spring security, can you add granular levels of security?
With spring security, could you add permissions for a user like: canEditPage canViewPage canLogin etc? if yes, Are these stored at a byte array interally? ...
With spring security, could you add permissions for a user like: canEditPage canViewPage canLogin etc? if yes, Are these stored at a byte array interally? ...
hi. I have a j2ee web application running on spring web flow using spring security. How do I change during runtime my Role saved in the session? ...
Hi. I have a problem with my j2ee application using spring security. I set max-sessions in concurrent-session-control to 1. Now it works fine when I try to Login the second time it will stop me. But when I logout the other one and try to login again I still get this same message. Your login attempt was not successful, try again. Reason:...
I am currently working on securing a web application using spring-security 3.0. I have gotten most of my issues figured out but I am trying to gain a better understanding of exactly what I am doing (copy and paste FTL). I watched this video in which he stated that the @Secured should not be used anymore except for certain situations. H...
Hi. I have a j2ee web application using spring web flow ang spring security. I want to redirect the user to page(maybe an error page) if the user's role has no access on the page being accessed because currently I get the error Error 404--Not Found From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1: 10.4.5 404 Not Found The server ...
I have a Spring application (Spring version 2.5.6.SEC01, Spring Security version 2.0.5) with the following setup: web.xml <welcome-file-list> <welcome-file> index.jsp </welcome-file> </welcome-file-list> The index.jsp page is in the WebContent directory and simply contains a redirect: <c:redirect url="/login.htm"/> In the ...
Hi. I have a web application using spring webflow and spring security. I have a problem with concurrency and here's the scenario. When I log in an and go to an edit page, and when my account was already restricted for that operation, I am not supposed to be able to perform the operation already. I see that since my ROLE save in the sess...
I think I'm missing a very obvious solution here, but I'll ask anyway. I've got a grails application that uses the Spring Security Plugin for my AAS. I want to start doing daily build and deploys of the application using Hudson onto a test server (running Apache2/Tomcat6) as the ROOT application. When the application goes live, anonym...
I have a Spring application (Spring version 2.5.6.SEC01, Spring Security version 2.0.5) with the following setup (this is based off of this question): In the security-config.xml file, I have the following configuration: <http> <!-- Restrict URLs based on role --> <intercept-url pattern="/WEB-INF/jsp/login.jsp*" access="ROLE_ANONYMO...
Hello, I have a website which uses Spring Security. I have realized that when I am logged in the application and I tried to access the website again without closing this session I get a 404 error. I mean if my application has a context name "myApp" I can acess to localhost:8080/myApp when I am not logged in, but when I am logged in and...
Hi all, We have a JSF web application that uses Acegi security. We also have a standalone Java Swing application. One function of the Swing app is to load the user's home page in a browser window. To do this we're currently using Commons HttpClient to authenticate the user with the web app: String url = "http://someUrl/j_acegi_securit...
I created a grails 1.2.0 project using the acegi plugin 0.5.2 which works very well. To integrate the project into our companies build infrastructure I need to build it via maven. So I converted it to a maven project using the grails maven integration which worked quite well too. There is one problem: I have a Java class CustomUserDe...
<bean id="ntlmFilter" class="org.springframework.security.ui.ntlm.NtlmProcessingFilter"> <security:custom-filter position="NTLM_FILTER" /> <property name="stripDomain" value="true" /> <property name="defaultDomain" value="company" /> <property name="domainController" value="192.168.1.1" /> <property name="authenticati...
Hello, I want set an extra cookie after user login successful. after read the source code of AbstractProcessingFilter, I found that it fire an InteractiveAuthenticationSuccessEvent after login. so I can write an ApplicationEventListener for this, but how can I get the corresponding HttpServletResponse in the event listener? thanks. ...
I'm using spring-security and struts 2. Most of our pages have content that is unprotected mixed with some protected content (user controls) so it is not like the examples where you go to a certain page and spring-security intercepts everything. Rather I'd like to be able to work with a login form that you access by pressing a login butt...
Hi All, I am trying to setup Spring 3 security using JDBC auth. Everything is working fine apart from when I try to specify multiple access roles to an intercept-url. Eg I want anyone with the roles ROLE_USER and ROLE_ADMIN to be able to access all pages, I use the follwoing line in my spring config file - <security:intercept-url patt...
may i know possible to use spring security to limit max number of users able to login to website at the same time? definately, not concurrent-session-control parameter. what i want is for instance, i want to limit maximum only allow 1000 users login same time. if more than that forward to notice page stating maximum users exceeded ...
Hola. i have written a small webapp using spring-security and spring-mvc with an annotation based configuration (@Secured). in order to have that work i had to split up the spring-security configuration: app-context.xml (included in web.xml's ContextConfigLocation) <security:http auto-config="true"/> app-servlet.xml (spring-mvc's di...
i cant find source code for spring security ntlm 2.04 ntlm.jar source code. any ideas where can i get this old release? ...
In the earlier versions of the spring security, The LdapUserDetailsMapper used to have an attribute to store custom user attributes like samAccountName, givenName.... But with the recent release in Spring security 3.0 apparently something changed and there is no way to store these details which we can access later from security context. ...