I'm using Spring 3.0 along with Spring Security. I've always used the following configuration: <form-login login-page="/login" authentication-failure-url="/login?error=credentials" default-target-url="/account" login-processing-url="/security_check"/> So when the user doesn't login correctly, they go to /login. Now I have a logi...
I recently ran into a situation where I wanted to implement Grails + Spring Security over an existing database schema. The Database already had a users table, a roles based table and the relationship roles+user table. I am able to map the users domain to the existing schema.. but where I am running into problems is when trying to tie...
In our JSP pages, we use extensively. Works great, rewrites the URL to deal with sessionids, contexts, etc. But now we need to do some of this work inside a class that takes an HttpServletRequest and HttpServletResponse as part of the Spring Security specification. How do I apply a type transformation to a path in a servlet? I gues...
I am trying to make use of Spring Security's <remember-me/> authentification. The line in my security context looks like this: <security:remember-me key="89dqj219dn910lsAc12" user-service-ref="jpaUserDetailsService"/> Although I use my own implementation of UserDetailsService (tested & working), I have also tried with the default one...
I am trying to implement DAOs to work with Spring Security database authentication in Hibernate/JPA2. Spring uses following relations and associations in order to represent user & roles: repesented as postgresql create query: CREATE TABLE users ( username character varying(50) NOT NULL, "password" character varying(50) NOT NULL, ...
I want to create a Wicket panel as a replacement for the default (and not so beautiful) Spring Security Login page. The form itself is not a big thing, because it's just HTML, but I also want to view Login errors. I saw many JSP snippets containing ${SPRING_SECURITY_LAST_EXCEPTION} for viewing authentication errors, but how can I access...
Like many websites, I have a login popup on every webpage of my site. Most of these pages are http (non-secure). But the login mechanism has to post to a secure url. All this works great. The problem is the secure url changes in the various dev environments, staging and different production environments. So not too big of a deal, I ...
How would I get Authentication and roles information from a JBoss realm that uses kerberos/SPNEGO from MSAD into a web-app using Spring security 3? Do I need to create a custom AuthenticationProvider or UserdetailsService? I've noticed that Spring Security 2 had container adapters, but they decided it was too much of a pain to keep the...
We're using Spring Security with RequestHeaderAuthenticationFilter, and thus relying on a HTTP header to be set for the user name. On our local machines we don't have the software for authenticating, and thus not the header. When testing with WebDriver or FireFox we can set the header and test correctly, but when manually testing with I...
I have a web application running under Spring 3 with SpringSecurity 2.0.5. To present the user the changes to the site since his last visit, I try to register the time when his session is destroyed. Therefore I registered org.springframework.context.ApplicationListener<HttpSessionDestroyedEvent> and also a javax.servlet.http.HttpSessionL...
I'm trying to implement spring-security to handle authentication and authorization of my web application. I can't get the configuration right. Tomcat trows an error when I deploy the war file. org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.authentication.ProviderMana...
The Spring/BlazeDS documentation is not clear on what happens if you just put <flex:secured /> Within the <flex:message-broker> stanza. That is, do not put any of these in there: <flex:secured-channel channel="my-amf" /> What happens? Will all channels be secured by default? or no channels? Piggyback question: Even if you put i...
applicationContext.xml <bean id="defaultEntryPoint" class="com.spsetia.companyapp.company.services.CustomAuthenticationEntryPoint"> <property name="securityConfiguration" ref="securityConfiguration" /> <!-- Default filter chain proxy --> <property name="proxy" ref="_filterChainProxy" /> </bean> inside web.xml <context-par...
when ntlmprocessingfilter fail (entered wrong username and password), it is forwarded to form-login page. but i cannot get value from j_username in protected UserDetails retrieveUser(String username any idea what i miss out? i found out it work in firefox. but not working in internet explorer ...
I got a web application using the spring-security framework. I setted up a database to store users and their roles, but tomcat gives the following error. 17-sep-2010 11:56:14 org.springframework.beans.factory.xml.XmlBeanDefinitionReader loadBeanDefinitions INFO: Loading XML bean definitions from class path resource [org/springframework/...
It has just occurred to me that when my Flex application does a ChannelSet.login, it is essentially sending the username and password over the wire in an unencrypted form to the BlazeDS server. While I use the binary AMF protocol over an AMFChannel, it would take nothing for somebody to sniff these passwords. Most of my clients do not ...
All I want, is a simple remember-me. I read http://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html What I have done so far: Created my own UserDetailsService to work with Hibernate / JPA. My impl. does not consider any remember-me stuff Considered configuration through appContext <security:remember-m...
Hi, I have a Spring Web MVC application and I want to use RESTful URLs. Regrettably I haven't found any configuration that works for me with Tuckey's UrlRewriteFilter. I'm using the "DefaultAnnotationHandlerMapping" and I added "urlrewritefilter.jsp" to my classpath and copied "urlrewrite.xml" into "/WEB-INF/". I wan't to achieve that ...
Hi all, I'm developing a Java webapp using Spring, Spring Security, Tomcat and MySQL. Right now I'm still in a phase where I'm making fairly frequent changes to the database as well as recreating the database to purge test data. Ultimately, this won't be an issue, but is there a way to have a bean that is instantiated or code that is ...
I've got the Spring Security preauthentication sample configured and working with JBoss. The next step is to somehow get the user information into a flex client GUI. What are some methods that will let me get the Authentication or UserDetails object that's created by spring-security on http access into the flex client? Since I'm loggi...