controller « Security « Spring Q&A





1. Limit Access To a Spring MVC Controller -- N sessions at a time    stackoverflow.com

We've licensed a commercial product (product not important in this context), which is limited by the number of concurrent users. Users access this product by going through a Spring Controller. We ...

2. Grails and Spring Security: How do I get the authenticated user from within a controller?    stackoverflow.com

I recently moved from the JSecurity plugin to Spring Security. How do I get the authenticated user from within my controllers?

3. Spring - Call custom-authentication-provider from a controller    stackoverflow.com

I have a custom-authentication-provider defined in my Spring Security configuration. This class implements AuthenticationProvider, and I can successfully log in using the form defined on my page. The issue is ...

4. How to access User object in grails controller    stackoverflow.com

I'm using spring security, and I need to get the User domain object in a controller. If I call SpringSecurityService.getPrincipal(), I get back an object of type org.codehaus.groovy.grails.plugins.springsecurity.GrailsUser. However, what I'm ...

5. Is it possible to access Spring MVC annotated session vars across multiple controllers?    stackoverflow.com

I have a web app running Spring 3.0 and using Spring-MVC. I have a few controllers set up like this:

@Controller
@RequestMapping("/admin")
@SessionAttributes({"clientLogin", "selectTab", "user", "redirectUrl"})
public class AdminController {
...
}

@Controller
@SessionAttributes({"clientLogin", "selectTab", "user", "redirectUrl"})
public class PublicController ...

6. Spring 3.0 security not working with annotation based controllers    stackoverflow.com

I am trying to add authentication support to my Spring 3.0 web application but nothing from http:basic to more elaborate authentication is working. the examples provided in Spring documentation do not ...

7. Passing a password for methods for Spring MVC Controller - AOP or Spring Security?    stackoverflow.com

I have been using Spring MVC for a short while now with annotated controllers for JSP pages. I have a class similar to this:

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;

@Controller
public class AdminController {

   ...

8. Spring Security login from controller    stackoverflow.com

I'm trying to login a user from a controller after the signup. My code in the controller is:

...
User user = new User();
BeanUtils.copyProperties(userVO, user);

userService.save(user);

List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
grantedAuthorities.add(new GrantedAuthorityImpl("USER"));

UsernamePasswordAuthenticationToken uat = new ...

9. Spring Security - @Secured works only in mvc Controller    stackoverflow.com


I am using Spring Security + MVC.
The annotation @Secured({ "ROLE_ADMIN" }) works fine only in the controller layer.
If I try to use it in deeper/other layers, I get no security error.
Or ...





10. Spring MVC: Securing handler method    stackoverflow.com

I'm wondering what is good approach to secure handler method in Spring MVC controller. Now i use @Secured annotation, that ensure that some method may be accessed by logged user only. ...

11. Can I user ModelAttribute in parent abstract class for controllers    stackoverflow.com

Example: class CommonController {

@ModelAttribute("refs")
public List getRef() {
   ...
}

@ModelAttribute("refs2")
public List getRef2() {
   ...
}
} class MyController extends CommonController {
@RequestMapping("/my")
public String request() {
    return "/my";
}
} The ModelAttribute objects will be ...

12. How to get Spring Security to not bypass a controller login mapping?    stackoverflow.com

If login.jsp posts to /login/submit:

<form action="/login/submit" method="post">
and the applicationContext.xml defines a form-login element:
<form-login login-page="/login" login-processing-url="/login/submit" authentication-failure-url="/login/error" />   
How do I do some additional handling in a corresponding controller method:
@RequestMapping(value ...

13. In a Spring 3 controller, how can I check the permissions of the logged-in user and do certain actions conditionally?    stackoverflow.com

In Spring 3, is there a method that accepts a comma-separated list of permissions and returns a Boolean of whether the logged in user has any of those permissions? I ...

14. how to access controller's getter methods in JSP pages - spring mvc    stackoverflow.com

In Struts , we can access the 'getter' methods and member variables of an Action class in the corresponding view JSP , using <S:..> tags . How this works ? Is there ...

15. @Secured on Spring controllers and context mess    stackoverflow.com

For web MVC I need at least two configs: dispatcher-servlet.xml and applicationContext.xml. I use the following filter for security:

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
 ...

16. How can I secure Spring controller methods for user roles?    stackoverflow.com

I have USER, ROLE and USER_ROLE tables and a bunch Spring controllers ... is there an Spring annotation I can add to the controller methods that will specify the role(s) a ...





17. what's the best way to check user's current authority in spring3 controller methods?    stackoverflow.com

User's authority is frequently changed in my web service.
In this case, how do I check user's authority effectively? I wrote code that check user's authority in every controller temporarily. But I think this ...

18. Admin-only access to spring security ui controllers in grails    stackoverflow.com

I would like to restrict access only for ROLE_ADMIN users to all controllers introduced by the Spring Security UI plugin in grails. (I am using grails 1.3.7, plugins.spring-security-core=1.1.3 and plugins.spring-security-ui=0.1.2) I can ...

19. Implementing A Controller for Authorization    stackoverflow.com

I use Spring and Spring Security 3 at my application. All my clients side are static HTML files. I have a navigation bar that includes buttons like:

  • List
  • Edit
  • Delete
  • Update
When a user clicks ...

20. springSecurityService is null in base controller    stackoverflow.com

This is a rather weird problem and I been at it for a while so I am going nuts. I have a controller extending another controller so I can have multiple controllers ...

21. Access Two Controllers in same bean - Dispatcher Servlet    stackoverflow.com

I am new to spring framework and hibernate. I want to Access Two Controllers in same view. Here is my Dispatcher Servlet code.

<bean name="/EditTask.htm"
      class="HumanResource.FindTaskController"
  ...

22. Access two services methods from one controller in hibernate and Spring MVC    stackoverflow.com

I am stuck with access 2 services methods from one controller. I want to create a Task but same time I want to create new Role and assign its auto increment ...

23. Grails Redirect Post-Logout Using spring-security-core-3.0.6+    stackoverflow.com

In spring security version 3.0.6, which fixed a CRLF logout exploit (https://jira.springsource.org/browse/SEC-1790) they disabled the use of the 'spring-security-redirect' parameter.

Default support for the redirect parameter in ...

24. Accessing the current user, in a spring controller, getAuthentication() returns null    stackoverflow.com

I have attempted to implement the solutions provided in this question. However, none of them are working for me. In my abstract base controller, I have the following method (I also ...

25. OVerride a url mapping defined in a controller present in a jar    stackoverflow.com

I am using spring-security-oauth2 jar file. During the oauth verification process it makes a call to "/oauth/token" and hence the method. I want to modify the method.. Is it possible if ...

26. Is that possible to apply method level security for Spring @MVC controllers?    stackoverflow.com

I have applied below code, but it was not working, can any one please give me some solution for this.Thanks. Controller method:

@Controller
public class UserController {
@Secured("ROLE_USER")
@RequestMapping(value="user/{userName}", method=RequestMethod.GET)
    public ...

27. Exclude Spring MVC Controller from Spring Security    stackoverflow.com

I have a web application secured with spring security (Spring 3.1.0). Now if a customer wants to register to my service, Spring Security say "No". This makes sense because the user ...

28. Using Spring Security annotation on a method of a controller that extends another class    stackoverflow.com

I have very similar spring-security beans configuation to this example. The @Secured annotation on controller's methods only function properly if it is on a method of a class that ...

29. Securing the scaffold'ed Controllers    forum.springsource.org

Securing the scaffold'ed Controllers I have some auto-generated scaffold Controllers and some custom Controllers, one called "admin" and one called "public". I would like to have the admin and scaffold controllers ...

30. Unable to find controller while enabling spring security 3.0.5    forum.springsource.org

Feb 9th, 2011, 04:24 AM #1 sinha.baban@gmail.com View Profile View Forum Posts Private Message Junior Member Join Date Feb 2011 Location Nagpur Posts 1 Unable to find controller while enabling spring ...

31. How to access context param in Controller    forum.springsource.org

How to access context param in Controller Hi! I am creating an online examination application, and I need to create a cheat mode wherein when enabled will allow me to view ...

32. How to secure just some of the scaffolded controller methods    forum.springsource.org

How to secure just some of the scaffolded controller methods Hi, this is my problem : suppose we have a RooScaffoldController suppose we have ROLE_USER and ROLE_ADMIN users what I'd like ...

33. Method Security\Controller with custom permission evaluator    forum.springsource.org

Method Security\Controller with custom permission evaluator Hi, I'm really a newb so I apologize if the question is out of place. I'm trying to get Method Security working with custom permission ...

34. MVC Controller method security not working    forum.springsource.org

MVC Controller method security not working Hi, I am trying to secure my web controllers. I am using the non annotation based Spring MVC configuration. When i try to secure my ...

35. @Secured ("ROLE_ADMIN") not working for me in my controller...    forum.springsource.org

@Secured ("ROLE_ADMIN") not working for me in my controller... ...but it is working in my service layer. It has to be something with my configuration but I can't seem to figure ...

36. Is that possible to apply method level security for Spring @MVC controllers ?    forum.springsource.org

Is that possible to apply method level security for Spring @MVC controllers ? Controller method: Code: @Controller public class UserController { @Secured("ROLE_USER") @RequestMapping(value="user/{userName}", method=RequestMethod.GET) public @ResponseBody User getAvailability(@PathVariable String userName, HttpServletResponse ...

37. How to receive large user activity log data from UI to spring controller method    forum.springsource.org

How to receive large user activity log data from UI to spring controller method I need to send large user activity log data(this data is a multi line strings) from UI ...

38. How to access localized messages from a Controller?    forum.springsource.org

Hi, If I have a form controller that extends SimpleFormController and it is easy for me to get localized messages in the following way. getMessageSourceAccessor().getMessage("user.saved" , new Object[] {user.getFirstName() + ' ...

39. Access to session variable from Controller    forum.springsource.org

Hello, Any tricks to access to a session variable from controller. I have a e-shop application and want to use session object "shop" on the page updating product information. Thanks for ...

40. Can I get logged User in my controller function using acegi?    forum.springsource.org

I have know who is logged in the passage from a page to another in the controller or in the form controller. What can I do? Can I get him from ...

41. How can I get username in the spring MVC Controller?    forum.springsource.org

How can I get username in the spring MVC Controller? Now I am using acegi security, but the spring MVC controller could not get the correct username. Login.jsp

...

42. Calling acegi from within MVC controller    forum.springsource.org

Hi, I'm trying to find out how it is possible to start the Acegi authentication procedure from within my mvc controller (jsf). I'm trying to call httpSessionContextIntegrationFilter.doFilter(req, resp, chain) or entryPoint.commence(req, ...

43. Message (with EL) from MessageSource access from mvc.Controller    forum.springsource.org

mvc.Controller access to Message (with EL) from MessageSource Hello, I am trying to access a message inside a controller. However, the message contains EL referencing another message. Does anyone know of ...

44. How to access the DefaultListableBeanFactory from a controller    forum.springsource.org

I need to access a bean defined in the DefaultListableBeanFactory from a Controller, but can't see how it can get done. Any hint? -------------------------------- Never mind about this question.

45. Accessing username and role from within Spring controllers    forum.springsource.org

Accessing username and role from within Spring controllers Hi everyone, I'm fairly new to Acegi-Security. I implemented the security framework with my Spring application. I wonder how to access the username ...

46. Issues with JSF and Acegi with JdbcDaoImpl controller    forum.springsource.org

Feb 16th, 2007, 05:09 PM #1 mickknutson View Profile View Forum Posts Private Message Visit Homepage Senior Member Join Date Jun 2005 Location Philly Posts 199 Issues with JSF and Acegi ...

47. Aceg Security, Spring MVC Controller    forum.springsource.org

Aceg Security, Spring MVC Controller Hi, I use Acegi Security and Spring MVC with success, but I plan to do a small improvement in my web application. Traditionally, authorized roles for ...

48. Access the json-params via a controller    forum.springsource.org

Access the json-params via a controller I am trying to access the json-params via a controller but can't figure it out. I have a handler which creates a button like this... ...

49. Geting user selection to controller    forum.springsource.org

Hello, i use a SimpleFormController and command object to put data from a db to a jsp. This data represented by dropdown fields. Code:

Attendance for:    week: ...

50. Losing info keyed by user between jsp and controller    forum.springsource.org

Losing info keyed by user between jsp and controller I posted this same issue int the spring web flow forum as well, not sure where it belongs. I am currently working ...

51. How to mock acegi context for controller unit test    forum.springsource.org

How to mock acegi context for controller unit test Hi All, I have a controller class that calls the following method. SecurityContextHolder.getContext().getAuthenticati on(); I then extract the principal and pass that ...

52. Access to the bean name if the Controller?    forum.springsource.org

Is there a way to have access to the bean name if the Controller? ex: In the class controller I want to have access to the bean name ...

53. Most efficient way to add new data access to every controller?    forum.springsource.org

Most efficient way to add new data access to every controller? Hi folks, I'm in the process of internationalizing a product with a hundred or so controllers. I need to add ...

54. Checking if user is logged-in on all controllers    forum.springsource.org

Checking if user is logged-in on all controllers Please help, I am new to spring and sometimes I get confused :-( What's the best way to force a user to be ...

55. get User-Agent spring annotated controller    forum.springsource.org

56. Annotated Controller AND @Secured    forum.springsource.org

Spring security Looking at the way security is used in your code...I think what you guys are missing out is you have not used the capability to auto detect your classes ...

57. Access Controller beans in action-servlet.xml in Listener    forum.springsource.org

Access Controller beans in action-servlet.xml in Listener Hello, I'm using AppFuse example code. I can't understand, how I can access in StartUpListener class controller beans defined in action-servlet.xml. Here is StartupListener: ...

58. Can @Secured be applied to Controller methods?    forum.springsource.org

I am trying to apply @Secured annotations to my controller methods, but it does not seem to be working. Is there something that I am doing wrong? I have my spring ...

59. user-configured controller paths dows not work with more than one path element    forum.springsource.org

controller scaffold --name ~.web.MyEntityController --entity ~.model.MyEntity --path admin/myentity controller scaffold --name ~.web.MyOtherEntityController --entity ~.model.MyOtherEntity --path /admin/myotherentity/

60. How to pass username into a controller?    forum.springsource.org

Greetings. My task is to get a username (currently logged in user) and pass it to a controller as an HTTP parameter. I don't really know how to do it, so ...

61. @Controller and @ModelAttribute("user")    forum.springsource.org

@Controller and @ModelAttribute("user") Currently I use this method in each controller to retrieve current user for each page: @ModelAttribute("user") public User user(){ return userService.getCurrentUser(); } I'd like to integrate it into ...

62. how can my controller read information submitted to Acegi j_security_check    forum.springsource.org

Hi all, I have an ApplicationListener which detects failed logins and logs them to my database. I am using Acegi security to login. Therefore all data submission are done to j_security_check ...

63. access denied handler does not work for controller    forum.springsource.org

access denied handler does not work for controller I have a controller method annotated as this: Code: @RequestMapping(value={"/failed403"},method=RequestMethod.GET) public String render403Page(HttpServletRequest request,HttpSession session,Model model) { return "denied"; } Here is my ...

64. Pass user input between two Controllers and display user input after submit    forum.springsource.org

Pass user input between two Controllers and display user input after submit Pass user input between two Controllers and display user input after submit The displayHw.jsp and displayHwController handles the user ...

65. about Method Security Expressions in controller    forum.springsource.org

Hi guys, i planned to use spring security in my spring application. i have tried the method security expression authorization in service object method and DAO object method, it works fine. ...

66. Sending data between an authentication filter and a form controller    forum.springsource.org

Sending data between an authentication filter and a form controller Hi guys, I seem to be stuck with an interesting problem. I am currently writing a web app which has two ...

67. Need help on Acegi Security Logout Controller    forum.springsource.org

Hi, I used acegi logout controller with spring. I used logout controler to update logout time @ DB on the time of logout. The code is working good on test environment. ...

68. NoSuchFieldError when trying to access a controller    forum.springsource.org

Sep 2nd, 2010, 10:01 PM #1 fikou-sama View Profile View Forum Posts Private Message Junior Member Join Date Jun 2010 Posts 6 NoSuchFieldError when trying to access a controller Hi, I'm ...

69. Access to wildcard @RequestMapping path within controller    forum.springsource.org

Access to wildcard @RequestMapping path within controller Hi, I need to know the value of the wildcard match for a RequestMapping within a controller's method. I realize a PathVariable can be ...

70. Automatic Authentication AFTER Registration in Controller    forum.springsource.org

Automatic Authentication AFTER Registration in Controller What is the best way to Authenticate a user from inside a Registration controller so they don't have to log in after they register? I ...

71. get loggedin username in controller how to ?    forum.springsource.org

72. Issue with @Secured on annotated controller    forum.springsource.org

Issue with @Secured on annotated controller I'm using Spring 3.0.5 and Spring Security 3.0.3. I have an annotated controller class implementing a RESTful web service. The service is working fine until ...

73. How to access finder method in controller explicitly    forum.springsource.org

How to access finder method in controller explicitly I have added finder method to an entity class, and could access via dynamically round tripped views. However I want to access finder ...

74. Retrieving customer info at Spring Security login before going to controller    forum.springsource.org

Retrieving customer info at Spring Security login before going to controller Hi, I've recently started learning Spring. My first, learning, app will be simple customer managemnt system for a friend. I ...

75. Spring Security and controller mapping    forum.springsource.org

Dec 4th, 2010, 09:50 AM #1 porkshire View Profile View Forum Posts Private Message Junior Member Join Date Dec 2010 Posts 2 Spring Security and controller mapping Hi. I have a ...