which object in the application context i should use to direct user from / to the login page? <http use-expressions="true"> <intercept-url pattern="/" access="permitAll" /> <intercept-url pattern="/login/**" filters="none" /> <intercept-url pattern="/static/**" filters="none" /> <intercept-url pattern="/**" access="isAuthenticat...
i am using spring security and i am wondering how to change the default login form i have found out that i need to point to my new form location. i want to keep the existing functions of the existing default form that has all the login exception display. so i must know how to reproduce it first. in my research i come across with it ...
I'm curious how does Remember Me work and how does it work in Spring Security? I understand that server sends long-lived cookies to the client. And then client sends cookie back and server can recognize the client because there's something like hash-map on the server with relations cookie --> session. I don't understand how does the se...
What I have is: <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="securityService"/> </authentication-manager> As I understand, the default AuthenticationManager implementation is used. I need to override its method authenticate. Is there a way to provide my own AuthenticationManager...
i am working on spring security. but the j_spring_security serlvet seems not working. how do i debug the problem, or at least look for the root cause? i dont see any useful log files... <?xml version="1.0" encoding="UTF-8"?> <!-- - Sample namespace-based configuration - --> <beans:beans xmlns="http://www.springframework.org/sc...
Grails 1.3.1 spring-security-core 0.4 jQuery 1.4.x I need to figure out how to check security permissions on ajax requests. For example, I have a calendar displayed in a tab using the FullCalendar jQuery plugin. When I double click a day I display a New Event screen in a new tab. This is done like so: $(tabId).load(contextPath + '/e...
I have a custom-authentication-provider defined in my Spring Security configuration. This class implements AuthenticationProvider, and I can successfully log in using the form defined on my page. The issue is I want to call this class not just on the login page, but from the registration page as well. The registration page uses a dif...
I am working on a webapp which uses Spring security 2.0 (not the new one), which we don't have the Java sources, but we do have access to the jsp. What is the easiest way to tell if a user is authenticated (any role will do) from the jsp? Basically I want to display a different link depending on whether a user logged in or not. ...
This handy link shows how to make a form that replaces the built-in spring security login form in 2.5.6. Can anyone illuminate the corresponding question for 3.0.3? Something has changed, the old form does not work. When I click on submit it comes back to the login page with the error flag, and the username changes from what I type to '...
Has anyone had any real success in seamlessly propagating a Spring Security context using Spring Remoting (HttpInvoker) and a RemoteAuthenticationManager? I'm really frustrated that support in Spring seems very limited when it comes to dealing with RemoteAuthenticationExceptions. When dealing with local AuthenticationExceptions, everyth...
Hi, I'm trying to return some custom Authentication data using the details and/or the principal fields from that interface (org.springframework.security.core.Authentication) but nothing happens. The data returned on the other side of the Channel Set includes only the name and the authorities list (as Strings), and it's not useful enoug...
We're developing an app (using Grails Spring Security (formerly Acegi)) in which we'll have thousands of users that span 10-15 discreet user types. In the current system, each user type equates to a "group", and the specific roles and permissions are tied to the group. The user gets all their "roles" from the group. For example, we mi...
Hi I'm doing some proof-of-concept work with Spring MVC and security. So far I've managed to write a simple web-app which has a secure webpage which requires a user to login and have the correct role before accessing the database and listing some data. I'm using Spring 2.0.8 by the way. What I require is that, after the user has logged o...
Hi, I google it but connot find a good tutorial both cover Spring Security and Google App Engine but does not cover maven. Do you know some tutorial like that? Thanks. ...
Hello, I have a Spring 3 application with Spring Security. I need to do some proccessing in almost all the urls of my application. The proccesing is different depending on the user which is logged-in. I had though of doing it by using a Spring filter but I cannot access SecurityContextHolder.getContext().getAuthentication().getPrincip...
Hi everyone, I am new to Spring (formerly a Struts guru) and I've decide to change all my code to Spring for the reason being that Spring is more Service-Oriented (and the possibility that I might also include a RESTful application form the same project is a possible option). As for now, in Struts, there was an SSL plugin to create a ...
Hi everyone, I have a question. In Struts, I have an Action that deals with user authentication, i.e., I took the user's credentials and used a DAO to validate user credentials. I want to maintain the same setup in Spring. I'm using Spring 3.0.3 RELEASE. My question is, I've read Spring Security and in there it specifies JDBC backend "...
Hello - I have a Spring MVC Web app that I'd like to show a simple Welcome Page (index.html). On that page, I just to have a 2 href links: one to bring me to the Login Page that is then implemented using Spring Security (2.5.6) and Hibernate 3 and the other to a Registration Page for new users. However, the problem is that Spring Secu...
We're using Spring Security to control access to some services. It is working fine for 95% of the classes. However, there are two classes where the security annotations are being ignored completely. The security interceptor is not in the list of interceptors for those two classes when the services are called at runtime. As far as I can...
what's the problem???? package com.sqlmap; import java.sql.ResultSet; import java.sql.SQLException; import java.util.Collection; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import javax.sql.DataSource; import org.springframework.beans...