Im a spring newby (been baby sitting an ERP tool for the past 5 years). Anyway, I've got a few of the sample apps (petstore/etc) running, got spring security basics figured out, and am ready to start a new project. My question is, are there any best practices for "breaking apart" the site into different webapps. For example, the proje...
Is there a "getCurrentUser" method in Spring to access the user that is currently part of a request - even if that user's name is not being passed around as part of a web request? ...
This is more of a discussion, rather than a real question... I'm building a site and I am struggling with how to force a user to login to the site to access certain areas and take certain actions. I'm using spring security and have it integrated fairly well, however, I also have some AJAX calls that need to be secured and when Spring Se...
I am trying to use the commentable plugin with Spring Security. I can't manage to write the right grails.commentable.poster.evaluator I tried {User.get(springSecurityService.principal.id)}, but from the CommentController, both User and springSecurity seems unaccessible. What should I do? ...
For logging purposes, I'd like to create a logger that automatically adds the current session's ID to logged lines. For logged in users this isn't a problem: ((WebAuthenticationDetails) SecurityContextHolder.getContext().getAuthentication().getDetails()) .getSessionId() The problem is, before the user has logged in getAuthenticat...
I'm trying to do an or in an @PostAuthorize and I keep getting Failed to evaluate expression 'returnObject.login == principal.username or hasPermission(returnObject,'read')' It works fine if my logged in user has the same username as the returnObject field. The second part after the or worked fine by itself but I need to check for bot...
Hi all, I've implemented a Jaas Login Module, in order to perform authentication. I must access database to retrieve user/pass information within this module. In the same project, there exists some DAO bean's implemented, but it's impossible to access Spring context from the jaas login module, to retrieve the DAO bean. ¿Anyone could h...
I cannot find a complete example anywhere of a Spring Security Web App with Open Id registration similar to stackoverflows. I would say I'm pretty techy guy but I find Spring Security extremely intimidating with its weird Spring XML DSL. I have found bits and pieces of how one would do the good ole' stackoverflow registration using: ...
I need add two custom filters for FORM_LOGIN_FILTER, e.g. <custom-filter after="FORM_LOGIN_FILTER" ref="myUsernamePasswordAuthenticationFilter" /> <custom-filter after="FORM_LOGIN_FILTER" ref="myUsernamePasswordAuthenticationFilter2" /> What I expect the filter sequences is: 1. Predefind FORM_LOGIN_FILTER 2. myUsernamePasswordAuthent...
I've been trying to figure out how to get a basic HTTP Basic auth pop-up on a particular controller and its methods but can't seem to figure it out. The examples and documentation seem to all use XML configuration and I'm configuring my app entirely with annotations. I just need a simple, hard coded username/password login. Any suggestio...
I was using annotated configuration for my Spring web app and then had to mix XML with it so that I could use Spring Security. I annotated one of my configuration classes with @ImportResource("security-config.xml") to load the security config. The configuration beans are being created just fine. My web.xml looks like so: <?xml version="...
Hi, Im working on a legacy grails application. I have a couple of tables like this User ( id, name,enterprise_id) Enterprise (id, name) Asset (id,description, enterprise_id) I want to validate that when a certain user wants to access an asset, it has the right enterprise_id (i.e That the user belongs to the same enterprise as the a...
Hello, I have a Spring-WS service using PayloadRootAnnotationMethodEndpointMapping that has several interceptors: <bean class="org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping"> <property name="interceptors"> <list> <ref local="loggingInterceptor"/> <r...
I have my Spring MVC & Spring Security up and running as suggested by Spring's own reference application "petclinic". Everything's fine except that the login does not persist a browser restart. What has to be considered to make sure a logged in user does not need to relogin after browser restart? ...
I have a web-app configured with spring security which gets users and roles from an ldap tree. I have a dn ou=User,dc=application for users and, for role, ou=Groups,dc=application . Every role is an entry in the second subtree and the association is made by attribute member in role entry. Actually i have 5 different role access (ROLE_...
Hi everyone, I'm currently building an application that needs to be scalable, and therefor I'm interested in distributed caching and not replicated caching. We will be using memcache for common cache use cases. However Hibernate and Spring Security ACL both rely on EhCache which doesn't seem to have the same replication scheme as memca...
I am trying to restrict a user from signing more than once (forcing the previous session to expire). I've checked the documentation on the subject here. I've set this up very similar to the documentation, but users are not being restricted to one session at a time. I can log in multiple times (in different browsers) with the same user a...
We're building a web application that is available to both authenticated and anonymous users. If you decide not to register/login you only have a limited set of features. User authentication is done over OpenID with Spring Security. That works fine. However, the application also comes with an admin UI that is deployed at <host>/<context...
I have an AuthenticationManager with multiple AuthenticationProviders. That works very well, the first AP that can auth² the Authentication authenticates the user and if none can, the user is refused. Now I have an a bit more special case, and I need to find out which AuthenticationProvider authenticated a user that was authenticated su...
Combination of corporateId and username is unique for us in the user table. I know spring provide a mechanism to write custom query for the authentication. <bean id="authenticationDao" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl"> <property name="dataSource" ref bean="dataSource" /> <property name="usersByUsername...