authentication 1 « Security « Spring Q&A





1. Spring and Stripes Security Design    stackoverflow.com

I'm building a web application using Stripes and Spring. It needs to have a login/authentication feature. Right now I store user information separate from user credentials in the database. ...

2. User is not prompted to authenticate after restarting the server    stackoverflow.com

Spring security has been used for our application. Spring security has been configured in bean declaration way. The problem is : I logged into the application, browsed few pages, and restarted the ...

3. Does spring security support Windows live ID?    stackoverflow.com

for more details about the live id : https://accountservices.passport.net/ppnetworkhome.srf I have seen jar files in spring-security-2.0.5 indicating support for

  1. acl (i dont knw wht it is)
  2. cas (no idea again)
  3. NtLm
  4. open id
does it ...

4. Spring Security - Custom authentication provider not called    stackoverflow.com

I have a Spring application (Spring version 2.5.6.SEC01, Spring Security version 2.0.5) with the following setup (this is based off of this question): In the security-config.xml file, I have the following ...

5. Spring-security is not picking up my authentication manager    stackoverflow.com

I am screwed with the spring security configuration issue Here is my configuration

    <security:global-method-security pre-post-annotations="enabled" />

<security:http auto-config="true">
    <security:intercept-url pattern="/dologin"     access="ROLE_USER,ROLE_ANONYMOUS" />
  ...

6. Switching authentication approaches at runtime with Spring Security?    stackoverflow.com

Typically, when you declare different "<authentication-provider>" for your application (webapp in my case), Spring Security takes care of invoking providers one after another, incase of failure. So, say I have DatabaseAuthenticationProvider ...

7. Authenticate User manually    stackoverflow.com

I am trying to authenticate the user after I got credentials using oAuth (with Twitter if that makes a difference). As far as I could understand it, I can directly put ...

8. Spring 3 Security Authentication Success Handler    stackoverflow.com

I am using form-login for security and I am trying to implement an authentication success handler, but I am not sure how to go back to the resource that was initially ...

9. Spring security and authentication provider    stackoverflow.com

I'm trying to implement Spring 3 Security in a project, but I can not get rid of the following error:

SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: ...





10. Authentication with Spring Security with usersByUsernameQuery    stackoverflow.com

Combination of corporateId and username is unique for us in the user table. I know spring provide a mechanism to write custom query for the authentication.

<bean id="authenticationDao"
    class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
  ...

11. How to get authentication infomation when using spring security?    stackoverflow.com

At pages I am using tag: security:authorize ifAnyGranted="ROLE_USER,ROLE_ADMIN" ... It works. But at server side: I use SecurityContextHolder.getContext().getAuthentication().isAuthenticated(),it is always true. When I didn't log in, the system take anonymousUser as the log in ...

12. Configuring HttpClient in Spring using Basic Authentication    stackoverflow.com

I'm implementing a SOLR server in our application. We use the CommonsHttpSolrServer in the SolrJ package to connect to our solr server which uses the commons-httpclient. We also use Spring. Now our sysadmin secured ...

13. Does Spring Security support multi factor authentication?    stackoverflow.com

Has anyone tried it? Can this be used for sites that require high security like banking and financials? Please advice.

14. Is it possible to programmatically authenticate with Spring Security and make it persistent?    stackoverflow.com

I'm using the following method in a Spring Controller to allow authentication via Ajax. It works, but it doesn't seem to create a cookie or anything that makes the authentication persistent.

@RequestMapping(method ...

15. How do I mock out authentication for functional tests in applications using Spring Security?    stackoverflow.com

I have a suite of Selenium-driven functional tests for a web application I'm developing. I've recently integrated with Spring Security as a means of handling authentication. All of my functional tests ...

16. Spring Security with multi-factor authentication    stackoverflow.com

Is there a way to configure Spring Security for supporting multi-factor authentication? I want to first ask the user name and the password from the user and then ask security answer of ...





17. How to customize Spring security Authentication to use 3 parameters?    stackoverflow.com

I am a bit new to Spring Security. Normally, we authenticate users using 2 parameters username and password. I have to configure the authentication process to use 3 parameters, which are ...

18. Spring Security 3 custom authentication requirement.... help needed!    stackoverflow.com

I am developing an application with spring security. I have a requirement that when a user is created he is assigned a default password. The user must reset his password to ...

19. Spring Security - two separate sources for authentication information    stackoverflow.com

My Spring Security form-based login currently contains a form and the default LdapAuthenticationProvider and I am able to authenticate properly. But there's a new requirement to check that user is enabled. This ...

20. Spring Security and Custom Authentication Provider    stackoverflow.com

I have a custom AuthenticationProvider that simply returns the Authentication object for the authenticate method. What I want to do is add a role to the user when they log in. ...

21. Not to Use Spring Security Authentication?    stackoverflow.com

Spring Security 3 reference says that:

5.3 Authentication Spring Security can participate in many different authentication environments. While we recommend people use Spring Security for ...

22. How to enhance an authentication process with a token?    stackoverflow.com

I use Spring Security 3 and has a simple login authentication and authorization mechanism. A user writes username and password and then that password gets hashed at server side. Client send ...

23. External authentication using Spring Security    stackoverflow.com

We got our own central session management. Generally user can authenticate over it with an username and password, and as a result he gets an session_id. All other operations are done ...

24. Spring Security: One Authentication Provider for loading authorities and other for real authentication    stackoverflow.com

My application uses Spring Security for handling authentication. So far I was using simple authenticaton provider based on jdbc-user-service which was both performing authentication and loading authorities and it all ...

25. spring Authentication.setAuthenticated(boolean) java.lang.IllegalArgumentException: Cannot set this token to trusted    stackoverflow.com

I have the following code (attempting to log a user in programatically):

List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new GrantedAuthorityImpl("ROLE_ADMIN"));
...
User tempUser = new User(correctUsername, 
    correctPassword, 
    true, ...

26. Spring Security Authentication using MyBatis    stackoverflow.com

I am trying to perform Spring Security Authentication using MyBatis. My spring-security file looks as follows

        <global-method-security pre-post-annotations="enabled" />

       ...

27. Best Practice for Path based Authentication    forum.springsource.org

Best Practice for Path based Authentication Hello, I'm looking for the best practice for providing authentication based on the URL path. I have one web application that exposes two paths (/path1, ...

28. Security check always results with authentication-failure    forum.springsource.org

Dec 27th, 2010, 09:50 AM #1 PanTypan View Profile View Forum Posts Private Message Junior Member Join Date Dec 2010 Posts 3 Security check always results with authentication-failure Hi Everybody! I'm ...

29. Instantiation Authentication object    forum.springsource.org

Hi all I am very new to Spring Security 3 . Currently I have my own login form and post login credentials to controller method where credentials will be handle. If ...

30. Authentication successful but Authentication object is empty    forum.springsource.org

Authentication successful but Authentication object is empty Hi all I have "IllegalArgumentException: null source" exception when using Websphere authentication according to the log - Authentication was successful, But Authentication object passed ...

31. JNDI Datasource Lookup with authentication    forum.springsource.org

JNDI Datasource Lookup with authentication Hello I am on an application where we are using Spring 2.5 , Hibernate 3.3 , and Weblogic 11g. In Spring we have a JNDI-lookup element ...

32. authentication events not received by listener    forum.springsource.org

Hi, I am using Spring 3.0.4 and Spring Security 3.0.5. I have created the following class, for auditing security events (and other things, which are omitted here for brevity): Code: public ...

33. authentication between servers    forum.springsource.org

authentication between servers Hi, I have a Spring Security setup on one server with a game on it, and a web site on another server that serves a PHP/MySQL web site. ...

34. Authentication Providers    forum.springsource.org

I am currently implementing a web application using Spring Security 3.1. During the authentication process, I need do be able to do the following: Validate that the user name provided exists ...

35. using authentication token during authorisation    forum.springsource.org

using authentication token during authorisation I implemented my own AuthenticationProcessingFilter in which I set the authentication token to an instance of DomainSecurityAuthenticationToken, which is a class derived from UsernamePasswordAuthenticationToken. DomainSecurityAuthenticationToken has ...

36. How to implement different ways of authentication    forum.springsource.org

How to implement different ways of authentication Hi, I'm using the current release of spring (3.0.5) ans spring security for my webapplication. The application can be called from two different ways: ...

37. Additional parameter needed for authenticate    forum.springsource.org

Additional parameter needed for authenticate Hi I have an application in which there are several domains and there are users within these domains. Usernames are unique within domain but same username ...

38. DaoAuthenticationProvider authentication problem    forum.springsource.org

DaoAuthenticationProvider authentication problem I have a gwt 2.1 app with Spring-security(3.0.5) providing security for the app. I'm also using Hibernate 3.5.0 for persisting the data from the db. Now there is ...

39. How to implement Authentication Failover    forum.springsource.org

How to implement Authentication Failover I'm setting out to build a web application that uses Kerberos authentication (because most our users are using IE) and defaults to NTLM authentication for Firefox. ...

40. Extending Spring Formbased authentication    forum.springsource.org

Spring Roo added the Formbased Authentication in Spring successfull ... No i wan't to identify a user with a triplet of information, like username, country, password and save this information during ...

41. Custom Spring Authentication    forum.springsource.org

Hi, We have an application which stores user's credentials on a remote-service's database. We have written classes which lets us know whether a uname and pw are valid or not in ...

42. Additional authentication check    forum.springsource.org

Hello, I'm using spring security 2. I have configured form login and authentication and authorization using LDAP. In addition I need to perform container based authentication (programaticaly) which is neccessary to ...

43. Is Pre-Authentication an option in acegi2?    forum.springsource.org

Hi, We are using spring security 2 with spring2.5. We need two options Pre-Authentication and form-login both are available in our system. In Pre-Authentication case,the authentication is done by other serivce. ...

44. Second Authentication Provider not getting invoked    forum.springsource.org

Second Authentication Provider not getting invoked I have 2 authentication providers. One is LDAP to verify password. If that is successful, I want it to go through another verification process against ...

45. Customize the Authentication Object    forum.springsource.org

Customize the Authentication Object Hi, On login, I am calling I am returning a xyzUser Object. Code: public CnvgUser authenticate() throws AuthenticationException { HttpServletRequest request = getRequest(); final HttpServletResponse response=getResponse(); SecurityContextHolder.clearContext(); ...

46. customized authentication provider...    forum.springsource.org

customized authentication provider... I am new in spring security. I have to implement login option using spring security (using Hibernate Annotation). I have InnoDB supports for MySQL DB. My employee login ...

47. Custom authentication    forum.springsource.org

Custom authentication Hi Guys, I started developing a web application with spring and spring security framework and i have a requirment of identifing the Users on basis of 2 keys (BranchCode ...

48. Authentication issue with Spring security 3 on WAS 7    forum.springsource.org

Hi, We are using spring security 3 with WebSphere Application Server 7. While development, we have deployed the same application on tomcat 7 where as it was authenticated correctly. But when ...

49. Authentication Events not firing    forum.springsource.org

Authentication Events not firing Hi, I am trying to listen for authentication events by implementing ApplicationListener. I am receiving application content events but I am not receiving authentication events (e.g. AuthenticationFailureBadCredentialsEvent). ...

50. Multiple Authentication Entry Points    forum.springsource.org

Hi, I'm replacing my own Security mechanisms with Acegi in an App where currently I have seperate login forms for admin and users. Can someone suggest the best approach to doing ...

51. AJP13 and Pre-Authentication    forum.springsource.org

AJP13 and Pre-Authentication hi I tried to configure the security relying on this documentation http://static.springsource.org/sprin...e/preauth.html I use Spring Security 3.0.5 and want to get a pre-authenticated user that authenticates on IIS ...

52. Mocking out authentication for functional tests when using Spring Security    forum.springsource.org

Mocking out authentication for functional tests when using Spring Security I have a suite of Selenium-driven functional tests for a web application I'm developing. I've recently integrated with Spring Security as ...

53. repeated authentication of Authentication object    forum.springsource.org

repeated authentication of Authentication object This is my understanding of the SecurityInterceptor mechanics: For each request a Authentication object is retrieved from the SecureContext. The Authentication object gets authenticated and the ...

54. Multistep authentication: how?    forum.springsource.org

FYI I gave up doing real multi-step login (process of gradually adding roles / rights for an in course of authentication process - at least this is my case of "multi ...

55. Combining two authentication providers    forum.springsource.org

Combining two authentication providers Im having the current problem which I cant really figure out how to solve: I want to use two authentication providers and combine them like this: First ...

56. Four-eye-principle authentication    forum.springsource.org

Four-eye-principle authentication Hi, has anybody a clue how to start implementing "Four-eye-principle authentication" in an JSP/Java web application with Spring Security? Four-eye-principle authentication means: by first authentication process (login) must be ...

57. Authentication ActiveDirectory    forum.springsource.org

Authentication ActiveDirectory Hi, I am loging to Microsoft Active Directory 2003 and Im using Spring Security 3.0.0.RELEASE. My spring-security-context.xml is: Code:

58. How to catch org.springframework.security.authentication.Disabl edException    forum.springsource.org

How to catch org.springframework.security.authentication.Disabl edException After registering a new user in my app we set an activate field to false as the user first needs to activate. We are using this ...

59. How to achieve Spring Security3.5 for authorisation only and not for authentication    forum.springsource.org

How to achieve Spring Security3.5 for authorisation only and not for authentication Hi , We have a requirement in which we use weblogic container for authentication and we are planning to ...

60. Anonymous token after authentication    forum.springsource.org

Jun 16th, 2011, 06:39 PM #1 sajitmk View Profile View Forum Posts Private Message Junior Member Join Date May 2011 Posts 4 Anonymous token after authentication Hi, I had to create ...

61. Anonymous authentication    forum.springsource.org

I wish to know how exactly an anonymous user is authenticated. Am I right in assuming that any user, even an anonymous one has to have some type of credential in ...

62. Authentication for single actions    forum.springsource.org

Authentication for single actions Hello Normally when you authenticate a user, a session context is created and holds the logged user. But what if you merely want to authenticate the user ...

63. authentication in spring security 3.0.5    forum.springsource.org

authentication in spring security 3.0.5 Hi Guys, I am absolutely new to spring security and i need to apply authentication using spring security My requirements are as soon as application starts ...

64. How to change the authentication object of loggedin User as another user    forum.springsource.org

How to change the authentication object of loggedin User as another user Is there a way to authenticate a logged in user as another user. I want to achieve this before ...

65. Two authentication managers being instanciated    forum.springsource.org

Two authentication managers being instanciated Hi there! I'm upgrading my application from Spring Security 2.0.4 to 3.0.5.RELEASE and found the following: The bean defined by an with its authentication-providers is ...

66. Problem using customised authentication provider class for basic authentication    forum.springsource.org

Problem using customised authentication provider class for basic authentication Hi, I am using basic authentication and validating in a customized class. Let me show my configurations: /****************SpringSecurity.xml**************** *******/ Code: ...

67. My authentication-success-handler-ref not apply    forum.springsource.org

My authentication-success-handler-ref not apply I have a problem about different role turn to different page(defalut page). this is my code: Code: ...... Code: ...

68. Temporarily switch authentication    forum.springsource.org

Hi, I have a class which calls via Spring-RMI-Remoting a remote service. Therefore I have to switch the authentication for this call. I did: Code: Authentication oldAuth = null; try { ...

69. problems with the authentication in ActiveMQ embedded    forum.springsource.org

Aug 12th, 2011, 06:50 AM #1 Alvaro V.G. View Profile View Forum Posts Private Message Junior Member Join Date Jul 2011 Posts 19 problems with the authentication in ActiveMQ embedded Hi, ...

70. problems with the authentication in ActiveMQ embedded    forum.springsource.org

Aug 12th, 2011, 09:08 AM #1 Alvaro V.G. View Profile View Forum Posts Private Message Junior Member Join Date Jul 2011 Posts 19 problems with the authentication in ActiveMQ embedded Hi, ...

71. Multiple Authentication Providers    forum.springsource.org

Hi, I need some help in configuring Basic and NTLM authentication together. I need to first do a basic authentication and if its success then no need to check for NTLM ...

72. Testing using the authentication    forum.springsource.org

Testing using the authentication Hi at all, I'm testing a Service that I made and secured using spring security...I've seen that for test I can set the authentication in the authentication ...

73. Nagging dialog for Subclipse authentication    forum.springsource.org

Nagging dialog for Subclipse authentication since I use SpringSource ToolSuite 2.7.1 and installed the latest Subclipse Plugin (1.6.x), this plugin ask's me every time I commit something into the repo for ...

74. Other tab use authentication    forum.springsource.org

Hi, I wan to use spring security in my application , how I ll setup it. Is it support like gmail or other website where if we login in one tab ...

75. When I doing finger authentication, how do I put it in Spring Security.    forum.springsource.org

When I doing finger authentication, how do I put it in Spring Security. Hello. I want to do finger authentication, and I have some questions and hopes if possible. Finger login ...

76. Employing custom authentication provider    forum.springsource.org

Employing custom authentication provider Hi! My application needs to use custom authentication provider in order to authenticate against data gained from EJB. So here is my MyUsernamePasswordAuthenticationProvider class: Code: package sk.skhplus.retail.controller; ...

77. Pre Authentication problem    forum.springsource.org

Pre Authentication problem Hi, My webapp is implemented with spring mvc+spring security 3.0. In my company there is an authentication webapp that insert a User object in the session but when ...

78. [Newbie] Post-authentication processing?    forum.springsource.org

[Newbie] Post-authentication processing? Hi all, I just started to use Acegi recently and I am wondering what the best way to solve a problem would be. The context: A web app ...

79. Basic Authentication without user input.    forum.springsource.org

Hi, i am working on a web application and we dont use any login at all(public facing website) but in one part of the application we need to talk to the ...

80. Programmatic authentication    forum.springsource.org

Programmatic authentication I'm trying to consume a REST service protected by Spring Security/CAS programmatically. Can anyone tell me what header to put the username/password in or how to get the correct ...

81. Curious about chaining authentication providers    forum.springsource.org

I'm wondering if you could chain the providers together so if the username isn't found in the first provider, it would look in the second provider and so on before it ...

82. Container-managed authentication    forum.springsource.org

Container-managed authentication Hi, I need to use container-managed authentication (need single sign-on for multiple webapps in the same container). But I'm a little confused as to how this works. What I'd ...

83. What is the relationship of UserDetail and Authentication    forum.springsource.org

According to the java doc, the UserDetail holds information and later on to be stored inside the Authentication. I am using my own AuthenticationDao impl, and it has a method loadxxx ...

84. Chaining Authentication Providers?    forum.springsource.org

Chaining Authentication Providers? I recently integrated a simple web app using my client's LDAP using Acegi (very cool BTW). I still needed developer/test users so wanted to splice in an older ...

85. Programmatic authentication    forum.springsource.org

How i can manually perform user logon? I mean next scenario: 1. User fills registration form and clicks Submit 2. Application performed validation of entered info and created new record in ...

86. Customize Authentication    forum.springsource.org

Hello, I have an application that does not have a login screen. We take the userid from the users network login and use it to look up authentication infromation in our ...

87. Multiple Authentication Domains?    forum.springsource.org

Multiple Authentication Domains? Hello again, My application has got two authentication domains: One domain, called "internal", is authenticated via LDAP. One domain, called "external", is authenticated via a User Database. (to ...

88. Do Authentication objects need to be immutable?    forum.springsource.org

Do Authentication objects need to be immutable? RunAsUserToken claims that it is. What about the others? What are the consequences, if they weren't? Thanks. Andreas

89. upgrading 0.8.0 Null authentication SecureContextImpl    forum.springsource.org

Mar 12th, 2005, 02:25 PM #1 pg View Profile View Forum Posts Private Message Member Join Date Sep 2004 Posts 50 upgrading 0.8.0 Null authentication SecureContextImpl I am trying to migrate ...

90. mail and authentication    forum.springsource.org

mail and authentication Hi, I would like to try sending email in the Spring way. but got error: org.springframework.mail.MailAuthenticationExcepti on: Authentication failed: null; nested exception is javax.mail.AuthenticationFailedException: null. I am testing ...

91. Authentication.getDetails() returns String in v0.8.1    forum.springsource.org

Authentication.getDetails() returns String in v0.8.1 I have upgraded to 0.8.1 but when I call Authentication.getDetails() instead of getting an instance of WebAuthenticationDetails I get a string representation of the instance. This ...

92. authz:authentication question    forum.springsource.org

I've been working with ACEGI for only a week and I've already produced some good results but I can't manage to put the classic "Hello FirstName LastName" in all JSP Pages, ...

93. Switch from 0.8.0 to 0.8.1 and anonymous authentication    forum.springsource.org

Switch from 0.8.0 to 0.8.1 and anonymous authentication I switched from version 0.8.0 to version 0.8.1. Before the switch, all pages which were defined as visible to "ROLE_ANONYMOUS" were visible before ...

94. Chaining Authentication Providers    forum.springsource.org

From reading the documentation, it seems like it should be possible to chain authentication providers like the following: Code: ...

95. 0.8.2: User.toString() change breaks Authentication.getName(    forum.springsource.org

0.8.2: User.toString() change breaks Authentication.getName( After upgrading to Acegi 0.8.2 I can't get the user name from an Authentication object anymore. The following code worked with 0.8.2 Code: User user = ...

96. Executing code after any kind of authentication    forum.springsource.org

Executing code after any kind of authentication In a previous post I asked about getting the username into the session after authentication. Finally I ended up making my own JSP tag ...

97. Authentication.setAuthentication calls    forum.springsource.org

Authentication.setAuthentication calls While going through the Acegi 0.8.0 code, I realized that authentication.setAuthentication(true) and false is only being done in AbstractSecurityInterceptor... Is it the correct assumption that in my implementation of ...

98. spring-mail-framework authentication problem    forum.springsource.org

May 7th, 2005, 09:28 AM #1 derKaiser View Profile View Forum Posts Private Message Junior Member Join Date May 2005 Posts 13 spring-mail-framework authentication problem hi when i try to send ...

99. authentication by code    forum.springsource.org

authentication by code Hi I am using the following code to login programatically but it doesn't work (seems to not recognizing the authorities), can someone tell me what's wrong? Code: UsernamePasswordAuthenticationToken ...

100. Authenticate based on user id    forum.springsource.org

Authenticate based on user id Hi, I have a web app working nicely with Acegi, but I have a question regarding a problem I am having. At the moment I am ...