Request 1 « Security « Spring Q&A
1. Java web app security: adding tokens to requests stackoverflow.comI'm looking for a method or current API that allows you to add on tokens to web app requests. Maybe within the session but not persisted. Or if you could help me by ... |
2. How to set up Spring security to authenticate signed requests? stackoverflow.comDoes spring support authentication of signed requests? (like those provided by open social Signed authorization ,i.e open social makeRequest API) if so, how do you configure it? Best Regards Yaniv |
3. Spring Security Issue: Controller, Anonymous Requests stackoverflow.comI have an app that uses Spring security and BlazeDS. Flex 3.2 is used for the client app. Generally client app makes service calls using RemoteObjects. However, for certain cases client app ... |
4. access to request object when using spring security stackoverflow.comWhen logging in I want to read the URL and base on the combination of subdomain, username and password user should be authorized. like if the url is abc.xyz.com i somehow need request ... |
5. Spring Security Configuration Leads to Perpetual Authentication Request stackoverflow.comI have configured my web application with the following config file: |
6. Opening SSL TCP socket and sending web requests stackoverflow.comI have a requirement to open a tcp socket and authenticate using SSLv3 or TLSv1 IP protocol using X.509 digital certificate. What does this handshake process involve exactly? I know the ... |
7. No mapping found for HTTP request with URI [/app/j_spring_security_login] in DispatcherServlet with name 'dispatcher' stackoverflow.comI added this login link to my Spring app: |
8. Weird Requests/DefaultSavedRequests from other websites in my app? stackoverflow.comgreetings all i am using spring security 3.0.2 and i am using apache,tomcat i was discovering the sessions on my web app and found out too many sessions with used time=0 and the description of one ... |
9. Users seeing inconsistent representation of unicode text across request cycle in Spring 3 MVC stackoverflow.comWhile testing my app, I noticed the following issue where a string containing a unicode character, when passed to the controller and then back to the page, becomes garbled - or ... |
10. ExtJS & Spring Security -- How to Seamlessly re-authenticate during Ajax Request? stackoverflow.comI need some advice about how to handle session timeouts when an Ajax request is made from the browser with Spring Security. Here's some ground rules: Multiple async ajax requests will be made ... |
11. Triggering AJAX request in Spring security when Session has become invalid stackoverflow.comI have an application wich uses spring security / ajax etc. When the user leaves his workstation in some state to later return and triggering some ajax even (when the session ... |
12. Get original request url in Spring Security form-login page stackoverflow.comI have the following declared in my spring security configuration file (http://www.springframework.org/schema/security/spring-security-2.0.1.xsd): |
13. Spring Security + custom User object attached to session for filtered requests stackoverflow.comI am not sure how to solve the following problem/ realize my scenario. Maybe someone can give me some hints?
|
14. Detect Session Timeout in Ajax Request in Spring MVC stackoverflow.comI can't see seem to find a good example/answer on how to send back some data from an ajax request when a session has timed out. It sends back the ... |
15. How to redirect all new user requests to front page in Spring MVC? stackoverflow.comI want to secure (temporarily) my application by create front page with captcha and simple form. I suppose Spring Security is too complicated for this task. How can I catch all ... |
16. Spring security accessing request params and http session within the AccessDecisionVoter stackoverflow.comI have a class which implements Spring Security(ver 2.5) |
17. 403 on JSON PUT request to Tomcat with Spring 3.0.5 and Jackson stackoverflow.comMy web application has started returning 403 errors on PUT requests. However, I'm not seeing any debug messages in the logs for this request so I'm stumped as to how to ... |
18. Spring Security session-fixation-protection="none" Requires HTTP Page Prior to Auth Request stackoverflow.comI had to use session-fixation-protection="none" in my application (form based login) as I have to switch between https (for login) and http (for all other pages) and I run into an ... |
19. spring-security: create session without HTTP request? stackoverflow.comIs it possible within the Spring Security framework to create a session without an associated HTTP request? I'm developing an application that deploys on Tomcat, but users access it via a ... |
20. is it allowed to redirect a request after forwarding? stackoverflow.comIn certain scenarios I want to forcefully logout a user. I'm using Spring Security and the only way I know how to do this is to forward/redirect to /logout (or whatever ... |
21. Spring Security - Is there a way to check if you're in a secured request? stackoverflow.comI want to know if the request I am in is accessible anonymously, even if I am authenticated anyways. |
22. not able to use request scope in the Spring config file stackoverflow.comi am trying to use request scope in the spring file,but i am not able to do so, i am getting folllowing error.we are using spring security and session management.. After changing ... |
23. How do you configure a Session-Scoped bean to be able to access information from the request and from other services? stackoverflow.comIn order for this session-scoped bean to work, it needs access to the |
24. How to insert the username into MDC for the entire web request stackoverflow.comI am trying to use a Mapped Diagnostic Context to add the username of the user making a page request to all relevant logging statements. However I have tried three different ... |
25. request.getRemoteUser() sometimes returns null stackoverflow.comI have a java-web-application using struts2 combined with old-style servlets. Using Acegi security. In my servlets, I'm logging what the user is trying to do and which user it is. To get the ... |
26. spring ws security - authentication from request header? stackoverflow.comI'm looking for a way to secure a web service whereby the user id is to be got from the request headers. The ssl handshake is taken care of so I'm not ... |
27. Set request attribute and then redirect to another app in a Spring Controller stackoverflow.comHow can I set a request attribute and then redirect that to another app in a Spring Controller. Thanks! |
28. How to access request scoped bean in controller? stackoverflow.comI'm trying to understand the request scoped beans. Suppose I have a controller and I have a request scoped bean instantiated using spring config xml |
29. MockHttpServletRequest isn't passing the URL to next filter in chain stackoverflow.comI am trying to implement a filter that uses MockHttpServletRequest to add a header to the request object. I want to use that header for preauthentication. This is the filter class.. |
30. request.getUserPrincipal() got null stackoverflow.comUser successfully authenticated but after authentication when I go to next controller I got |
31. Spring Security - retrieve user IP, browser info and requested page stackoverflow.comWe use |
32. Autowiring with factory method at request scope stackoverflow.comI'm trying to unit-test my Spring application. Using Spring-Security, i have troubles to mock the SecurityContext in order to unit-test my controllers. I found the following question : Unit testing with Spring ... |
33. Grails Error: No thread-bound request found: Are you referring to request attributes... After installing Spring Security Core stackoverflow.com
|
34. Grails 1.3.7 spring security - No thread-bound request found at start stackoverflow.comSuffering badly from the bug below. See http://jira.grails.org/browse/GPSPRINGSECURITYCORE-98 Works fine in my mac os x environment but fails badly on my collegues ubuntu. /S |
35. Access "Request payload" in Spring MVC Controller? stackoverflow.comHow to simple as |
36. use spring security to tell ajax requests where the login page is stackoverflow.comI have some url secured with spring (configured through xml). It works. However when I try to hit that endpoint with an ajax request I get a 302 (found) ... |
37. How to dispatch request to "j_spring_security_check" from controller stackoverflow.comThrough login.jsp I needed some value, so I forwarded request to controller after this I want to dispatch to default j_spring_security_check from controller. Please, help .. thank..:) |
38. Request bypasses spring security filter stackoverflow.comRequest of : /myProjectName/person/myProfile/ is ignored(ie I can access it when I should not) by: |
39. From a spring mvc controller action, how do I get access to request/response? stackoverflow.comMy action looks like: |
40. Random Request nonce in Spring Security forum.springsource.orgRandom Request nonce in Spring Security Hi everyone, I've been looking at Spring Security for authentication and authorization, and there's something I haven't been able to find: A synchronizer token pattern, ... |
41. Spring Security2: how to use HTTP request data to assist authorization evaluation? forum.springsource.orgSpring Security2: how to use HTTP request data to assist authorization evaluation? Hi all, I have created a framework extended from spring security2 used by many applications in the company. Note, ... |
42. Request ID based access forum.springsource.orgRequest ID based access Hi everyone Now i been googling and looking through the small tutorials... even went on a springsource course, but something seems to elude me. Spring security is ... |
43. Storing information between requests for anonymous users forum.springsource.orgStoring information between requests for anonymous users Hello together, Im developing a webapplication with Spring 3 and Spring Security 3.0.5. I have a question regarding the storage of informations between requests ... |
44. Ajax request to secured url, response weird forum.springsource.orgAjax request to secured url, change response Hello together, I use Spring Framework 3.0.5 and Spring Security 3.0.5 and I noticed something. I have a web application where users can log ... |
45. Request to change user name forum.springsource.orgHello, Yet another change-username-request, I thought I can provide my name in profile after registration. I want my username to be innar.made Thanks |
46. OpenSessionInView pattern, non-request-triggered data access forum.springsource.orgOpenSessionInView pattern, non-request-triggered data access Hello everyone, I've developed a web application using Hibernate for data access. Everything is pretty straightforward - I am using the OpenSessionInView pattern (OpenSessionInViewFilter) in order ... |
47. ApplicationListener with access to current request forum.springsource.orgIs it possible to define a spring bean that extends ApplicationListener with access to current request? this way in the onApplicationEvent you can manipulate request attributes as a side effect of ... |
48. Whether current request is under secure context forum.springsource.orgHi! In my spring controller I'd like to know whether my request has any connection with any entry defined in "objectDefinitionSource" found in filterInvocationInterceptor. Is there any helper class to decide ... |
49. Spring mvc REST - Password on the request forum.springsource.orgI have a RESTful web service that requires a UserName and Password passed to the service in GET method. Can you suggest a way to implement this? I would like to ... |
50. How to get requests marked as anonymous in spring security 3 forum.springsource.orgHi Guys, I am using spring security 3.0.3. We have marked some URL's as access=anonymous Code: |
51. Basic authentication: Are all requests always secured after authentication? forum.springsource.orgHi, I am adding spring security (authentication + authorization) to a Jersey Restful web service. I first tried Basic authentication (login form), and it seems to work fine. But my question ... |
52. Access request context path from velocity/freemarker forum.springsource.orgI am trying to figure out how to make the context path of the current request available to the model for Velocity/Freemarker using SpringMVC. I need this to make absolute URLs ... |
53. Not able to differentiate between request marked as Anonymous and ROLE_COMP forum.springsource.orgNot able to differentiate between request marked as Anonymous and ROLE_COMP Hi Guys, Due to some of the reason I had to write my AuthenticationManager. in my spring-servlet.xml I had posted ... |
54. Per request user authentication forum.springsource.orgHi, I'm working on an application with the security requirements outlined below: - User logs on - For every request thereafter ensure user is logged on - If user is logged ... |
55. Check if user w/Role is authorized to request a certain page forum.springsource.orgCheck if user w/Role is authorized to request a certain page I have the following piece of code defined in my applicationContext file; Code: |
56. per request j_username&j_password authentication forum.springsource.orgper request j_username&j_password authentication I am looking to perform seamless authentication against a url by appending j_username and j_password to the request. so my http request looks like this: Code: GET ... |
57. Authentication for every request ??? forum.springsource.orgAuthentication for every request ??? I m puzzled on this. The AbstractSecurityInterceptor does a db authentication for every request - authenticated = this.authenticationManager.authenticate(context .getAuthentication()); I only want the authentication to take ... |
58. request.getUserPrincipal().getName() doesn't return username forum.springsource.orgI'm trying to port an application that's using CMA to use Acegi. There are many places in the code where the following syntax is used: Code: Principal principal = request.getUserPrincipal(); String ... |
59. Simple pseudo-authentication using request headers forum.springsource.orgSimple pseudo-authentication using request headers Hi all, I'm still pretty new to ACEGI and trying to figure out if it's possible to grant access to methods through MethodSecurityInterceptor using only some ... |
60. How to access the request var?? forum.springsource.orgNov 10th, 2005, 12:18 PM #1 petar555 View Profile View Forum Posts Private Message Junior Member Join Date Aug 2005 Posts 7 How to access the request var?? Hi i to ... |
61. Preserving POST request parameters after Filter Security Interception forum.springsource.orgPreserving POST request parameters after Filter Security Interception Hi, I have a situation where I need to protected a URL that another form sends a POST to. So, when the session ... |
62. Access to the request uri in the view forum.springsource.orgHi all, How can i access the original request.getRequestURI() from within the view (in our case a jsp)? Thanks and regards, Sandro |
63. StackOverflow error for request.getPrincipal().getClass forum.springsource.orgHi, I am using Spring + Acegi for one of my projects. Whenever I try to invoke any method on the object returned from request.getUserPrincipal(), I get the following error. Code: ... |
64. hessian request access forum.springsource.orgHi, I'm building a hessian remoting service, with spring integration (using org.springframework.remoting.caucho.HessianService Exporter). The bean that implements the service interface must have the URL where the service is deployed (like http://myserver.here.com/mycontext). ... |
65. How to update the Authentication object on each request forum.springsource.orgHow to update the Authentication object on each request Hi Since our UserDetails implementation, called User, uses Hibernate as persistence mechanism and since the User object has relations to other parts ... |
66. Getting the request uri which the user has entered forum.springsource.orgGetting the request uri which the user has entered Hi there, i have a problem getting the request uri which the user has entered in the browser's address field. I only ... |
67. Switching between certificate and form based authentications per request basis forum.springsource.orgSwitching between certificate and form based authentications per request basis We are using CAS and Acegi for our security requirements for some period. Currently we need to switch between certificate and ... |
68. Acegi & Tapestry - Integration / Getting the saved request forum.springsource.orgAcegi & Tapestry - Integration / Getting the saved request Even after reading the Acegi/Tapestry how-to thread (http://forum.springframework.org/sho...d.php?t=24013), I'm still struggling with several things. My biggest problem right now is how ... |
69. Get User Roles from the request forum.springsource.orgHi all, I have configure Acegi with Siteminder. Now I want to get my User role for authenticated user not from a databtase tables, but from the request. That is in ... |
70. Access to HttpRequest in request scoped beans forum.springsource.orgIs it possible for beans in a request scope to get a reference to the current HttpRequest, HttpResponse and HttpSession ? For example: as soon as the web application gets an ... |
71. How to access Request parameters in Freemarker? forum.springsource.orgThe HttpRequestHashModel object is put into the model under the key "Request". You can then access any properties on this object just as you would with objects/attributes you put into the ... |
72. Acegi re-authenticates at each request - Spring - Swing - Tomcat forum.springsource.orgAcegi re-authenticates at each request - Spring - Swing - Tomcat Hi, We're currently developing a rich client application using Tomcat (5.5) as a server, pure Swing as a front-end, Spring ... |
73. secure the RMI api and only allow requests that come from the same machine forum.springsource.orgsecure the RMI api and only allow requests that come from the same machine Hi I am a newbie in acegi.... Can some body How can i secure our Rmi... I ... |
74. Stop ACEGI from re-authenticating on every HTT Request forum.springsource.orgStop ACEGI from re-authenticating on every HTT Request Hello! We are using ACEGI extensively, and doing various kinds of authentications, including jdbc, LDAP, and Single Sign-On. What I am looking for ... |
75. How to access the request object ? forum.springsource.orgHi All, I was wondering whether it is possible to get hold of the request object using the Spring framework (if it not already provided as a parameter). I mean functions, ... |
76. Trigger authentication request via exception or method call? forum.springsource.orgTrigger authentication request via exception or method call? Hi everyone, I would normally use patterns defined in a objectDefinitionSource to protect url's from unauthorized access. However, I have a case in ... |
77. Acegi Saved Request Key Failure forum.springsource.orgAcegi Saved Request Key Failure Hi all, Sometimes as a non-authenticated user, the login JSP (loginFormUrl) doesn't display properly in the browser because all the images on the screen are not ... |
78. Get original request URL from Acegi?? forum.springsource.orgGet original request URL from Acegi?? Hi, To make Acegi run with JSF, we dedided to implement the login with a backing bean and not to use AuthenticationProcessingFilter (otheriwse Acegi is ... |
79. how to access request, session using spring & velocity forum.springsource.orgNo... Only the request attributes are put in the model (and the stuff you put in there yourself i.e. referencedata). If you want the request or session you have to use ... |
80. Retrieve user DN from web service request forum.springsource.orgRetrieve user DN from web service request Hi All I am quite new to spring-WS framework; but I found it very handy to use. I am working on a project where ... |
81. SQLException Causing Authentication Request To Fail forum.springsource.orgSQLException Causing Authentication Request To Fail During the early stages of my project, I was using the InMemoryDaoImpl, but am trying to switch over to JdbcDaoImpl. Now, login requests just get ... |
82. Logged in user not in request forum.springsource.orgLogged in user not in request Hi, (Also posted this message to spring web forum before I realized that there was an acegi forum) In some of my controllers, request.getRemoteUser() always ... |
83. Acegi loses saved request in session forum.springsource.orgAcegi loses saved request in session We are having a frustrating problem with acegi 1.0.4 and 1.0.5. We have an implementation that has been working for some time and recently added ... |
84. Access Request Object in Aspect Service forum.springsource.orgGreetings, I am trying to integrate Spring AOP into my web application: Code: aop:config> |
85. ACEGI_SAVED_REQUEST_KEY lost forum.springsource.orgACEGI_SAVED_REQUEST_KEY lost I am using CAS with ACEGI and I have problems in getting back the original request URL. 1)I have URL's under /report-app protected by ACEGI filter chain 2)ACEGI does ... |
86. XSLT: Access Request Params forum.springsource.orgIs it possible to access request parameters in XSLT views without explicitly adding them to the XML Source? I'm pretty sure that global parameters can be defined for XSLT transformations, so ... |
87. Access the real target of a request scoped proxy forum.springsource.orgHi folks! I have to get the hold of the real target of a request scoped proxy. Because request scoped proxies aren't normal objects - I cannot assign to the proxy ... |
88. ACEGI request.getRemoteUser() returns null forum.springsource.orgHello, Using ACEGI for basic form authentication. User is authenticated successfully after logging. After successfull validation, request.getSession().getAttribute("ACEGI_SECURITY_ CONTEXT") returns a valid authentication object to get hold of user principal and credentials. ... |
89. Ajax request for secured resource not redirected to login page forum.springsource.orgMar 19th, 2008, 08:12 AM #1 mahudeeswaran View Profile View Forum Posts Private Message Junior Member Join Date Jul 2007 Location Chennai,India Posts 18 Ajax request for secured resource not redirected ... |
90. Access request attribute in web page forum.springsource.orgAccess request attribute in web page Hi, formBackingObject method is used to initiate the values in the web page when dipalying first time. This method returns an object. But in the ... |
91. ACEGI_SAVED_REQUEST_KEY not kept when loging in by clicking MS office hyperlink forum.springsource.orgACEGI_SAVED_REQUEST_KEY not kept when loging in by clicking MS office hyperlink Hi, I am using Acegi security version 1.0.7 in my web app. Everything works fine when logging in by putting ... |
92. [Request for Feedback] Java 2 security integration available in TRUNK forum.springsource.orgHi everybody, Spring-DM TRUNK (the upcoming 1.2.0.m1) contains integration with Java 2 security. That is, when running with a security manager, Spring-DM uses privileged blocks in some areas to perform its ... |
93. Spring_security_saved_request_key forum.springsource.orgSpring_security_saved_request_key In the api docs for org.springframework.security.ui.AbstractProcessing Filter for the defaultTargetUrl they say defaultTargetUrl: indicates the URL that should be used for redirection if the HttpSession attribute named SPRING_SECURITY_SAVED_REQUEST_KEY does not ... |
94. Problem: No client certificate chain in this request [400] forum.springsource.orgProblem: No client certificate chain in this request [400] hi guys. i am new to spring-ws. and i have to build a prototype of a webclient with it. connection is via ... |
95. PropertyEditor - The way to access an attribute of request/session? forum.springsource.orgHello! In my application I'm using PropertyEditors, and they are working perfectly, but I have one situation that I can't find the way to solve it using them. The context: Currently, ... |
96. User role based on request url forum.springsource.orgHi all, I'am newbie to spring framework. Just today I try setup spring security 2.0.4. So I don't know how can i set user's(UserDetails) role (GrantedAuthority) based on request url. on ... |
97. Spring in production Listing -User experiances - 10000 requests per minute forum.springsource.orgSpring in production Listing -User experiances - 10000 requests per minute Hi all, I need some suggestions.We are developing a financial application which needs to handle 10000 requests per minute. I ... |
98. Pre Auth user detail service access to request custom principal forum.springsource.orgPre Auth user detail service access to request custom principal I'm using PreAuth just like this: /showthread.php?t=60728 (can't do URLs yet in this forum) but I want to have access to ... |
99. Method security with struts2 make all request params in action NULL forum.springsource.orgI need to use method security in my Struts2 application. It works as I want - deny user with no permission and allow access when user has a proper one. But ... |
100. Access to request parameters forum.springsource.orgIs it possible to reference the values of request parameters in the applicationContext.xml file so that a request-scoped bean definition can be injected with these values? If not, how is it ... |
