I am implementing Client certificate authentication with Spring security using tomcat server I have configured tomcat server and added <X-509> tag in my application_context.xml. then i started server. and when i was trying to login i got above exception. Configuration for tomcat : <Connector port="8443" protocol="org.apache.coyote.htt...
I have a grails app that is using jsecurity plugin for authentication. How do I use curl to send my credentials? If I just do curl -u username mysite I get a prompt for a password, then nothing. I tried to do an anyauth command and this is what I got for the site. Any idea why it is returning a 302? dcole@DCOLE-L /cygdrive/c/dev $ cu...
I have a Spring MVC app that does not protect updates of user data with transactions. It assumes that only a single user is accessing the account data for that account at any one time. However, if two users were to log in using the same authentication credentials, it is theoretically possible, although unlikely, for two database upda...
Using Spring Security 3 along with Struts 2 and Tiles 2, I have a login page that appears when it is supposed to and performs the login as expected -- however when I enter bad user credentials I am returned to the login page with no information about what went wrong. I've checked all my configuration parameters and I can't see where the ...
I have a grails application with the spring-security-core plugin installed. Everything works fine locally. I deployed to a staging server and everything worked fine. I deployed to our production server which is a mirror of our staging server. I can get to unprotected pages just fine. But when Spring Security kicks in and tries to do...
I can't seem to find how to get a reference to the Spring Security (V3) SessionRegistry inside of a struts action. I've configured the listener inside of my web.xml file: <listener> <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class> </listener> And I've tried to use the @Autowi...
Hi, I have build a grails application, which on login redirects users to different URLs based on User's role (custom roles defined in roles domain). Now I am trying to integrate Spring Security Core Grails Plugin to the application, so plan to use the plugin's domain model. I understand the auth action in LoginController does the user...
hi, I have a table CompanyList in my Oracle database : CMP_ID INTEGER -- ID of company CMP_NAME VARCHAR2 -- name of company USR_ID INTEGER -- Foreign key to the USERS table i have my Spring 3 MVC app all configured using annotations, my POJOs as well , my DAO objects (CompanyDao) using hibernate to retrieve for exemple a list of comp...
We have a Grails app using Spring Security and are using the method-level annotations for access control. We're just started using the PDF plugin to render pages that have both text and images retrieved from a call to a secure method. The resulting PDF doesn't show the images because the access is being rejected by the controller (pr...
Scenario: We sell J2EE(JBoss+SpringSecurity) software to large corporation which mostly use ActiveDirectory Our J2EE(JBoss) software can be hooked up to ActiveDirectory, however it requires Roles addition into ActiveDirectory i.e. cn=esp_administrator,cn=Roles,o=company,o=com As per my understanding, JBoss will need an account to "bind...
I have a Struts 1.1 web application and now it needs an admin tool. I need /admin/* secured so that only registered users can login and view its content. The data store is MongoDB. Is Spring Security my best option for securing my site? Why? And does anyone know from experience whether Spring Security 3 and Struts 1 works fine t...
I'm attempting to configure spring security to use a service I implemented for authentication. My services and entity manager and all that are configured with annotations. I don't want to move all of the service, dao, and entity manager configuration into XML. How can I get the authentication-provider configuration to reference a serv...
Hello, Am planning on building user administration module using Grails and the Spring Security Core plug-in for Grails. Also, am considering using MongoDB for the database system. Question(s): (1) What trade offs and benefits will my app gain by choosing MongoDB over MySQL or HSQLDB? (2) Is it super easy to way to implement (meaning...
i am new to spring security. can anybody provide me sample application for x509 certificate authentication with spring 2.0.4 ...
Hello everyone, I'm currently working with Spring 3.0.4 and Spring Security 3.0.2 (latest stable release at the moment). I'm kind of struggling migrating from Spring 2.5 to this new version, but that's a different subject. The real question is coming, inside the <http> tag you can put the <intercept-url>, but it seems like it can also ...
I am using a Security scheme that is based on session attributes. I know that Spring has Acegi Security but I dont have much time to study that module. I just want to share this out to solicit comments from experts here. The pseudocode is like this. On successful Login, I am setting an attribute on user session. The object that I ...
i am using the following method to make a programmatic login after registration private void autoLogin(User user, HttpServletRequest request) { GrantedAuthority[] grantedAuthorities = new GrantedAuthority[] { new GrantedAuthorityImpl( "ROLE_ADMIN") }; UsernamePasswordAuthenticationToken token =...
Hi experts, Here is my security-context.xml file <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security" xmlns:aop="http://www.springframework.org/schema/aop" xsi:sch...
Hi all, Using Spring Security 3.1.0, I cannot seem to get the concurrent session control feature to work. When I log into my system at the same time using IE and FireFox (using my local workstation) I see my user principle in the session registry twice. I am expecting the concurrent session control to log me out or throw an exception or...
I'd like to use the evercookie javascript library to receive the users cookie and make the spring security rememberme-service use it. I read a bit about implementing a custom remember-me service, but I think I just need to discover the cookie on the client-side using the evercookie library. I've got zero knowledge about cookie handling,...