable (in a JSP). How can I do that? SpelExpressionParser is the standard EL parser, but I don't think it will parse the security expression. ...
Hey everyone, I'm working on porting part of an existing Spring MVC application over to Wicket. I used the wicket-spring library to get the initial integration working, but now I'm stuck with the best way to integrate my Spring Security implementation. I was wondering if anyone could give me some advice on the best way to handle thi...
I would like to have both form and basic authentication. If the request comes like https://username:[email protected]/ basic authentication is used. If the request comes like https://mysite.com form authentication is used. Is that possible? ...
Hello, I've got a problem logging out in Spring framework. First when I want j_spring_security_logout to handle it for me i get 404 j_spring_security_logout not found: sample-security.xml: <http> <intercept-url pattern="/messageList.htm*" access="ROLE_USER,ROLE_GUEST" /> <intercept-url pattern="/messagePost.htm*" access="ROLE_U...
Is there an easy way to secure RESTful API exposed via Apache CXF's JAX-RS implementation? Are there any hooks for security via Spring Security?. I heard of people using Basic Authentication over HTTPS, but I haven't seen any actual examples. Any ideas would be greatly appreciated. Thanks! ...
Hi, I'd like to test my secure pages with JSFUnit : My Testclass: public class BasicAuthenticationTest extends ServletTestCase { public static Test suite() { return new TestSuite( BasicAuthenticationTest.class ); } public void testBasicAuth() throws IOException, ServletException { WebClientSpec wcSpec = new WebClientSpec...
Hi, I'm new to Acegi. I have it working in its simplest form. I have to login in order to access the protected pages (I followed their tutorial). Now I want to have a DB Log of every successful login. Is there a simple way to do that? Something like forcing a specific action (which I would create and would write the information to the D...
I'm just starting out with spring security and this is what my authentication-manager looks like: <authentication-manager> <authentication-provider user-service-ref="myUserDetailsService"/> </authentication-manager> I'd like spring security to redirect to some dynamic url (to satisfy some other condition) before it tries to authentic...
Can Spring Security use @PreAuthorize on Spring controllers methods? ...
I am trying the example of JSF2+tomcat. When I don't have Spring Security Filter in my web.xml it works fine. <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <u...
Hi, I've written a web applciation for a client in which authentication/authorization is done by spring security based on the 'internal' database. Now, the client has asked to switch to using their Active Directory instead. I'm a green as can be where LDAP is concerned but looking at the sample code and such it doesn't seem too difficul...
There is a demo by IBM that shows how easy Reverse AJAX can be used with DWR 2. On the other hand, Scala/LIFT comes with built-in Reverse AJAX capability. Question: Any experience if this works fine with Spring MVC? Question: If you'd start from scratch, what are the pros and cons for preferring Scala/LIFT over DWR/Spring MVC Question...
I'm using the Java spring framework for security. My pre-existing table layout differs from spring's expected, but I'm allowed to specify a custom authorities-by-username query on the jdbc-user-service. The problem is that this query expects only a single parameter (?) in the SQL statement. Basically, if the user exists in the users t...
How can I add my own logout handler to LogoutFilter in spring-security ? Thanks! ...
Hi, I want to migrate my application from Spring Security 2 to version 3 because of better API. In fact, I've got trouble with custom filters. In Spring Security 2.0 I can have multiple XML contexts with custom filters defined for example like: <bean id="myPreAuthenticatedProcessingFilter" class="test.MyPreAuthenticatedProcessing...
greetings all i have a strange problem with SavedRequest SavedRequest savedRequest = requestCache.getRequest(request, response); String targetUrl = savedRequest.getRedirectUrl(); i have a submit form and when the user try to post and user session is over he goes to the login page then after successful login he passes on a handler in t...
I am trying to follow this to incorporate spring security in the framework http://java.dzone.com/tips/pathway-acegi-spring-security- i hope to make a basic form based authentication, so i think this would be a great pointer. if i am using the spring security 3 libraries, would there be any different? which file is the authentication-...
My grails app is using Spring Security (Acegi). Users can login on /login. after this is successful it redirects to /. if someone now tries get back to the URL /login the browser says "endless redirect, the request could never be ended". in the login controller, action login which shows the login view there is some code if (isLoggedIn...
I have two small http servers. One using the sun (com.sun.net.httpserver) server and one using an embedded jetty. Now I'm trying to get HTTP digest working on at least the jetty server (well, that was one of the reasons to use jetty instead of sun httpserver). Regardless of which server I utilize the basic setup is done via spring IOC co...
In grails acegi plugin, you can specify the authenticationFailureUrl property in SecurityConfig. Is there a way to get the url that caused the auth failure in the scope of the authenticationFailureUrl? This is not as simple as just getting the request or looking on the params. If there is an auth failure, you get redirected to the a...