greetings all i want to save cookies with subDomains and i want to know how to do so this is my current configuration: ProxyPass / ajp://127.0.0.1:8009/appName/ ProxyPassReverse / ajp://127.0.0.1:8009/appName/ ProxyPassReverseCookieDomain .appName.com *.appName.com ProxyPassReverseCookiePath / /appName ...
Consider the following implementation of Web app and Client - that uses Spring/Hibernate for the web app. The Application container is Tomcat Web App 1 (Primary) Web App 2 Web App 3 Web App 1, 2 and 3 expose services that talk JSON The Client is a normal browser, say there are 3 clients Client 1 Client 2 Client 3 The requirement of ...
I was reading about Firesheep and wondering how I can protect my Spring MVC 3.0 site against attacks like this: It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTT...
I have a grails app configured with spring-security-core and I need to allow Facebook / Twitter logins. I'm using the facebook plugin for grails and I'm using twitter4j for twitter authentication. Currently, I am successfully authenticating against Twitter and Facebook. I'm wondering how I am to integrate those logins with Spring secu...
I am using the Maven Flexmojos plug-in to run some FlexUnit4 integration tests on the command line against a Jetty/Java/Spring Security/BlazeDS backend. These integration tests run in a stand-alone version of the flash player. One of these tests attempts a few different login scenarios as follows: [Test(async)] public funct...
I'm needing to implement some RESTful webservices for a client in a Grails app and I want to use the jaxrs plugin but I am having a heck of a time finding information on how to implement security that isn't realm based (tomcat-users.xml). I am using the spring-security-core plugin and I'd like to utilize it to authenticate against my we...
please suggest spring security 3 pdf at beginner level in java which is available for free download. ...
greetings all I have a post method in a controller, which redirects to a new page I a way such like: @RequestMapping(method = RequestMethod.POST) public String post(HttpServletRequest request) { return "redirect:http://www.x.appName.com/myPage"; } suppose that the user already has a session before the redirection an...
My application uses spring security and JSF 1.2 State saving method defined in my web.xml is stated as server.. When the user is already logged in to application and still tries to login to the application in the same browser in different tab. I get following exception : javax.servlet.ServletException at javax.faces.webapp.FacesSer...
Hi guys! Did someone face the problem with spring security login when basic authorization is activated under Tomcat? It is simply impossible to login when the login page loaded after logout. If you refresh the page and try again, everything is fine :)(. I could not find any complain on such a behavior and spent whole day to find out...
I was looking at the Firebug output for my index page and noticed that my /login handler is getting called at some point during the execution of the index page. It doesn't redirect to the /login page though for some reason. But I can't tell which resource is triggering /login to be called. Is there some way of outputting the source of ...
Hello everyone. I'm trying to implement authentication by certificate in web service. According to Spring ws-security manual it can be implemented by adding BinarySecurityToken to the SOAP message, like: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://nxp.com/oum/xsd" xmlns:ds="http://www.w3...
Hi, I'm trying to set up the LDAP Spring Security. And I've stucked with some strange exception: Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainList' ... No UserDetailsService registered My security-config.xml looks like this: <?xml version="1.0" encoding="UTF-8"?> <bea...
If the president changes, I would have to change the value of presidentName three times below in the application-context.xml: <beans:property name="presidentName" value="Barack Obama" /> Is there a way to set variable once in application-context.xml to represent the string Barack Obama. <?xml version="1.0" encoding="UTF-8"?> <beans:b...
It seems logical to secure an entire class of controllers rather than each method. Can I do this: @Controller @Secured("ROLE_USER") public class accountPages { //Controllers } ...