Is it possible to create a custom @Aspect and apply it to the Classes/Methods within Spring Security (3.0.3)? I'm trying to do some logging of logon/logoff requests and none of my Advices are being triggered. I'm using @AspectJ annotations and here is how I'm decorating my method: @After("execution (* org.springframework.security.aut...
I'm a noob in spring world and trying to get spring/AD combo to work. My config is spring 3.0.3 + spring security 3.0.3 + spring ldap 1.3+ tomcat 6.0 I get the following when i try to access my secure page: Reason: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0]; ...
Can Spring roles only be defined in relative hierarchical terms as in this example? Is there any way to define the roles in absolute terms? <beans:bean id="roleHierarchy" class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl"> <beans:property name="hierarchy"> <beans:value> ROLE_ADMI...
I've been using Spring Security 3.0 for our website login mechanism using a dedicated login webpage. Now I need that login webpage to instead be a lightbox/popup window on every webpage in our site where upon logging in I get an AJAX result whether it was successful or not. What's the best way to go about this with Spring Security and ...
I have an application that is using Spring Security 3.0.3 and OpenID as its main authentication provider. I am curious as to why in my UserDetails Object the "isAccoutNonLocked" method is never called? Is this solely for form-login implementation, or am I missing something? If someone can point me in the right direction on a handler or ...
i know that JCIFS not support ntlm version2 , mean i cannot use spring-nltm to do ntlm2 . in that case, what library should I use with spring to do ntlm2? ref: http://jcifs.samba.org/src/docs/ntlmhttpauth.html (see blue line) from info i get The NTLM HTTP Filter does not and can never support NTLMv2 as it uses a main-in-the-m...
Hello! I read the "Spring Security 3 database authentication with Hibernate"! But I don't know how I should implementate it into my project! In which document I have to set the password/username/drivers/url for the database? I have different column titles like OPERATOR_ID/USR_ID/PASSWORD OPERATOR_ID should be the login name, USR_ID ...
I'm trying to get the custom login form to work with Spring Security 3.0. The default login form works fine with the security configuration below. Then I added the form-login attribute, created the login controller and jsp page to handle the /accounts/logIn URL and now have this problem: when I enter my guest/guest credentials, I am s...
i've been looking over spring security and noticing how its a pretty big package. I'm wondering if it's worth the effort to take the time to ramp up on this. has spring security 2.0+ saved you a large amount of time, or has it simplified your project in any way? ...
I want to show logged in user in main decorator page. i use : <decorator:usePage id="myPage"/> Logged in as:<%= myPage.getRequest().getUserPrincipal().getName()%> <decorator:body/> but not work! ...
Hi, I'm using asynchronous methods in my service (Spring 3 @Async annotation). And I've got a problem - spawned thread doesn't have security context. Cause of it is Spring Security by default uses SecurityContextHolder.MODE_THREADLOCAL strategy for its context holder. But I need to use SecurityContextHolder.MODE_INHERITABLETHREADLOCAL s...
Hi All, I have configured spring security with my flex blazeds application successfully and access to all the beans is now secured. How can I secure access to HTTPService ( servlets) defined in proxy-config.xml. I have tried the following approaches but none worked. 1) In my custom authentication provider i have added the following lin...
Hi all When trying unit tests with Spring Security & Hibernate, none of the security entities "user" or "authorities" are being autocreated. What I have done so far is to write an "user" bo that triggers generation of the appropiate table. However, I am stuck with the authorities: (as advised by http://java.dzone.com/articles/getting-s...
Is there a reason why calling the security authentication property principal.displayName in a decorator would cause a problem? I'm setting it as a variable in a sitemesh decorator: <c:set var="displayName"> <sec:authentication property="principal.displayName" /> </c:set> But it gene...
I added this login link to my Spring app: <a href="<spring:url value="/j_spring_security_login" htmlEscape="true" />"> Sign In </a> My assumption was that because this is a built-in tag for accessing the login page, Spring would know how to associate this with an appropriate handler without me having to specify it explicitly. However...
I have Spring Security 3.0.3 with CAS. Some of my conf follows: <security:http entry-point-ref="casAuthenticationEntryPoint" auto-config="true" > <security:intercept-url pattern="/*/secure/**" access="ROLE_USER" /> <security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter" /> <security:anonymous enabled="fal...
I Googled for this, but I couldn't find an answer anywhere. Why does the Spring 3 Security schema (http://static.springsource.org/spring-security/site/docs/3.1.x/reference/appendix-schema.html) have a username as a primary key instead of an integer guid? People often suggest that using "natural" usernames as your pk is bad practice. ...
Hello i am new to spring. I am trying to connect to ActiveDirectory from my server using Spring-security1.3.0 spring2.0.1. I am using the documentation example (18.4.5) I can see the the LdapAuthenticationProvider object is constructed at page load in the application-context.xml. few Questions: I wonder where and when will the answer f...
HTTP Status 500 - -------------------------------------------------------------------------------- type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception javax.servlet.ServletException: Filter execution threw an exception root cause java...
I'm developing a Grails (Version 1.3.3) Web-Application using the Grails Spring-Security Plugin, Spring-Security-Core-1.0.1 (which, in turn, uses spring-security-3.0.2.RELEASE). I would like to provide Spring-Security annotation-based access control on actions within a controller. I have been able to successfully do basic authenticatio...