I need to create user account registration / login / management components for a Spring backed web application. I'm intending to use Acegi to help with the authentication side of things. Is there a framework / set of components that can help with the boilerplate account validation e-mails, forgotten password handling etc functions? Rela...
Hello, Im trying to integrate RememberMe functionality inside a Spring 3 webapp. The app is working good and doesn't show any other problem. When I enable the "remember me" check, the cookie is correctly created and sent with any request (i've tested it with Firebug and Chrome DevExtensions). When I close and reopen the browser, the C...
Spring security works pretty fine for me, but I cannot understand why I can't limit access to HTML host page. The current situation is that my application starts and I have to handle login problem in gwt code by myself. I'd prefer Spring security to handle this, so when user is not logged, and try to load my /Application.html, he/she is...
Hi guys! I'm trying to implement SSO across several web applications using CAS and Spring Security. Expected case: CAS - http:// localhost:8080/cas/ App A protected content - http: //localhost:8081/cas-client1/secure/index.html App B protected content - http: //localhost:8081/cas-client2/secure/index.html 1) When user access cas-client1...
Hi I would like to ask a question of sample of code for role based acegi authentication. I would like to know where shall I check the role and where shall be pointed. My assumption is that I shall check it in CustomAuthenticationProcessingFilterEntryPoint and pinted to security.xml however I would like to see sample hot to implement that...
How do I convert the following from a link to a button? <h:outputLink value="#{request.contextPath}/j_spring_security_logout">Logout</h:outputLink> If I try and add a navigation rule it can't find j_spring_security_logout... ...
When dealing with Spring Security do you usually store the current user into a session variable or do you hit the DB every single time you want to access some user information? At the moment I do the following but it seems a bit wasteful: public class CurrentUserService { private UserDAO userDAO; public CurrentUserService(Us...
In my application I'm using LDAP authentication. But i'm also have 2 remote services which requires authentication via method login(username, password). The method returns security token which makes me able to invoke another methods, i.e. I should pass security token to service methods as first argument. So I'd like to get these security...
my tapestry4-springntlm application is able to access successfully inside (LAN),internal ip address. but when we set it to external ip address and access it from outside, i get 'blank page' 401. i suspect is because spring security setting. i'm trying to acess http://202.xxx/myapp/app and get 401+blank screen (fail)-see below my appC...
I'm using Spring 2.5.6 and Spring security 2.0. For login attempts I implements the UserDetails class on my User class. So the User class implements isAccountNonLocked() after a wrong login (dispatch the AuthenticationFailureBadCredentialsEvent, I handle this with a Eventlistener) Spring called this function from my User class to check ...
Hi, in my test, ium using this lines to connect a user : Authentication userAuthentication = new UsernamePasswordAuthenticationToken("jonh","boul", AuthorityUtils.NO_AUTHORITIES); SecurityContextHolder.getContext().setAuthentication(userAuthentication); Is there's a way to add a listener that will just log in the console "succes...
When using Jasypt's StandardPBEStringEncryptor we have to set password explicitly in spring bean configuration file. Is it ok and secure to have the password in the bean configuration file? Will it be a problem in PCI Compliance to store the encryptor password? ...
Any reference for implementation of 2-legged oauth with spring security ? ...
Is there a way to restrict access to a folder for only the localhost? ...
I've got HTTP Security working in my web application with CAS authentication using Spring Security. However, I'm trying to mix it with method level security for some service methods (specifically GWT RPC), but it doesn't seem to be working. It gets to the point where it executes the @PostAuthorize annotation. However, it doesn't seem to ...
Hi all I have been looking for a way to secure URLs like @RequestMapping("/owners/{ownerId}/pets/new") on user (not role) level, i.e. only owner with ID {ownerId} has access. Moreover, I want to secure RESTful design incl. async access to JSON services on owner level dynamically. My questions: How is this best done with Spring Se...
i experienced this and wonder any suggestion you folks can recommend. i'm using spring-security-ntlm 2.04. one or two users reported even though they set 'prompt for username and password' in their internet explorer. they are redirected to cannotlogin.jsp rather than seeing pop up asking for username and password. <security:http a...
I always get it worked when reference to a bean in an other Spring context XML file but this time is doesn't work: springapp-servlet.xml: <!-- Spring Controllers --> <b:bean id="loginSpringController" class="com.foo.bar.controllers.spring.LoginController"/> <b:alias name="loginSpringController" alias="loginSprController"/> applic...
I'm using a DefaultMessageListenerContainer to consume a JMS message and then invoke a bean that extracts the user-id from SecurityContextHolder.getContext().getAuthentication().getPrincipal() before inserting a record into the database. The user-id is null as you would expect because there is no authenticated principal. Is there a n...
Hi, I'm using Spring Security for securing HTTP requests to a website. The primary usage is for securing pages such that the user is redirected to the login page when trying to access those pages. However, I have a further requirement. In my model, I can flag a user's password as being temporary such that, when they successfully login,...