Hi I have the application that need to authenticate / authorization (with roles) in a ldap weblogic v3. I'm using the Spring-Security version 3 . Next the code that I'm using for the test: **<http auto-config="true" use-expressions="true"> <intercept-url pattern="/app/login.html" access="permitAll" /> <intercept-url pattern="/app/...
hi all i am using spring security 3.0.2 and i have one custom filter and its order is last and i want to add another filter after that filter, is the following config right ? <custom-filter position="LAST" ref="filter1"/> <custom-filter after="LAST" ref="filter2"/> ...
Hello, I am working on a spring based application which will be delivered to several clients. I would like to find a way to override the securiy settings defined in web.xml either at runtime (to switch between HTPP and HTTPS), either to load another web.xml without unpacking and editing the web.xml from the application jar. Thanks fo...
Hi all, I'm currently in the process of migrating an application from Spring 2.5.6 to Spring 3.0.4 and Spring Security 3.0.2 and I was wondering if there was some kind of execution flow for both of these framework so that developpers could know what is being called before what. For those of you who are doing this kind of migration, I ca...
Hi, I am using Glassfish 3.0 with Spring Security 3.0 and exposed one of my EJBs as webservice using JAX-WS 2.0 annotation. I have generated WSDL and other portable artifacts and can access the webservice using a WS-client. Using JAAS I can make the webservice secured with "HTTP Basic Authentication" (using jdbc realm). But using Spring...
Grails 1.3.5 and have selenium-rc, easyb, and spring-security-core plugins installed. Everything seems to work really well except this one case I've run into. I have a page I am testing which has the following markup: <sec:ifAnyGranted roles='ROLE_ADMIN'> <span class="menuButton"> <g:link mapping="adminPage"> <g:mess...
I'm creating a REST web service using spring and i need to implement login/logout functions in it. The url for the functions should be something like .../api/login and .../api/logout. The username and password will be past using a POST method. I have a services layer below the REST web service. In the service layer i have the "login" an...
Hi, I want to make my Spring web-application able to authenticate based on a SAML 2.0 ID provider. The application won't itself be an ID provider, just a consumer. Where can I get a SAML 2.0 ID provider that I can use to test my implementation with? Any that I can install locally, or are there any hosted ID providers I can integrate agai...
I am able to display the SPRING_SECURITY_LAST_EXCEPTION.message ("Bad Credentials") when a user tries to log in with incorrect credentials. My login jsp currently uses the following code: <c:if test="${not empty SPRING_SECURITY_LAST_EXCEPTION.message}"> <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" /> ...
I am using Spring Security 3.0 with JSPs. I have created a RequireVerificationFilter that redirects unverified users to a "verify your email" page. I added the filter to the spring security filter stack in last place like so: Bean definition in my app-config.xml: <bean id="requireVerificationFilter" class="com.ebisent.web.RequireVeri...
Hi, I have problem with LDAP Spring Security, I'm trying to authorise against the LDAP server. I have the spring configuration xml file (security-config.xml) like this: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http...
greetings all i am using the following method to make an auto login for user after registration to access an authenticated page: public static void autoLogin(User user, HttpServletRequest request, AuthenticationManager authenticationManager) { GrantedAuthority[] grantedAuthorities = new GrantedAuthority[] { new Gran...
Here we have a Spring based webapp in google apps engine. I've created a UserDetailService class to load the UserDetails from the GAE data store (assuming this is the best approach). @Service("springUserDetailsService") public class SpringUserDetailsService implements UserDetailsService { @Resource(name="userDao") private IUs...
We have an application where users with proxy rights need to be able to see links in an application. For example, we might have: <s:intercept-url pattern="/resourceManager.htm" access=" ROLE_ADMIN_GROUP, ROLE_PROXY"/> If the user has the role of proxy, but not the admin role, I need to present them with a page telling them that the...
I'm new to Spring and GAE, and I assume this is easy, so don't overlook the simple answer. In spring I understand that I need to create an implementation of UserDetailsService which populates UserDetails for the security framework on authentication. After doing this I got a NotSerializableException on my SpringUserDetailsService bean, ...
Hi, I have read about Spring ACL but it does not seem to be very competent. For example: 1) No way to list all objects of type X with permission Y 2) No way to automatically create the schemas for new deployments What are you using for ACL? Is it clever to have the ACL so decoupled from the domain model? Thanks, Piotr ...
In JEE security, if a user tries to access a secured resource, they are redirected to the login page. After successful login they are redirected to previously requested secure resource. Is it possible to redirect the user to a specific page, in my case application entry page? Something equivalent to Spring Security's default-target-url...
Hey I am using struts2 and acegi.I am new to both of these.In my application which i have wrote using struts,i need to add security feature.For this I am using acegi(spring security). For which I have mapped acegi filter in web.xml along with mapping of struts filter.Both struts and acegi seems to be working fine except when acegi direct...
I am using a message-driven-channel-adapter to read messages off MQ queue, and this has been working fine in development. Now, in preparation for the first production release, I have to read a secured queue instead. What do I need to do? I think I need to make sure the following are set as system properties, but with what values? jav...
greetings all i am using spring security 3.0.2 and i am using the following configuration for remember me <http use-expressions="true" > <remember-me token-repository-ref="tokenRepository" token-validity-seconds="1209600"/> <beans:bean id="tokenRepository" class="org.springframework.security.web.authentication.reme...