I have request scope backing bean for login page( I am using Spring Security ). When authentication error occurs Spring put it to context and I am trying add error message to my page. public void doLogin() throws IOException { final FacesContext context = FacesContext.getCurrentInstance(); ExternalContext externalContext = conte...
I'm using Spring, Spring Security, BlazeDS, Flex and spring-flex. I know that I can call channelSet.login() and channelSet.logout() to hook into Spring Security for authentication. channelSet.authenticated apparently only knows about the current Flex session, as it always starts off as false, until you call channelSet.login(). What I ...
Currently I am writing a web application using Spring Security. We have a web service which authenticates users by username and password. Web service: String[] login(String username, String password); How do I configure Spring Security to pass the provided username and password to the web service? I have written a UserDetailsService...
For some reason the authoritieObject I was expecting at my vote() method is an instance of FilterInvocation, and I needed a MethodInvocation. Can't figure out why this is happening. My web.xml is the following: <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class> org.springframework.web.filter.Delegatin...
Hi, I'm trying to override AuthenticationProcessingFilter in Spring security. I have done following config in xml: <security:http access-decision-manager-ref="accessDecisionManager" > <security:intercept-url .../> <security:form-login login-page='/signin/' authentication-failure-url="/signin/?login_error" default-target...
I'm working with a legacy database and corresponding Java Domain Classes. I'm trying to add Spring Security to the app and I'd like to use Java Domain Classes for that too, just to be consistent and keep everything together. Grails has no problem using both POGOs and POJOs, btw. So, starting with a new, empty database and a new empty gr...
Greetings! When I try authenticating against my existing db I'm getting authenticated but I get the 403 page. If I just tried a wrong password I get 'wrong credentials' message as expected. I tried authenticating per sample app included with SpringSecurity and that worked fine. security-context.xml: <?xml version="1.0" encoding="UTF...
Is it possible to mention both form-based and basic authentication in Spring security using namespace configuration without overriding other ? So that the appliciation could serve both browser based request and remoting client. ...
I have an existing Spring application with a Swing interface. It interfaces using Spring Security into an LDAP system, with no User table, no Role table, no security tables whatsoever. I want to use the Acegi plugin, however, it demands I have a USER table. How can I override the plugin to indicate I don't want this. In fact, I already c...
hi! i've got two applications in same tomcat. one of those applications uses spring security for authentication. i would like method getRemoteUser to return valid user name in second application when logged into first one. is there easy way to achieve this? can u please point me out to simplest possible solution which will do that? th...
hello, I'm trying to integrate Spring Security in my web application. It seems pretty easy to do as long as you integrate the whole process of authentication and authorization. However, both authentication and authorization seem so coupled that it's being very time-consuming for me to understand how I could split these processes, and...
I just installed Windows 7 with NetBeans 6.5.1 and JDK 6.16. I checked out our Webapplication project with SVN, which is working with spring security. Libraries are imported, no reference problems, the same configuration worked with XP. Here's the beginning of the exception: WebModule[/db3]PWC1275: Exception sending context initialized...
I want to display custom error message in jsp for spring security authentication exceptions. For wrong username or password, spring displays : Bad credentials what I need : Username/Password entered is incorrect. For user is disabled, spring displays : User is disabled what I need : Your account is diabled, please contact ad...
I've been playing around with Spring Security a bit and noticed the following oddity. When I specify the <http> block like this in my security context XML. <http> <http-basic/> <port-mappings> <port-mapping http="8080" https="8181"/> </port-mappings> <intercept-url pattern="/url1**" access="ROLE_ROLE1" require...
Hi! I am developing an application under groovy using the acegi security plugin for user authentication. I want to return HTTP Error 403 in case the authentification fails (user not found, password doesn't match, etc). Following the documentation it should be enough to set under the DefaultSecurityConfig.groovy errorPage to null (err...
Hi everyone, So I'm working on this Spring MVC application using Spring Security. I've been hitting a performance problem in some instances where my controller is taking way too long to respond. This is due to a processing method that can take a huge amount of data in to process, based on some user input. Now I've been tweaking the c...
After solving all authentication related problems in my first Spring web application I'm now stuck with authorization. Configuration using @Secured annotations is pretty straight-forward so I don't think I made a mistake here. Additionally I'm using an Active Directory using the LDAP authentication provider and assign roles by AD groups...
I was just reading an article that showed the following Spring Security XML configuration: <authentication-provider> <password-encoder hash="sha" /> <jdbc-user-service data-source-ref="dataSource" /> </authentication-provider> I wondered if password-encoder could take some combination of parameters that would make it use SHA...
I have a problem where I can't seem to get my Spring MVC application to recognize a change in the user principal. The application I am using implements a preAuthentication mechanism for authentication. The problem occurs when a user logs into my authentication system, logs out, and then a new user logs back in. The custom authentication ...
I have an application that using ldap acegi-security-1.0.2.jar . I able to authenticate the user with active directory. I wanted to add NTLM auto login feature for my application. May i know what extra acegi library do i need to do this? is there any example on acegi+nltm on this? ...