Security 1 « Security « Spring Q&A





1. Spring Security being called from different sources    stackoverflow.com

I want to run authentication/authorization only for the calls that come from HTTP requests. The method on the controller I want to have authentication/authorization enabled is called from more than one source. ...

2. Is there any Spring-Security-based production-ready security package for Java?    stackoverflow.com

I'm designing the security subsystem for a new product. The system requires the following:

  • Complex user/group/permission model, both service-level and domain-level (ACL)
  • Administration UI for the above
  • Rules performed upon user actions (account disable ...

3. spring security, can you add granular levels of security?    stackoverflow.com

With spring security, could you add permissions for a user like: canEditPage canViewPage canLogin etc? if yes, Are these stored at a byte array interally?

4. Questions to Determine Spring / Spring Security, etc Knowledge    stackoverflow.com

I requested Spring / Spring Security, etc training at work, and the bosses want to hire someone who knows Spring to come work with us as a consultant so that we'll ...

5. Spring Security in a distributed application    stackoverflow.com

We recently upgraded our application to Spring 3.0 and Spring Security 3.0. Apart of the additional work we want to do is to separate the backend from the front end for ...

6. java getSession().setAttribute()    stackoverflow.com

I have to make a litle change to an existing project(tomcat and java WebApplication). now, in loginForm, if users type correct login and password, it is Ok, to users wil be shown ...

7. Spring Security beginner's question. Build failed    stackoverflow.com

I downloaded all jar files for Spring Security 3.0 and added them to my lib folder in Netbeans 6.8. Then i added Spring framework to my web application and tried to ...

8. Spring security @notation for IS_AUTHENTICATED_FULLY?    stackoverflow.com

I am simply trying to allow a user access to a method if they are authenticated, but nothing I am doing seems to work. Is there a way to just check ...

9. Spring 3 - Custom Security    stackoverflow.com

I am in the process of converting a legacy application from proprietary technology to a Spring based web app, leaving the backend system as is. The login service is provided by ...





10. Spring Security: how to implement Brute Force Detection (BFD)?    stackoverflow.com

My web applications security is handled by Spring Security 3.02 but I can't find any out of the box support for Brute Force Detection. I would like to implement some application ...

11. Can you configure Spring-Security programmatically?    stackoverflow.com

I am working to configure Spring-Security with an existing application, for just basic security (i.e. what pages a user can see based on their roles). The question came up wondering if ...

12. How to check "hasRole" in Java Code with Spring Security?    stackoverflow.com

How to check user authority or permission in Java Code ? For example - I want to show or hide button for user depending on role. There are annotations like:

@PreAuthorize("hasRole('ROLE_USER')")
How to ...

13. Integrate Spring Security with Tibco Portal Builder    stackoverflow.com

I don't know if there is someone using Tibco Portal Builder with Spring security, or even just Tibco Portal Builder, XD, but I'm goint to ask just in case there is ...

14. spring security quick start    stackoverflow.com

I am trying to follow this to incorporate spring security in the framework http://java.dzone.com/tips/pathway-acegi-spring-security- i hope to make a basic form based authentication, so i think this would be a great ...

15. Spring Security RememberMeAuthenticationFilter not fired    stackoverflow.com

Im trying to integrate RememberMe functionality inside a Spring 3 webapp. The app is working good and doesn't show any other problem. When I enable the "remember me" check, the cookie is correctly ...

16. How do I make a Spring security event handler if connection is successful?    stackoverflow.com

In my test, I am using these lines to connect a user :

Authentication userAuthentication = new UsernamePasswordAuthenticationToken("jonh","boul", AuthorityUtils.NO_AUTHORITIES);
SecurityContextHolder.getContext().setAuthentication(userAuthentication);
Is there a way to add a listener that will just log in the ...





17. is spring security worth the effort    stackoverflow.com

i've been looking over spring security and noticing how its a pretty big package. I'm wondering if it's worth the effort to take the time to ramp up on this. has ...

18. Spring project segmentation, best practices?    stackoverflow.com

Im a spring newby (been baby sitting an ERP tool for the past 5 years). Anyway, I've got a few of the sample apps (petstore/etc) running, got spring security basics ...

19. Two realms in same application with Spring Security?    stackoverflow.com

We're building a web application that is available to both authenticated and anonymous users. If you decide not to register/login you only have a limited set of features. User authentication is ...

20. How to test Internet Explorer when using RequestHeaderAuthenticationFilter?    stackoverflow.com

We're using Spring Security with RequestHeaderAuthenticationFilter, and thus relying on a HTTP header to be set for the user name. On our local machines we don't have the software for authenticating, ...

21. Spring Security - CouchDB    stackoverflow.com

I want to write Authorization used the Spring Security. Users data will be saved in the couchDB. I have problem with make it possible access to methods.

@PreAuthorize("hasAuthority('ROLE_ADMIN')")
 ...

22. Spring/Spring Security 3.0.x execution flow    stackoverflow.com


I'm currently in the process of migrating an application from Spring 2.5.6 to Spring 3.0.4 and Spring Security 3.0.2 and I was wondering if there was some kind of execution flow ...

23. Spring Security userCache invalidation    stackoverflow.com

Using Spring Security I have a DaoAuthenticationProvider described like here: http://static.springsource.org/spring-security/site/docs/2.0.x/reference/dao-provider.html I also have caching (also like it's described in that article). The problem is that when a request comes in with ...

24. Odd object type change in Spring Security    stackoverflow.com

Can someone tell me why this

Details user=(Details) SecurityContextHolder.getContext().getAuthentication().getDetails();
sometimes returns Object and sometimes String? I've tested if user is logged in with
System.out.println(SecurityContextHolder.getContext().getAuthentication().isAuthenticated());
It prints true.

25. Penetration testing on Spring Security    stackoverflow.com

What docs or links are there that would describe passed bug that turned in to vulnerabilities of spring security and how does one go about trying to hack into the framework?

I'm ...

26. Reference External Project in Spring Configuration    stackoverflow.com

I am trying to reference a project in my main project. I am a .NET developer so I am having a hard time knowing the correct way to reference it. ...

27. circumventing spring security    stackoverflow.com

In our app spring security uses ldap as a provider. i am working on a change that will let you flip a flag in dev that will allow you to log ...

28. Spring 3 security is not working    stackoverflow.com

I am trying to build an application for get to now spring 3. I now try to configure security but it seems that my fitlers are getting picked up. below is ...

29. Spring security cannot find AffirmativeBased class    stackoverflow.com

Can anyone assist me with the following. I've configured spring authentication fine so - I can use spring to authenticate via a database and prevent access based on url etc... However ...

30. Spring-security - AccessDecisionVoter-impl wont be invoked    stackoverflow.com


I am trying to create custom AccessDecisionVoter and just stop it in the debugged when it gets invoked. I have put a breake point in each method, but nothing happed. spring-security.xml:

<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
 ...

31. Spring Security 3.0.5    stackoverflow.com

I'm rolling back from Spring Security 3.1.0.m1 to 3.0.5 but I'm using the security="none" and that's not in the 3.0.5 schema. Anyone know how I accomplish the same thing in ...

32. In General: Writing custom implementations for Spring and Spring Security    stackoverflow.com

Im using Spring Framework and Spring Security and I noticed that for Spring Security it is possible to write implementations for almost every class offered by Spring Security (lets say for ...

33. how to implement a forum and article management system together    stackoverflow.com

I want to create an article management system on wildlife and want to have a forum related to each article. How can I implement it. Following are the technologies I am ...

34. Spring Security query for multitier application    stackoverflow.com

In our application we want to match username and password in the backend and retrieve there authorities there if the credentials are correct. We want to use these Authorities to define ...

35. Can spring security support multi entry points?    stackoverflow.com

I mean need different: Login URL Login out url session time url authentication provider and even error page , css for different entry point. is this possible?

36. Spring "alias is required"    stackoverflow.com

I'm new in Spring and I'm trying to create a application using Spring Blazeds Integration (Flex + Blazeds + Spring + Java) and when I run the application I got this ...

37. Spring Security: AuthenticationUserDetailsService implemetation not called    stackoverflow.com

I'm having problems understanding why Spring Security is not calling my AuthenticationUserDetailsService implementation. The app in question currently uses Beehive as its web application framework. However, we have started ...

38. Building a security framework    stackoverflow.com

I know there are many security frameworks and "building" a security framework is a bad idea. In the recent project I have worked on, I used spring security to secure the ...

39. What component provides AuthenticationToken in Spring Security?    stackoverflow.com

I need to write a new authentication method for Spring Security for a rare authentication protocol. I can write an AuthenticationProvider that will support the new system, but I need ...

40. EvaluationException: No SqlMapClient specified    stackoverflow.com

SEVERE: java.lang.IllegalArgumentException: No SqlMapClient specified javax.faces.el.EvaluationException: java.lang.IllegalArgumentException: No SqlMapClient specified

41. Custom UserDetialsService with multiple parameters in Spring Security    stackoverflow.com

Spring Security has a UserDetailsService with a method

public UserDetails loadUserByUsername(String username)
Normally we need to create UserDetailsServiceImpl which implements this interface and provide the implementation for the above method. In my ...

42. Spring Security Sequence Flow    stackoverflow.com

Can anybody explain me how Spring Security works? The architecture and the main classes or interfaces, I want to have overview about this framework. How Spring security work from the authentication ...

43. Using a custom AbstractSecurityExpressionHandler?    stackoverflow.com

I'd like to use an expanded list of security expressions in Spring Security 3.0.5. I've located the WebSecurityExpressionHandler interface, but I can't find any documentation for how to ...

44. How to create and configure the custom UserDetailsByNameServiceWrapper in Spring security 3.0.5?    stackoverflow.com

I am using spring security 3.0.5 in my web application based on Spring MVC. We need to check four parameters for the authentication i.e. username, password, company and organization. For this I ...

45. can I use Spring Social with Spring Security?    stackoverflow.com

I want to integrate the Spring Social (to provide twitter, facebook, linkedLogin) with my application in which I have already used Spring Security to provide open ID authentication.... Spring Security's open ...

46. Spring security + decoupling from application    stackoverflow.com

We are in process of creating a appstore for our business. This appstore has mutiple application deployed. I have a simple security java project which is included in all applications. All the ...

47. How to enforce Spring Security as main Security Manager?    stackoverflow.com

is there any way to enable java SecurityManager while using spring security ? I have a Swing standalone application and using spring jdbcDaoImpl to authenticate and authorize using MySql Database (default spring ...

48. Handling UserNotFoundException in PreAuthenticationProvider    stackoverflow.com

I have two authentication providers. One checks against the database and the other is a pre-authenticated provider for SAML assertion. User information and their respective roles are persisted in a DB. So ...

49. Spring-security    stackoverflow.com

When the same user log in using different browsers/machines concurrently,user is allowed to login by same credential With Spring security concurrent session control this can be easily handled by the ...

50. Spring Security Salt    stackoverflow.com

I'm trying to add a salt when adding a new user/pwd, but the docs seem to be missing how to do this. Here's a basic example:

<authentication-manager>
    <authentication-provider user-service-ref="userDetailsService">
  ...

51. Spring Security - empty sessionRegisty    stackoverflow.com

I have Spring Security (3.1.0.RC3) configuration like below, but sessionRegistry.getAllPrincipals() return empty list. What may be wrong ?

<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />

<bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter" 
    p:sessionRegistry-ref="sessionRegistry" 
   ...

52. Claims-Aware application in Spring    stackoverflow.com

I would like to implement a claims based authentication/authorization in a project. The project is using Spring 3.0 and spring security. Can it be done using Spring? I have implemented LDAP ...

53. Best way to build java desktop app with security    stackoverflow.com

I'm building some desktop app in Java and i want to know what is the best way to add security into the application (login at startup) and how to tell gui ...

54. Changing Spring Security configuration    stackoverflow.com

We have a typical requirement in our application. We have two Spring Security configurations: 1. CAS Server 2. LDAP (NTLM) So, now we need to check whether the CAS server is available or not and ...

55. java.lang.IllegalStateException: ApplicationEventMulticaster not initialized    stackoverflow.com

I'm getting the following error when trying to run a project with spring and spring-security (it was running before I added spring security):

java.lang.IllegalStateException: ApplicationEventMulticaster not initialized - call 'refresh' before multicasting ...

56. struggling with urlrewrite and spring security. Need directions    forum.springsource.org

struggling with urlrewrite and spring security. Need directions Here is my security config ...

57. spring security defaults not changed?!    forum.springsource.org

Jan 2nd, 2011, 01:24 AM #1 tango View Profile View Forum Posts Private Message Member Join Date Nov 2010 Posts 45 spring security defaults not changed?! gretting all im using spring ...

58. problem with Spring Security    forum.springsource.org

This is because you are using basic authentication and there is no way to logout when using basic authentication. All Spring Security does is clear out the SecurityContext from session, but ...

59. Spring Security for CMS    forum.springsource.org

Spring Security for CMS We are building a content management system which is used to manage our products. The CMS is used by our data entry people and representatives from various ...

60. Spring Security + PostgreSQL = Add Administrators    forum.springsource.org

Spring Security + PostgreSQL = Add Administrators Hi! I created application which allows to add administrator accounts. You should be able to log in, but although the account is in the ...

61. JavaScripts and Spring: Security    forum.springsource.org

JavaScripts and Spring: Security Hello, Ive got one question. I use Spring (MVC), Spring Security, Ajax... Ive got a JSP which displays data of a user (which is stored in a ...

62. How to assign security to scheduler ?    forum.springsource.org

How to assign security to scheduler ? I have a scheduler configuration like this: My getPersons has ROLE_USER @Secured({"ROLE_USER"}) public ...

63. problem with spring security    forum.springsource.org

Jan 24th, 2011, 12:00 PM #1 akshay.jain.7983 View Profile View Forum Posts Private Message Member Join Date Aug 2010 Posts 33 problem with spring security I am using spring 3.0.2 with ...

64. Spring Security 3.1.0.M2 and SavedRequestAwareAuthenticationSuccessHandler    forum.springsource.org

Spring Security 3.1.0.M2 and SavedRequestAwareAuthenticationSuccessHandler Hello Guys, In the process of setting up to filter chains to handle both form based and API based authentication I have come across an issue ...

65. Spring Security 3.1.0.RC1 doesn't play nice with Spring 3.1.0.M1    forum.springsource.org

Feb 13th, 2011, 01:03 PM #1 high5 View Profile View Forum Posts Private Message Junior Member Join Date Mar 2010 Location Croatia Posts 8 Spring Security 3.1.0.RC1 doesn't play nice with ...

66. Security messages and LocalChangeInterceptor    forum.springsource.org

Security messages and LocalChangeInterceptor Hello. Is there any way of configuring spring security messages with localized messages using a org.springframework.web.servlet.i18n.LocaleChangeI nterceptor? I mean, my internalizations works fine in general, using Code: ...

67. Spring security's issue with load balance    forum.springsource.org

Hi There, I am using Spring security 2.04 more than 1 year not issues. but I encountered one issue after recently upgrade single application server to 2 app servers with load ...

68. How to implement my company's security software in Spring Security?    forum.springsource.org

How to implement my company's security software in Spring Security? I have been reading the Spring Security 3.0 documentation over and over and trying different things and I think I need ...

69. Typical Security addon updated    forum.springsource.org

Typical Security addon updated Just a quick note to announce that the typicalsecurity addon has been updated to reflect some of the concerns that have been identified by the community. Changes: ...

70. OpenAM Spring Security Cross Domain Issue    forum.springsource.org

Hi all, I am using the OpenAM Spring Security provider found here https://wikis.forgerock.org/confluen...i)+Integration. I am now trying to enable cross domain login without any success. Can somebody please give me a ...

71. Spring Security java configuration via @Features    forum.springsource.org

Spring Security java configuration via @Features Morning, gentleman. Looks like we got Spring 3.1.0.M1 released and working, giving the ability to create complete XML-free configuration for data access, services, transactions and ...

72. Email Activation through Spring Security?    forum.springsource.org

Is there any way to send an activation email on user registration through Spring Security? Any other suggestions? I can send mail using Spring's MailSender and SimpleMailMessage. Do i have to ...

73. security in spring    forum.springsource.org

hi, how do i able to get what commands that a user can access according to its roles ? i'm using jdbc authentication thanks ...

74. MFA with spring security    forum.springsource.org

75. mod security for ERS    forum.springsource.org

76. Security checks    forum.springsource.org

Security checks I was wondering what would be a good way to handle security checks based on the user associated with a request. Currently I have Code: package presentation.web.shop; import javax.servlet.http.HttpServletRequest; ...

77. Spring Security does not work with AD in WinServ2008    forum.springsource.org

Spring Security does not work with AD in WinServ2008 I am trying to make Spring Security work with ActiveDirectory (in JasperServer WebApp). It won't work. Here is the configuration of my ...

78. spring-security 2.0.6 configuration problems.....    forum.springsource.org

spring-security 2.0.6 configuration problems..... Hi all! I'm tring to configure spring-security in my web app without results . I'm using: - JBoss 4.2.2,spring 2.5, spring-security 2.0.6 web.xml Code: filterChainProxy org.springframework.web.filter.DelegatingFilterProxy ...

79. Question about the document of spring security 3.x (RememberMeServices)    forum.springsource.org

Question about the document of spring security 3.x (RememberMeServices) Hi, I have a question about the document of spring security 3.x. http://static.springsource.org/sprin...member-me.html In the section '10.4.1 TokenBasedRememberMeServices', there is a statement: ...

80. questions to Spring Security core components    forum.springsource.org

questions to Spring Security core components Hello, Im using Spring Framework 3.0.5 and Spring Security 3.0.5. Ive got some questions to Spring Security. 1. I read that the core components of ...

82. security authontication    forum.springsource.org

Hai, I am implementing spring roo security authontication. i am sending username password menuvally in url how to get that data in databaseauthonticationprovider.java and also i want to now session,cookie creation ...

83. Adding spring-security-core-3.0.5 to org.springframework.core-3.0.0.M3    forum.springsource.org

Jun 16th, 2011, 05:22 AM #1 Java Developer View Profile View Forum Posts Private Message Member Join Date Jan 2009 Posts 83 Adding spring-security-core-3.0.5 to org.springframework.core-3.0.0.M3 I wanted to add Spring ...

84. Spring Security advantage vs own implementation    forum.springsource.org

Spring Security advantage vs own implementation I want to hide the fields/sections in JSF page which the user are not authorize to access. In addition to that if I would show ...

85. Does anyone have an Spring security implementation for 2.0.4    forum.springsource.org

Does anyone have an Spring security implementation for 2.0.4. I am unable to upgrade to a newer version of Spring and couldn't find documentation anywhere for Spring Security 2.0.4. This post ...

86. Spring Security Open Id    forum.springsource.org

Hi all, I'm trying to implement an application that has an user interface! I'd like to know how can I use OpenId authentication only, because I don't have to specify particular ...

87. Upgrande spring-security 2 to 3.0.5    forum.springsource.org

Upgrande spring-security 2 to 3.0.5 Hello everybody I'm doing an upgrade from the spring-security-3.0.5 and I had a class here: Code: public class AcseleAuthenticationProcessingFilter extends AuthenticationProcessingFilter { @Override protected void onPreAuthentication(HttpServletRequest ...

88. How to use spring security for multiple site in the same application    forum.springsource.org

How to use spring security for multiple site in the same application Hi all, I have to secure multiple web site with the same spring security framework, in example i have ...

89. Security Vulnerabilities with JPetStore and visualization of the AutoBinding Issues    forum.springsource.org

Security Vulnerabilities with JPetStore and visualization of the AutoBinding Issues Hi, I just posted the following blog post (Finally... here is how I have been analysing Spring MVC apps using O2) ...

90. Spring Security 3.1 Questions    forum.springsource.org

Spring Security 3.1 Questions Hello all, I have a few questions regarding the new Spring Security 3.1 and Spring Security ACL in general. 1. So let's say I have an object ...

91. Help with spring security configuration    forum.springsource.org

Aug 11th, 2011, 10:17 AM #1 leonardocostaborges View Profile View Forum Posts Private Message Junior Member Join Date Aug 2011 Posts 2 Help with spring security configuration Im getting an error ...

92. About the post action protected by the spring security    forum.springsource.org

About the post action protected by the spring security Hi All My web app contains the comment function. Only the login user can comment on some topic. I use the spring ...

93. Where can I download sample projects of spring security?    forum.springsource.org

From release package,I just get the samples of tutorial and contacts without source. How can I get the others sample projects and their source code?

94. Security on DAOs, Services or Datasource    forum.springsource.org

Security on DAOs, Services or Datasource Where should I secure my web application on services (this appears to be the popular choice) or DAOs? I prefer the former because it avoids ...

95. Need help with security    forum.springsource.org

Need help with security I was playing with spring mvc and built a simple annotation based example.. Just a few controller pojos and then i wanted to put in a login ...

96. Spring Security 3.1.0 Release Date    forum.springsource.org

97. Spring 3.1 WebApplicationInitializer and spring security    forum.springsource.org

Spring 3.1 WebApplicationInitializer and spring security Hello, Are there examples or other references on how to configure the new WebApplicationInitializer introduced in Spring 3.1 and Spring Security? We are writing a ...

98. spring security    forum.springsource.org

99. Regarding Use of Spring Security with applets    forum.springsource.org

Regarding Use of Spring Security with applets Hi all, Can anyone look at the following link and kindly pass your comments what Spring Security is doing here, http://forum.springsource.org/showth...ng-Spring-MVC-. With Spring Security ...

100. Security ineffective after upgrading from 3.0.5 to 3.1.0.RC3    forum.springsource.org

Security ineffective after upgrading from 3.0.5 to 3.1.0.RC3 Hi there, after upgrading Spring Security from version 3.0.5 to 3.1.0.RC3 and changing the schema location to http://www.springframework.org/schem...curity-3.1.xsd our custom decision voter (that ...