Request 1 « Security « Spring Q&A





1. Java web app security: adding tokens to requests    stackoverflow.com

I'm looking for a method or current API that allows you to add on tokens to web app requests. Maybe within the session but not persisted. Or if you could help me by ...

2. How to set up Spring security to authenticate signed requests?    stackoverflow.com

Does spring support authentication of signed requests? (like those provided by open social Signed authorization ,i.e open social makeRequest API) if so, how do you configure it? Best Regards Yaniv

3. Spring Security Issue: Controller, Anonymous Requests    stackoverflow.com

I have an app that uses Spring security and BlazeDS. Flex 3.2 is used for the client app. Generally client app makes service calls using RemoteObjects. However, for certain cases client app ...

4. access to request object when using spring security    stackoverflow.com

When logging in I want to read the URL and base on the combination of subdomain, username and password user should be authorized. like if the url is abc.xyz.com i somehow need request ...

5. Spring Security Configuration Leads to Perpetual Authentication Request    stackoverflow.com

I have configured my web application with the following config file:

 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<security:global-method-security secured-annotations="enabled" pre-post-annotations="enabled" />

<!--
    Filter chain; this is referred ...

6. Opening SSL TCP socket and sending web requests    stackoverflow.com

I have a requirement to open a tcp socket and authenticate using SSLv3 or TLSv1 IP protocol using X.509 digital certificate. What does this handshake process involve exactly? I know the ...

7. No mapping found for HTTP request with URI [/app/j_spring_security_login] in DispatcherServlet with name 'dispatcher'    stackoverflow.com

I added this login link to my Spring app:

<a href="<spring:url value="/j_spring_security_login" htmlEscape="true" />">
Sign In
</a>
My assumption was that because this is a built-in tag for accessing the login page, Spring would know ...

8. Weird Requests/DefaultSavedRequests from other websites in my app?    stackoverflow.com

greetings all i am using spring security 3.0.2 and i am using apache,tomcat i was discovering the sessions on my web app and found out too many sessions with used time=0 and the description of one ...

9. Users seeing inconsistent representation of unicode text across request cycle in Spring 3 MVC    stackoverflow.com

While testing my app, I noticed the following issue where a string containing a unicode character, when passed to the controller and then back to the page, becomes garbled - or ...





10. ExtJS & Spring Security -- How to Seamlessly re-authenticate during Ajax Request?    stackoverflow.com

I need some advice about how to handle session timeouts when an Ajax request is made from the browser with Spring Security. Here's some ground rules: Multiple async ajax requests will be made ...

11. Triggering AJAX request in Spring security when Session has become invalid    stackoverflow.com

I have an application wich uses spring security / ajax etc. When the user leaves his workstation in some state to later return and triggering some ajax even (when the session ...

12. Get original request url in Spring Security form-login page    stackoverflow.com

I have the following declared in my spring security configuration file (http://www.springframework.org/schema/security/spring-security-2.0.1.xsd):

<form-login login-page="/login.html" />
What Spring Security does is redirect the user to that page if they don't have the correct authentication ...

13. Spring Security + custom User object attached to session for filtered requests    stackoverflow.com

I am not sure how to solve the following problem/ realize my scenario. Maybe someone can give me some hints?

  1. I have a Spring MVC app with Spring Security. I also use ...

14. Detect Session Timeout in Ajax Request in Spring MVC    stackoverflow.com

I can't see seem to find a good example/answer on how to send back some data from an ajax request when a session has timed out. It sends back the ...

15. How to redirect all new user requests to front page in Spring MVC?    stackoverflow.com

I want to secure (temporarily) my application by create front page with captcha and simple form. I suppose Spring Security is too complicated for this task. How can I catch all ...

16. Spring security accessing request params and http session within the AccessDecisionVoter    stackoverflow.com

I have a class which implements Spring Security(ver 2.5) org.springframework.security.vote.AccessDecisionVoter. The access decision is based around checking the requested article id against a list of id's held in the users http ...





17. 403 on JSON PUT request to Tomcat with Spring 3.0.5 and Jackson    stackoverflow.com

My web application has started returning 403 errors on PUT requests. However, I'm not seeing any debug messages in the logs for this request so I'm stumped as to how to ...

18. Spring Security session-fixation-protection="none" Requires HTTP Page Prior to Auth Request    stackoverflow.com

I had to use session-fixation-protection="none" in my application (form based login) as I have to switch between https (for login) and http (for all other pages) and I run into an ...

19. spring-security: create session without HTTP request?    stackoverflow.com

Is it possible within the Spring Security framework to create a session without an associated HTTP request? I'm developing an application that deploys on Tomcat, but users access it via a ...

20. is it allowed to redirect a request after forwarding?    stackoverflow.com

In certain scenarios I want to forcefully logout a user. I'm using Spring Security and the only way I know how to do this is to forward/redirect to /logout (or whatever ...

21. Spring Security - Is there a way to check if you're in a secured request?    stackoverflow.com

I want to know if the request I am in is accessible anonymously, even if I am authenticated anyways.

22. not able to use request scope in the Spring config file    stackoverflow.com

i am trying to use request scope in the spring file,but i am not able to do so, i am getting folllowing error.we are using spring security and session management.. After changing ...

23. How do you configure a Session-Scoped bean to be able to access information from the request and from other services?    stackoverflow.com

In order for this session-scoped bean to work, it needs access to the Request object to allow it to determine the privileges of the logged-in user. It also needs to be able ...

24. How to insert the username into MDC for the entire web request    stackoverflow.com

I am trying to use a Mapped Diagnostic Context to add the username of the user making a page request to all relevant logging statements. However I have tried three different ...

25. request.getRemoteUser() sometimes returns null    stackoverflow.com

I have a java-web-application using struts2 combined with old-style servlets. Using Acegi security. In my servlets, I'm logging what the user is trying to do and which user it is. To get the ...

26. spring ws security - authentication from request header?    stackoverflow.com

I'm looking for a way to secure a web service whereby the user id is to be got from the request headers. The ssl handshake is taken care of so I'm not ...

27. Set request attribute and then redirect to another app in a Spring Controller    stackoverflow.com

How can I set a request attribute and then redirect that to another app in a Spring Controller. Thanks!

28. How to access request scoped bean in controller?    stackoverflow.com

I'm trying to understand the request scoped beans. Suppose I have a controller and I have a request scoped bean instantiated using spring config xml

<bean id="loginAction" class="com.foo.LoginAction" scope="request"/>
Do I need to ...

29. MockHttpServletRequest isn't passing the URL to next filter in chain    stackoverflow.com

I am trying to implement a filter that uses MockHttpServletRequest to add a header to the request object. I want to use that header for preauthentication. This is the filter class..

public ...

30. request.getUserPrincipal() got null    stackoverflow.com

User successfully authenticated but after authentication when I go to next controller I got request.getUserPrincipal() null. I am using websphere 7 and my application is in spring mvc.

   System.out.println("subject.getPrincipals(): ...

31. Spring Security - retrieve user IP, browser info and requested page    stackoverflow.com

We use RequestHeaderAuthenticationFilter as to implement pre-authentication strategy and PreAuthenticatedAuthenitcationProvider as the authentication provider. One of the requirements is to store all successful logins to the database with following information. As ...

32. Autowiring with factory method at request scope    stackoverflow.com

I'm trying to unit-test my Spring application. Using Spring-Security, i have troubles to mock the SecurityContext in order to unit-test my controllers. I found the following question : Unit testing with Spring ...

33. Grails Error: No thread-bound request found: Are you referring to request attributes... After installing Spring Security Core    stackoverflow.com


I just created a new grails-app,
everything was fine until I decided
to install Spring Security Core.
After installing Spring Security Core
doing an s2-quickstart and hitting
grails run-app, it produced the ...

34. Grails 1.3.7 spring security - No thread-bound request found at start    stackoverflow.com

Suffering badly from the bug below. See http://jira.grails.org/browse/GPSPRINGSECURITYCORE-98 Works fine in my mac os x environment but fails badly on my collegues ubuntu. /S

35. Access "Request payload" in Spring MVC Controller?    stackoverflow.com

How to simple as @RequestParam or @PathVariable access "Request payload" in Spring MVC Controller ? enter image description here

36. use spring security to tell ajax requests where the login page is    stackoverflow.com

I have some url secured with spring (configured through xml). It works. However when I try to hit that endpoint with an ajax request I get a 302 (found) ...

37. How to dispatch request to "j_spring_security_check" from controller    stackoverflow.com

Through login.jsp I needed some value, so I forwarded request to controller after this I want to dispatch to default j_spring_security_check from controller. Please, help .. thank..:)

38. Request bypasses spring security filter    stackoverflow.com

Request of : /myProjectName/person/myProfile/ is ignored(ie I can access it when I should not) by:

 <security:intercept-url pattern="/person/myProfile" access="isAuthenticated()"/>
However if I write:
 <security:intercept-url pattern="/person/**" access="isAuthenticated()"/>
it works. I have controller with handler mapping:
@RequestMapping("/person")
and inside of ...

39. From a spring mvc controller action, how do I get access to request/response?    stackoverflow.com

My action looks like:

public String add() {

   return "/WEB-INF/views/add.jsp";
}
In this case I need access to a posted form field parameter. Once I receive the posted parameter value, I will ...

40. Random Request nonce in Spring Security    forum.springsource.org

Random Request nonce in Spring Security Hi everyone, I've been looking at Spring Security for authentication and authorization, and there's something I haven't been able to find: A synchronizer token pattern, ...

41. Spring Security2: how to use HTTP request data to assist authorization evaluation?    forum.springsource.org

Spring Security2: how to use HTTP request data to assist authorization evaluation? Hi all, I have created a framework extended from spring security2 used by many applications in the company. Note, ...

42. Request ID based access    forum.springsource.org

Request ID based access Hi everyone Now i been googling and looking through the small tutorials... even went on a springsource course, but something seems to elude me. Spring security is ...

43. Storing information between requests for anonymous users    forum.springsource.org

Storing information between requests for anonymous users Hello together, Im developing a webapplication with Spring 3 and Spring Security 3.0.5. I have a question regarding the storage of informations between requests ...

44. Ajax request to secured url, response weird    forum.springsource.org

Ajax request to secured url, change response Hello together, I use Spring Framework 3.0.5 and Spring Security 3.0.5 and I noticed something. I have a web application where users can log ...

45. Request to change user name    forum.springsource.org

Hello, Yet another change-username-request, I thought I can provide my name in profile after registration. I want my username to be innar.made Thanks

46. OpenSessionInView pattern, non-request-triggered data access    forum.springsource.org

OpenSessionInView pattern, non-request-triggered data access Hello everyone, I've developed a web application using Hibernate for data access. Everything is pretty straightforward - I am using the OpenSessionInView pattern (OpenSessionInViewFilter) in order ...

47. ApplicationListener with access to current request    forum.springsource.org

Is it possible to define a spring bean that extends ApplicationListener with access to current request? this way in the onApplicationEvent you can manipulate request attributes as a side effect of ...

48. Whether current request is under secure context    forum.springsource.org

Hi! In my spring controller I'd like to know whether my request has any connection with any entry defined in "objectDefinitionSource" found in filterInvocationInterceptor. Is there any helper class to decide ...

49. Spring mvc REST - Password on the request    forum.springsource.org

I have a RESTful web service that requires a UserName and Password passed to the service in GET method. Can you suggest a way to implement this? I would like to ...

50. How to get requests marked as anonymous in spring security 3    forum.springsource.org

Hi Guys, I am using spring security 3.0.3. We have marked some URL's as access=anonymous Code: I want to get the requests that are marked as ROLE_ANONYMOUS. ...

51. Basic authentication: Are all requests always secured after authentication?    forum.springsource.org

Hi, I am adding spring security (authentication + authorization) to a Jersey Restful web service. I first tried Basic authentication (login form), and it seems to work fine. But my question ...

52. Access request context path from velocity/freemarker    forum.springsource.org

I am trying to figure out how to make the context path of the current request available to the model for Velocity/Freemarker using SpringMVC. I need this to make absolute URLs ...

53. Not able to differentiate between request marked as Anonymous and ROLE_COMP    forum.springsource.org

Not able to differentiate between request marked as Anonymous and ROLE_COMP Hi Guys, Due to some of the reason I had to write my AuthenticationManager. in my spring-servlet.xml I had posted ...

54. Per request user authentication    forum.springsource.org

Hi, I'm working on an application with the security requirements outlined below: - User logs on - For every request thereafter ensure user is logged on - If user is logged ...

55. Check if user w/Role is authorized to request a certain page    forum.springsource.org

Check if user w/Role is authorized to request a certain page I have the following piece of code defined in my applicationContext file; Code: CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON ...

56. per request j_username&j_password authentication    forum.springsource.org

per request j_username&j_password authentication I am looking to perform seamless authentication against a url by appending j_username and j_password to the request. so my http request looks like this: Code: GET ...

57. Authentication for every request ???    forum.springsource.org

Authentication for every request ??? I m puzzled on this. The AbstractSecurityInterceptor does a db authentication for every request - authenticated = this.authenticationManager.authenticate(context .getAuthentication()); I only want the authentication to take ...

58. request.getUserPrincipal().getName() doesn't return username    forum.springsource.org

I'm trying to port an application that's using CMA to use Acegi. There are many places in the code where the following syntax is used: Code: Principal principal = request.getUserPrincipal(); String ...

59. Simple pseudo-authentication using request headers    forum.springsource.org

Simple pseudo-authentication using request headers Hi all, I'm still pretty new to ACEGI and trying to figure out if it's possible to grant access to methods through MethodSecurityInterceptor using only some ...

60. How to access the request var??    forum.springsource.org

Nov 10th, 2005, 12:18 PM #1 petar555 View Profile View Forum Posts Private Message Junior Member Join Date Aug 2005 Posts 7 How to access the request var?? Hi i to ...

61. Preserving POST request parameters after Filter Security Interception    forum.springsource.org

Preserving POST request parameters after Filter Security Interception Hi, I have a situation where I need to protected a URL that another form sends a POST to. So, when the session ...

62. Access to the request uri in the view    forum.springsource.org

Hi all, How can i access the original request.getRequestURI() from within the view (in our case a jsp)? Thanks and regards, Sandro

63. StackOverflow error for request.getPrincipal().getClass    forum.springsource.org

Hi, I am using Spring + Acegi for one of my projects. Whenever I try to invoke any method on the object returned from request.getUserPrincipal(), I get the following error. Code: ...

64. hessian request access    forum.springsource.org

Hi, I'm building a hessian remoting service, with spring integration (using org.springframework.remoting.caucho.HessianService Exporter). The bean that implements the service interface must have the URL where the service is deployed (like http://myserver.here.com/mycontext). ...

65. How to update the Authentication object on each request    forum.springsource.org

How to update the Authentication object on each request Hi Since our UserDetails implementation, called User, uses Hibernate as persistence mechanism and since the User object has relations to other parts ...

66. Getting the request uri which the user has entered    forum.springsource.org

Getting the request uri which the user has entered Hi there, i have a problem getting the request uri which the user has entered in the browser's address field. I only ...

67. Switching between certificate and form based authentications per request basis    forum.springsource.org

Switching between certificate and form based authentications per request basis We are using CAS and Acegi for our security requirements for some period. Currently we need to switch between certificate and ...

68. Acegi & Tapestry - Integration / Getting the saved request    forum.springsource.org

Acegi & Tapestry - Integration / Getting the saved request Even after reading the Acegi/Tapestry how-to thread (http://forum.springframework.org/sho...d.php?t=24013), I'm still struggling with several things. My biggest problem right now is how ...

69. Get User Roles from the request    forum.springsource.org

Hi all, I have configure Acegi with Siteminder. Now I want to get my User role for authenticated user not from a databtase tables, but from the request. That is in ...

70. Access to HttpRequest in request scoped beans    forum.springsource.org

Is it possible for beans in a request scope to get a reference to the current HttpRequest, HttpResponse and HttpSession ? For example: as soon as the web application gets an ...

71. How to access Request parameters in Freemarker?    forum.springsource.org

The HttpRequestHashModel object is put into the model under the key "Request". You can then access any properties on this object just as you would with objects/attributes you put into the ...

72. Acegi re-authenticates at each request - Spring - Swing - Tomcat    forum.springsource.org

Acegi re-authenticates at each request - Spring - Swing - Tomcat Hi, We're currently developing a rich client application using Tomcat (5.5) as a server, pure Swing as a front-end, Spring ...

73. secure the RMI api and only allow requests that come from the same machine    forum.springsource.org

secure the RMI api and only allow requests that come from the same machine Hi I am a newbie in acegi.... Can some body How can i secure our Rmi... I ...

74. Stop ACEGI from re-authenticating on every HTT Request    forum.springsource.org

Stop ACEGI from re-authenticating on every HTT Request Hello! We are using ACEGI extensively, and doing various kinds of authentications, including jdbc, LDAP, and Single Sign-On. What I am looking for ...

75. How to access the request object ?    forum.springsource.org

Hi All, I was wondering whether it is possible to get hold of the request object using the Spring framework (if it not already provided as a parameter). I mean functions, ...

76. Trigger authentication request via exception or method call?    forum.springsource.org

Trigger authentication request via exception or method call? Hi everyone, I would normally use patterns defined in a objectDefinitionSource to protect url's from unauthorized access. However, I have a case in ...

77. Acegi Saved Request Key Failure    forum.springsource.org

Acegi Saved Request Key Failure Hi all, Sometimes as a non-authenticated user, the login JSP (loginFormUrl) doesn't display properly in the browser because all the images on the screen are not ...

78. Get original request URL from Acegi??    forum.springsource.org

Get original request URL from Acegi?? Hi, To make Acegi run with JSF, we dedided to implement the login with a backing bean and not to use AuthenticationProcessingFilter (otheriwse Acegi is ...

79. how to access request, session using spring & velocity    forum.springsource.org

No... Only the request attributes are put in the model (and the stuff you put in there yourself i.e. referencedata). If you want the request or session you have to use ...

80. Retrieve user DN from web service request    forum.springsource.org

Retrieve user DN from web service request Hi All I am quite new to spring-WS framework; but I found it very handy to use. I am working on a project where ...

81. SQLException Causing Authentication Request To Fail    forum.springsource.org

SQLException Causing Authentication Request To Fail During the early stages of my project, I was using the InMemoryDaoImpl, but am trying to switch over to JdbcDaoImpl. Now, login requests just get ...

82. Logged in user not in request    forum.springsource.org

Logged in user not in request Hi, (Also posted this message to spring web forum before I realized that there was an acegi forum) In some of my controllers, request.getRemoteUser() always ...

83. Acegi loses saved request in session    forum.springsource.org

Acegi loses saved request in session We are having a frustrating problem with acegi 1.0.4 and 1.0.5. We have an implementation that has been working for some time and recently added ...

84. Access Request Object in Aspect Service    forum.springsource.org

Greetings, I am trying to integrate Spring AOP into my web application: Code: aop:config> ...

85. ACEGI_SAVED_REQUEST_KEY lost    forum.springsource.org

ACEGI_SAVED_REQUEST_KEY lost I am using CAS with ACEGI and I have problems in getting back the original request URL. 1)I have URL's under /report-app protected by ACEGI filter chain 2)ACEGI does ...

86. XSLT: Access Request Params    forum.springsource.org

Is it possible to access request parameters in XSLT views without explicitly adding them to the XML Source? I'm pretty sure that global parameters can be defined for XSLT transformations, so ...

87. Access the real target of a request scoped proxy    forum.springsource.org

Hi folks! I have to get the hold of the real target of a request scoped proxy. Because request scoped proxies aren't normal objects - I cannot assign to the proxy ...

88. ACEGI request.getRemoteUser() returns null    forum.springsource.org

Hello, Using ACEGI for basic form authentication. User is authenticated successfully after logging. After successfull validation, request.getSession().getAttribute("ACEGI_SECURITY_ CONTEXT") returns a valid authentication object to get hold of user principal and credentials. ...

89. Ajax request for secured resource not redirected to login page    forum.springsource.org

Mar 19th, 2008, 08:12 AM #1 mahudeeswaran View Profile View Forum Posts Private Message Junior Member Join Date Jul 2007 Location Chennai,India Posts 18 Ajax request for secured resource not redirected ...

90. Access request attribute in web page    forum.springsource.org

Access request attribute in web page Hi, formBackingObject method is used to initiate the values in the web page when dipalying first time. This method returns an object. But in the ...

91. ACEGI_SAVED_REQUEST_KEY not kept when loging in by clicking MS office hyperlink    forum.springsource.org

ACEGI_SAVED_REQUEST_KEY not kept when loging in by clicking MS office hyperlink Hi, I am using Acegi security version 1.0.7 in my web app. Everything works fine when logging in by putting ...

92. [Request for Feedback] Java 2 security integration available in TRUNK    forum.springsource.org

Hi everybody, Spring-DM TRUNK (the upcoming 1.2.0.m1) contains integration with Java 2 security. That is, when running with a security manager, Spring-DM uses privileged blocks in some areas to perform its ...

93. Spring_security_saved_request_key    forum.springsource.org

Spring_security_saved_request_key In the api docs for org.springframework.security.ui.AbstractProcessing Filter for the defaultTargetUrl they say defaultTargetUrl: indicates the URL that should be used for redirection if the HttpSession attribute named SPRING_SECURITY_SAVED_REQUEST_KEY does not ...

94. Problem: No client certificate chain in this request [400]    forum.springsource.org

Problem: No client certificate chain in this request [400] hi guys. i am new to spring-ws. and i have to build a prototype of a webclient with it. connection is via ...

95. PropertyEditor - The way to access an attribute of request/session?    forum.springsource.org

Hello! In my application I'm using PropertyEditors, and they are working perfectly, but I have one situation that I can't find the way to solve it using them. The context: Currently, ...

96. User role based on request url    forum.springsource.org

Hi all, I'am newbie to spring framework. Just today I try setup spring security 2.0.4. So I don't know how can i set user's(UserDetails) role (GrantedAuthority) based on request url. on ...

97. Spring in production Listing -User experiances - 10000 requests per minute    forum.springsource.org

Spring in production Listing -User experiances - 10000 requests per minute Hi all, I need some suggestions.We are developing a financial application which needs to handle 10000 requests per minute. I ...

98. Pre Auth user detail service access to request custom principal    forum.springsource.org

Pre Auth user detail service access to request custom principal I'm using PreAuth just like this: /showthread.php?t=60728 (can't do URLs yet in this forum) but I want to have access to ...

99. Method security with struts2 make all request params in action NULL    forum.springsource.org

I need to use method security in my Struts2 application. It works as I want - deny user with no permission and allow access when user has a proper one. But ...

100. Access to request parameters    forum.springsource.org

Is it possible to reference the values of request parameters in the applicationContext.xml file so that a request-scoped bean definition can be injected with these values? If not, how is it ...