I want to use Spring Security, and it says to map the filter to /*. But I already have a filter mapped to /*, which is the Tuckee URLRewrite filter. Is it possible to map two filters to the same thing, and also is there a way to specify the order that the filters get called? ...
Hi all, I just made a web service with spring 3 using MVC annotations (@Controller, @RequestMapping) and now I'm looking for a way to secure it. Does someone know how to do it? Thanks, ...
Blogs show that Spring Security works on Google App Engine, but based on the date of their posts, I think they are speaking of version 2 of Spring Security. Has anyone tried Spring Security 3 on Google App Engine? ...
How do I not instantiate Spring Security until I need to? I'm using Google App Engine so the startup time of my web app is important. Sometimes when a user requests a page, they must wait the whole time for my web app instantiate before getting a response (this is called a loading request). Certain pages of my app require no authen...
Hi, I'm using the annotations provided by the Spring Security (AKA Acegi) plugin. I have controller actions annotated with @Secured(['ROLE_ADMIN', 'ROLE_USER']) To indicate that they should be available to administrators and regular users. But now I need to indicate that an action is available to administrators and unregistered user...
hi I have a j2ee application using Spring webflow and Spring Security. I want to implement an account lockout such that after three times of password failure the account wil be locked. How do I implement this. ...
I'm trying to add <session-management> in my Spring Security namespace configuration so that I can provide a different message than the login page when the session times out. As soon as I add it to my configuration it starts throwing "IllegalStateException: Cannot create a session after the response has been committed" when I access the...
Hi, I'm using the Acegi plugin in my Grails app. After a user registers, he is redirected to an action that is protected. Therefore, he is shown the login form. However, I would prefer if the user was automatically logged in as soon as he completes registration. It seems like I could achieve this by redirecting to the action that the l...
I use the SpringSecurity-framework for authentication, and it works as long as there is a user with the same name in my local DB. However, I want an admin-account that is only stored in the local DB and has no equivalent in LDAP. So, how can I configure SpringSecurity so that it uses LDAP and if this fails looks for a user and password...
Any ideas what could be the cause of this? Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security] org.springframework.web.context.ContextLoader initWebApplicationContext: Context initialization failed org.springframework.beans.factory.parsing.BeanDefinitionParsingExc...
I'm having trouble getting the Spring Security OpenID functionality working. I'm getting the error below when I use http://spring.security.test.myopenid.com/ as input. Here is a link to the spring source that shows where the exception is thrown. Any ideas? Unable to process claimed identity 'null'. applicationContext-security.xml...
How do I use an interface like http://code.google.com/p/openid-selector/ for OpenID log in with Spring Security? ...
Anyone know how to get Spring security openid on Google App Engine working? I tried it, but there is a java.security.AccessControlException: access denied error. ...
Hi again, authentication via LDAP works like a charm, however, when I assign a role to a user and secure a page in the requestmap (like /books/show/** and ROLE_USER) this only works for local-only users, not for users authenticated via LDAP. (IS_AUTHENTICATED_FULLY works, though) How can I fix that? ...
Hi folks I am screwed with the spring security configuration issue Here is my configuration <security:global-method-security pre-post-annotations="enabled" /> <security:http auto-config="true"> <security:intercept-url pattern="/dologin" access="ROLE_USER,ROLE_ANONYMOUS" /> <security:form-login login-processing-url="/s...
I've been having a hell of a time trying to get LDAP authentication working with this application (apache Roller). It seems like it would just be "populate the right fields and go", but I'm still attempting to authenticate against the database (the default authentication method). I don't understand what's telling spring-security to use...
I have some confusion with how spring security works: In my application, I need to have a login page for users after which they are redirected back the page from where they came. I went through a few spring security tutorials and read some articles, and the examples work by securing a certain page on a site (managed by the <intercept u...
I requested Spring / Spring Security, etc training at work, and the bosses want to hire someone who knows Spring to come work with us as a consultant so that we'll learn Spring from a real-world perspective instead of a training perspective. I've been tasked with coming up with questions of various difficulty to ask potential hires in o...
I have basic spring security set up in my Spring / Java EE web app. I can restrict access to certain pages and force login (with roles etc.). There needs to be a form where new users can register and specify a login name and password. I am wondering if, to create new users, I simply query and update the appropriate spring security tab...
Hi, we are using spring security into our systems and our server is using the https scheme. However the application is running on http not https, so the server, being apache, is the https handler. whereas the application is running on http behind a firewall. Working code: <form-login login-page="/Login.html" authentication-failur...