spring security, can you add granular levels of security?
With spring security, could you add permissions for a user like: canEditPage canViewPage canLogin etc? if yes, Are these stored at a byte array interally? ...
spring-security
Spring Security Access role
hi. I have a j2ee web application running on spring web flow using spring security. How do I change during runtime my Role saved in the session? ...
Spring Security Max Login Session
Hi. I have a problem with my j2ee application using spring security. I set max-sessions in concurrent-session-control to 1. Now it works fine when I try to Login the second time it will stop me. But when I logout the other one and try to login again I still get this same message. Your login attempt was not successful, try again. Reason:...
Where can I find more information on spring-security annotations
I am currently working on securing a web application using spring-security 3.0. I have gotten most of my issues figured out but I am trying to gain a better understanding of exactly what I am doing (copy and paste FTL). I watched this video in which he stated that the @Secured should not be used anymore except for certain situations. H...
Spring Security Redirect if no access on page
Hi. I have a j2ee web application using spring web flow ang spring security. I want to redirect the user to page(maybe an error page) if the user's role has no access on the page being accessed because currently I get the error Error 404--Not Found From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1: 10.4.5 404 Not Found The server ...
Infinite loop using Spring Security - Login page is protected even though it should allow anonymous access
I have a Spring application (Spring version 2.5.6.SEC01, Spring Security version 2.0.5) with the following setup: web.xml <welcome-file-list> <welcome-file> index.jsp </welcome-file> </welcome-file-list> The index.jsp page is in the WebContent directory and simply contains a redirect: <c:redirect url="/login.htm"/> In the ...
Spring Security Concurrency On Different Browsers
Hi. I have a web application using spring webflow and spring security. I have a problem with concurrency and here's the scenario. When I log in an and go to an edit page, and when my account was already restricted for that operation, I am not supposed to be able to perform the operation already. I see that since my ROLE save in the sess...
How to force unauthenticated users to a loging page in Grails / Spring Security Plug-in
I think I'm missing a very obvious solution here, but I'll ask anyway. I've got a grails application that uses the Spring Security Plugin for my AAS. I want to start doing daily build and deploys of the application using Hudson onto a test server (running Apache2/Tomcat6) as the ROOT application. When the application goes live, anonym...
Spring Security - Custom authentication provider not called
I have a Spring application (Spring version 2.5.6.SEC01, Spring Security version 2.0.5) with the following setup (this is based off of this question): In the security-config.xml file, I have the following configuration: <http> <!-- Restrict URLs based on role --> <intercept-url pattern="/WEB-INF/jsp/login.jsp*" access="ROLE_ANONYMO...
Spring Security - Cannot access my welcome webpage while I'm already logged
Hello, I have a website which uses Spring Security. I have realized that when I am logged in the application and I tried to access the website again without closing this session I get a 404 error. I mean if my application has a context name "myApp" I can acess to localhost:8080/myApp when I am not logged in, but when I am logged in and...
Acegi throws AuthenticationCredentialsNotFoundException when opening URl with BrowserLauncher 2
Hi all, We have a JSF web application that uses Acegi security. We also have a standalone Java Swing application. One function of the Swing app is to load the user's home page in a browser window. To do this we're currently using Commons HttpClient to authenticate the user with the web app: String url = "http://someUrl/j_acegi_securit...
Grails acegi plugin classes not added to maven
I created a grails 1.2.0 project using the acegi plugin 0.5.2 which works very well. To integrate the project into our companies build infrastructure I need to build it via maven. So I converted it to a maven project using the grails maven integration which worked quite well too. There is one problem: I have a Java class CustomUserDe...
Java Spring NtlmProcessingFilter second controller
<bean id="ntlmFilter" class="org.springframework.security.ui.ntlm.NtlmProcessingFilter"> <security:custom-filter position="NTLM_FILTER" /> <property name="stripDomain" value="true" /> <property name="defaultDomain" value="company" /> <property name="domainController" value="192.168.1.1" /> <property name="authenticati...
how to set an extra cookie after login successful in spring security
Hello, I want set an extra cookie after user login successful. after read the source code of AbstractProcessingFilter, I found that it fire an InteractiveAuthenticationSuccessEvent after login. so I can write an ApplicationEventListener for this, but how can I get the corresponding HttpServletResponse in the event listener? thanks. ...
Remember original page to redirect to with spring security after a failed login on unprotected URL
I'm using spring-security and struts 2. Most of our pages have content that is unprotected mixed with some protected content (user controls) so it is not like the examples where you go to a certain page and spring-security intercepts everything. Rather I'd like to be able to work with a login form that you access by pressing a login butt...
Spring Security 3 specify multiple intercept-url access roles
Hi All, I am trying to setup Spring 3 security using JDBC auth. Everything is working fine apart from when I try to specify multiple access roles to an intercept-url. Eg I want anyone with the roles ROLE_USER and ROLE_ADMIN to be able to access all pages, I use the follwoing line in my spring config file - <security:intercept-url patt...
spring limit max sessions ; limit max users
may i know possible to use spring security to limit max number of users able to login to website at the same time? definately, not concurrent-session-control parameter. what i want is for instance, i want to limit maximum only allow 1000 users login same time. if more than that forward to notice page stating maximum users exceeded ...
spring-security & spring-mvc configuration
Hola. i have written a small webapp using spring-security and spring-mvc with an annotation based configuration (@Secured). in order to have that work i had to split up the spring-security configuration: app-context.xml (included in web.xml's ContextConfigLocation) <security:http auto-config="true"/> app-servlet.xml (spring-mvc's di...
need spring security ntlm source code 2.04
i cant find source code for spring security ntlm 2.04 ntlm.jar source code. any ideas where can i get this old release? ...
LdapUserDetails Mapper changed in Spring Security 3.0?
In the earlier versions of the spring security, The LdapUserDetailsMapper used to have an attribute to store custom user attributes like samAccountName, givenName.... But with the recent release in Spring security 3.0 apparently something changed and there is no way to store these details which we can access later from security context. ...