I'm using the PersistentTokenBasedRememberMeServices (Spring Security 2.04) in Grails App in conjunction with the OpenIDAuthenticationProcessingFilter. The configuration is as follows (This is Grails's DSL equivalent to Spring resource.xml but it should be quite easy to adapt): customTokenRepository(JdbcTokenRepositoryImpl) { dataSour...
I have a filterclass that i normally will put in web.xml. may i know how to specify it inside spring applicationcontext so that i able to use spring features in my fitlerclass? ...
Spring security has been used for our application. Spring security has been configured in bean declaration way. The problem is : I logged into the application, browsed few pages, and restarted the server(but didn't close the browser). After restarting the server I could successfully move to other pages. I am sure it is not the browser c...
I have the following project structure: base project (service layer, model) web project webservice project where both the web project and the web service project depend on the base project and use services provided by it. I make heavy use of the Spring Framework which means the Services are Spring Beans with methods secured by the...
Can anybody give me a hint about how to implement Spring Security using gwt-incubator-security and AOP? I tried to do everything as described on their wiki pages, but still no effect. I'm interested in how to make PRC calls secure. ...
I'm using Tomcat 6.2 and Spring MVC 2.5. I've noticed that, whilst a user is logged in I can restart Tomcat and the user is able to continue browsing without re-authenticating. This appears to be coming from Tomcat's ability to persist sessions across restarts. It appears, however, that these persisted sessions do not make it back into ...
Hi, I am new to spring and spring security, I have understood how beans are created and referenced in the xml files, I need to provide security using spring into my application. I included a custom applicationContext-security.xml file in my web.xml : contextConfigLocation in this file, I have intercepted url patterns using <intercep...
I need to have a custom authentication in spring, it should be a simple class that takes the username and password provided by a user and compares it with some values and based on that it should authenticate. We are using a system made in GWT, our login form, on success, opens another page in a new window. This is what i have attempted...
I'm trying to integrate Spring Security and GWT. I'm also using gwt-incubator-security. I configured everything as it was described on their wiki pages. I managed to get security working by using intercept-url, but I can't get it working using annotations. Any ideas about what the problem is? P.S. I'm using Spring 2.5.6, Spring Security...
The UserDetails interface has two properties that seem to be the same, locked and enabled. Aren't these just the opposite one of the other? ...
Hi guys, After upgrading from Spring 3.0.0.M4 to 3.0.0.RC1 and Spring Security 3.0.0.M2 to 3.0.0.RC1, I've had to use a security:authentication-manager tag instead of defining an _authenticationManager like I used to in M4/M2. I've done my best at defining it, and ended up with this: <security:authentication-manager alias="authenticati...
I have a struts2 action with an @Secured({"ROLE_ADMIN"}) to secure the execute method. In the execute method i assign a message to a member variable of the action, then return SUCCESS and end up on the jsp page. On the page I retrieve the actions member variable with <sroperty. private String greeting; public String execute() throws Ex...
for more details about the live id : https://accountservices.passport.net/ppnetworkhome.srf I have seen jar files in spring-security-2.0.5 indicating support for acl (i dont knw wht it is) cas (no idea again) NtLm open id does it support windows live id / is there any extension for spring that supports it ? ...
Hello, I try to implement Spring Security with OpenID in Google App Engine but I am getting a 'java.security.AccessControlException: access denied' for the RequestURI /j_spring_openid_security_chec It is working fine if I use '-D--enable_all_permissions=true' as VM Argument. Any ideas? Thanks, Ralph ...
I'm building a webapp with role based access control using Acegi (Spring) security. So i have different users with roles: ROLE_ADMIN, ROLE_USER and etc. However, i need to implement various user constraints. Let's consider an example: Suppose, there is a site where users can watch movies online. There are users with roles ROLE_STA...
I am relatively new to Spring and Spring security. I was attempting to write a program where I needed to authenticate a user at the server end using Spring security, I came up with the following: public class CustomAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider{ @Override protected void additionalAuth...
I am relatively new to the Spring Framework and Spring security. I have used a custom authentication scheme, HTML: <form action="j_spring_security_check"> <input type="text" name="j_username" value="abc"/> <input type="text" name="j_password" value="abc"/> <input type="text" name="myCustom1" value="pqr"/> <!-- maybe type="h...
I'm designing the security subsystem for a new product. The system requires the following: Complex user/group/permission model, both service-level and domain-level (ACL) Administration UI for the above Rules performed upon user actions (account disable on failed login, password complexity requirements, etc). Before going ahead and im...
Hello, I've got my Spring Security custom login form working. It displays errors if the user has input bad credentials, or is expired, etc. Looking inside spring-security-core-2.0.5.RELEASE.jar, I notice the following files in the org.springframework.security package: messages.properties messages_cs_CZ.properties messages_de.propertie...
I want to show content to any user that is logged in and to hide if they are not logged in. I'm using jsp's and spring security. Obviously a home grown solution is easily done. But what's the cleanest standard way of achieving this? Spring security tags don't seem to have nice way that will allow for the addition of new roles in the ...