Hi, I am new in Spring, I have go though spring step-by-step, it seems very helpful for the beginners. But i did not find something like this about spring security, Can anyone provide me with step-by-step like tutorial on Spring Security? Thanks in advance. ...
I have an application that supports multiple types of login using username+password, using open id, etc. Technology used : GWT. Login url = Login.html and Login Failure url = Login.html?error=true as shown above, the login page (made in GWT) can determine that whether its just opened for first time or whether its opened after an error....
Hello, I've added Spring Security to my application. I am able to login fine but after I click logout, I'm then unable to login again. Here is my applicationContext-security.xml <http auto-config="true" access-denied-page="/accessDenied.html"> <intercept-url pattern="/login.html*" filters="none"/> <intercept-url pattern="...
I am working on a project where I have to include some code from a JSP. This JSP has code as follows (related to Spring Security) ... <%@ taglib prefix='c' uri='http://java.sun.com/jstl/core_rt' %> <%@ page import="org.springframework.security.ui.AbstractProcessingFilter" %> <%@ page import="org.springframework.security.ui.webapp.Authen...
I have an EAR project, using EJBs. The project is deployed in GlassFish. I am trying to use Spring Security. I would like my implemtation class of UserDetailsService use and EJB. However, when I annotate my implementation class, for instance: @EJB FooEJB fooEJB; it is always null. I am also using icefaces, and I do this annotation in ...
Hi, My requirement is to provide: Userid password based authentication. Open id based authentication Url based authentication (its a custom sso impl we have) in the same project. I have tried to plug in Spring security into an existing project as (code stripped down for simplicity): <?xml version="1.0" encoding="UTF-8"?> <beans:be...
Hi, I'm developing a webapp which allows for two types for users - User and Admin. There's are two parts of the site - the User side, and the Admin side. I'm using Spring Security to secure both sites and its working pretty well except I've come across a bit of a problem. Basically, if the user is not logged in and tries to access a p...
I am looking for a security framework for Java web application with Object granularity. What it means is that I don't just want to filter by urls or by roles, but by specific user ownership of domain objects inside the system. For example, if there is a Message object that has a Sender user and a Receiver user I would like to be able ...
I am trying to integrate Spring Security with my JSF application. I am able to get to make the login page show up, but after a successful login, the protected URL does not show up, it stays on the login page. My applicationContext.xml: <security:http auto-config="true" access-denied-page="/login/loginerror.jspx"> <security:inte...
Hi Guru, I am using spring security 2.x (+spring + struts2) and would like to enable add authority to user dynamically after user submits a form. I have a protected directory (/protected/dir/) which is protected by ROLE_USER <sec:intercept-url pattern="/protected/dir/**" access="ROLE_USER, ROLE_ADMIN" /> Which user can access after ...
Background: The grails application I am developing has a few levels of granular security. First the least granular is at the controller level. Either you can view a specific page or you cannot (I am using the Acegi spring security plugin). The second level of security is in the service layer via an AOP approach. You can either access a c...
Hi experts! I'm currently working on a project were we use freemarker as a template language. Instead of using the defualt login form I have created a custom controller and a custom freemarker view which goes along with that controller Code: @Controller public class LoginController { private static finaal String LOGIN = "components/se...
Hi, I am using Spring Security with LDAP for an application and I want to log the user-agent when the user logs in. However, I cannot access the request object in the Authorities Populator so I cannot access the user-agent information from there. I also tried setting the pattern in our logger (log4j) so it would log the user agent by ...
My system has 2 subsystems. Each subsystem has different set of users. Each user has an extra field "SystemName" that can be used to know which system this user belongs to. In the login forms (1 form for each subsystem) I added a hidden field specifying the type of the form (containing the SystemName value). Generally, the check is rat...
I'm searching for the best way to handle view-level authorization (where you hide markup based on a user's roles). The typical way to do this is with the Acegi Security authz tag, as follows: <authz:authorize ifAnyGranted="ROLE_FOO, ROLE_BAR, ROLE_BLAH"> <!-- protected content here --> </authz:authorize> The problem with that appro...
I'm trying to get Tuckey UrlRewriteFilter to tidy up URLs for my webapp. One problem I've got is that when spring-security notices that an anonymous user is trying to access a protected resource it redirects to a URL which includes the servlet path. What I'd like is, by example: > GET http://localhost:8080/my-context/protected-resource...
Hello, Is there a way to retrieve the organization unit like (OU=LM,DC=test,DC=local) from active directory when i use the configuration described in this link: http://stackoverflow.com/questions/84680/how-do-you-authenticate-against-an-active-directory-server-using-spring-security thank you ...
I'm adding OpenID login to a small web app using Spring Security 2.0.5. I want to be able to identify users within my application based on the OpenID identifier with which they logged in. This works fine when using Verisign as the provider; each identifier is a user-specific URI like http://jbloggs.pip.verisignlabs.com/, which is easily ...
How would you combine OpenID with a RESTful web service? The personal project I'm working on is using the RPX SaaS to do OpenID. The key result of this is URL describing the logged in user. The app itself is heavily Javascript and I'm planning on using a REST api to communicate with the backend for database persistence and spatial proce...
I have implemented spring security's remember me feature in our app, the way i understand it, If user opens main page directly and he is not authenticated by spring, he is taken to the login page. if he is authenticated, he stays on the main page. However in our application, the user is likely to start the login page first (and is likel...