http « Security « Spring Q&A





1. Spring Security HTTP Basic Authentication    stackoverflow.com

I am trying to do a really simple basic authentication with Spring Security. I have configured properly the namespace, and there are no Exceptions in the server. In my "servlet.xml" I ...

2. Problem between Glassfish and Spring Security Basic Authentication    stackoverflow.com

I am enabling a simple HTTP Basic Authentication with Spring security in my project. My environment is an Glassfish Server (bundled with Netbeans), and almost everything works perfect: I have set ...

3. Could not access HTTP invoker remote service    stackoverflow.com

i'm working in a kofax application connected with oracle database. i found an error as

ERROR markview.viewer.MvViewer  
org.springframework.remoting.RemoteAccessException: Could not access HTTP invoker remote service at [ias9:opmn:ormi://uhmvtst.uhhs.com:6003:markview_tst4/mvas/remote/EnterpriseService]; nested exception is java.net.MalformedURLException: ...

4. Spring Security Method Level Security inside HTTP application    stackoverflow.com

I've got HTTP Security working in my web application with CAS authentication using Spring Security. However, I'm trying to mix it with method level security for some service methods (specifically GWT ...

5. spring http-basic    stackoverflow.com

may i know can we specify url for http-basic so that only authenticate if go to particular page? example login.jsp ? i do not want to use form login.

6. BlazeDS error when running Flexunit tests: Detected duplicate HTTP-based FlexSessions    stackoverflow.com

I am using the Maven Flexmojos plug-in to run some FlexUnit4 integration tests on the command line against a Jetty/Java/Spring Security/BlazeDS backend. These integration tests run in a stand-alone version ...

7. How to handle HTTP 403 with Spring Security 3.0.x    stackoverflow.com

I'm facing a little issue with Spring Security 3.0.x (3.0.2 in particular at the moment). The whole application I'm working on is working perfectly except when someone who doesn't have the ...

8. Spring-Security http-basic auth in addition to other authentication types    stackoverflow.com

I have a pretty standard existing webapp using spring security that requires a database-backed form login for user-specific paths (such as /user/**), and some completely open and public paths (such as ...

9. Spring security OAuth and http-basic authentication together    stackoverflow.com

I've playing with Srping Security OAuth implementation for sime time now. In my SOA application I've implemented OAuth2 auth protocol. All user releated operations are secured with @Secured annotations. These operatoins ...





10. configuring spring security for HTTP POST method    stackoverflow.com

I am using spring security 3.0. I want to disable authentication for a url that handles POST method. This doesnt seem to work -

<http  use-expressions="true" auto-config="true">

    ...

11. Spring Security 3.1.0.RC1: With multiple elements why can I only register one authentication manager?    stackoverflow.com

I have the following configuration with multiple <http.../> elements (in order to separately support REST authetication via basic auth, and user form login):

<security:http auto-config="false" pattern="/service/**" create-session="never" 
     ...

12. Http Authentication Server Library    stackoverflow.com

Is there any Java library to verify a Basic or Digest Http authentication? Spring Security provides both but Apache Shiro only have Basic. Is there any library (other than copy-paste classes from ...

13. Spring Security 3.1.0.M1 - Direct an http block to call one authentication provider    stackoverflow.com

I'm using spring security 3.1.0 and I have two http blocks. One is used for a REST web services layer and I would like only call my userManager authentication provider ...

14. Mapping each http block to a specific Authentication Provider    stackoverflow.com

I would like to base my Spring Security configuration depending on the user's context path. If the user goes against a url with http://path1/resource1 I would like to ...

15. Multiple elements in Spring security    stackoverflow.com

Recently Spring Security has given the oportunity to configure several <http> elements. I'm trying to set a configuration for all the urls wich maps the pattern /foo/* and another for the ...

16. Security Problem: For REST URLs and Static HTMLs    stackoverflow.com

I have a design like that:

  • There is a core part runs Spring on it with REST.
  • There is another part which has a Tomcat Server and has just HTML files(not jsp ...





17. Using Spring Security, how can I use HTTP methods (e.g. GET, PUT, POST) to distingush security for particular URL patterns?    stackoverflow.com

The Spring Security reference states:

You can use multiple elements to define different access requirements for different sets of URLs, but they will be evaluated in the ...

18. Defining spring security http element in two different files?    stackoverflow.com

Is it possible to define the security:intercept-url elements and security:custom-filter elements for a single security:http in two different Spring configuration files? This is so we can ...

19. "j_spring_security_check" not found after configuring spring security directly without http auto config    stackoverflow.com

I’m trying to convert Spring Security configuration from HTTP namespace into direct configuration using FilterChainProxy. Before the conversion, everything was ok with HTTP namespace. But after replacing element by several ...

20. How to get 403 access denied with spring security?    stackoverflow.com

I never get 403, it always redirects me to root url or I can specify access denied page which is depreciated. Which is ok, but still why? I want to ...

21. SSL Support - How To (for http and WS gateways)    forum.springsource.org

SSL Support - How To (for http and WS gateways) I apologize in advance if the following questions are answered in the documentation somewhere. I've searched the docs for SI, Spring-REST ...

22. Spring Security session-fixation-protection=none Requires HTTP Page Prior to Auth    forum.springsource.org

Apr 13th, 2011, 03:47 AM #1 cgswtsu78 View Profile View Forum Posts Private Message Junior Member Join Date Jan 2010 Posts 28 Spring Security session-fixation-protection=none Requires HTTP Page Prior to Auth ...

23. Mapping each http block to a specific Authentication Provider    forum.springsource.org

Mapping each http block to a specific Authentication Provider Hello, I would like to base my Spring Security configuration depending on the user's context path. If the user goes against a ...

24. HTTP BASIC - Problem with the authentication window    forum.springsource.org

HTTP BASIC - Problem with the authentication window Hi all, I use Spring Security 3.0.5 with Spring Framework 3.0.5. I have an application with authentication, to authenticate users and to ...

25. "j_spring_security_check" not found after configuring spring security without http    forum.springsource.org

Oct 5th, 2011, 07:53 AM #1 bwwlpnn View Profile View Forum Posts Private Message Junior Member Join Date Oct 2011 Posts 5 "j_spring_security_check" not found after configuring spring security without http ...

26. Http 500 return from ssocircle.com on "se-security" project example.    forum.springsource.org

Http 500 return from ssocircle.com on "se-security" project example. Hi guys I update the example in "se-security" project, and I compiled with default setting (I didn't change any thing), and select ...

27. mix Basic authentication and Acegi's HTTP session auth?    forum.springsource.org

mix Basic authentication and Acegi's HTTP session auth? I'm a newbie to Acegi. I have a web application where for a subset of the resources/urls I would like to use the ...

28. How to authenticate and download a resouce from a website using http:inbound-channel    forum.springsource.org

Hi everyone , Can someone help me in this my requirement is below 1)Authenticate to a website(Foe example www.test.com/login) 2)Download the resource from the website after authenticating(http://www.test.com/login/Home/Docum...D=2131 037941) A sample configuration/code ...

29. HTTP Compression with Spring Security running on Sun Webserver    forum.springsource.org

Dec 6th, 2011, 12:09 PM #1 charliefryer View Profile View Forum Posts Private Message Junior Member Join Date Mar 2011 Posts 5 HTTP Compression with Spring Security running on Sun Webserver ...

30. Setting up HTTP Basic Authentication    forum.springsource.org

Hi, Can someone provide a concise example on how do I set up Acegi+Spring in order to protect some http resources using HTTP Basic Authentication? I already have an AuthenticationManager implementation ...

31. authorization based on HTTP method    forum.springsource.org

Hi, I am building an application based heavily on REST principles: we use http methods for CRUD operations. This means that given a url http://somesite.com/contacts to: Create contact send a POST ...

32. null ContextHolder with HTTP Basic authentication    forum.springsource.org

null ContextHolder with HTTP Basic authentication I'm trying to configure Acegi to apply basic http security to an URL. When I submit the credentials asked for by the browser I get ...

33. ACEGI without HTTP Session    forum.springsource.org

ACEGI without HTTP Session I would love to use ACEGI with an AXIS web service and Spring. However, I'm not using any http session, I'm using the OASIS WSS spec to ...

34. org.springframework.remoting.RemoteAccessException : Cannot access HTTP invoker remote    forum.springsource.org

Mar 14th, 2006, 01:37 PM #1 kimjeong View Profile View Forum Posts Private Message Junior Member Join Date Mar 2006 Posts 3 org.springframework.remoting.RemoteAccessException : Cannot access HTTP invoker remote Hi, I ...

35. HTTP-based remoting and SSL    forum.springsource.org

Hi, how can I use SSL with the HTTP-based remoting protocols like Hessian, Burlap and HTTP-Invoker? E.g. when I configure a https-URL I get this exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate ...

36. HTTP Status 403 - Access is denied    forum.springsource.org

Hi, I would like an idea about how to do to send a mesage page saying "You need to login as Administrator", to someone whith a role User, that try to ...

37. Newbie at a loss: HTTP BASIC Authentication    forum.springsource.org

Newbie at a loss: HTTP BASIC Authentication Hi, I've been trying desperately to add Acegi security to a simple app I'm working on. I'm new to Spring and Acegi is the ...

38. Acegi in a cluster with http session replication    forum.springsource.org

Acegi in a cluster with http session replication Hi all. Been using Acegi Security for a while. Works great...well usually. This is the first time I've seen the problem I'm about ...

39. Cannot access HTTP    forum.springsource.org

Feb 16th, 2007, 11:28 AM #1 jamesclinton View Profile View Forum Posts Private Message Senior Member Join Date Jul 2006 Location London Posts 500 Cannot access HTTP Hi *Complete newbie to ...

40. Using Acegi without http/servlet container    forum.springsource.org

Hi, I am using Acegi in open source web based application. I would like to separate the web UI part from the core of the application and include Spring and Acegi ...

41. Acegi No Http    forum.springsource.org

I'm pretty sure Acegi be configured to secure method operations when the client is not a web page? Could someone point me in the right direction regarding setup/config? Thank You.

42. Acegi HTTP method security    forum.springsource.org

Hi, I have written a registry using Apache Abdera and would like to secure access using Acegi. I have no problem adding blanket security for all http methods, but would like ...

43. Acegi messes up http responses    forum.springsource.org

Acegi messes up http responses I am having a problem using Acegi on WebLogic 9.2.2 behind a Big-IP F5 box. The problem occurs when I access resources that have IS_AUTHENTICATED_ANONYMOUSLY set, ...

44. HTTP BASIC Authentication with JaxWsPortProxyFactoryBean    forum.springsource.org

HTTP BASIC Authentication with JaxWsPortProxyFactoryBean I know that the old JaxRpcPortProxyFactoryBean supported username and password (presumably for BASIC authentication), but it doesn't look like JaxWsPortProxyFactoryBean has any functionality like that. What ...

45. Error 401 (HTTP Authentication required)    forum.springsource.org

Error 401 (HTTP Authentication required) Hello I'm having problems configuring Spring Security with JDBC authentication. When I try to load a page the authentication form is displayed, and authentication process seems ...

46. Access to Http Headers in EndpointInvocationChain    forum.springsource.org

Hello, I need to have Http headers accessible in my EndpointInvocationChain. Right now, the MessageDispatcherServlet passes on Body only. What will be the best way to make the http headers available? ...

47. Spring 2.5.5 and JAX-WS HTTP Authentication    forum.springsource.org

Spring 2.5.5 and JAX-WS HTTP Authentication I'm trying to invoke a webservice from a standa alone program after generating the client stubs using JAX-WS RI , using the JaxWsPortProxyFactoryBean. Everytime I ...

48. HELP simple http authentication    forum.springsource.org

Nov 24th, 2008, 10:48 AM #1 kanonmicke View Profile View Forum Posts Private Message Member Join Date Sep 2005 Posts 55 HELP simple http authentication Hi! Have been struggling for a ...

49. Easily access the HTTP codebase?    forum.springsource.org

Easily access the HTTP codebase? I may have the wrong idea in mind, but hopefully someone can tell me. :-) I've written a somewhat generic XSD validator for an application I'm ...

50. http authentication failed    forum.springsource.org

Jan 5th, 2009, 07:15 AM #1 mdebac View Profile View Forum Posts Private Message Junior Member Join Date Dec 2008 Posts 8 http authentication failed Hi, I am trying to use ...

51. http://www.springframework.org/schema/security/spring-security-2.5.xsd missing    forum.springsource.org

Hi There, Where is the http://www.springframework.org/schem...curity-2.5.xsd file that use to be on the Spring Security web site? Did it move? can we just keep it present in this directory? We are ...

52. Custom authentication without AuthenticationEntryPoint    forum.springsource.org

Custom authentication without AuthenticationEntryPoint Hi All, I am using Spring Security and have a custom login process (with GWT) which works perfectly. I want to leverage the filter chain proxy ...

53. The prefix "security" for element "security:http" is not bound.    forum.springsource.org

May 24th, 2009, 09:54 AM #1 cometta View Profile View Forum Posts Private Message Member Join Date Jan 2009 Posts 85 The prefix "security" for element "security:http" is not bound. in ...

54. Access denied at http://www.springsource.org/milestone/e3.4    forum.springsource.org

Torsten, the upload process messed the permissions. I fixed it. BTW. Eclipse 3.5 is currently not supported by STS/Spring IDE. They just introduced breaking changes with recent milestones that we need ...

55. Tivolia Access Manager integration via HTTP Headers    forum.springsource.org

Jun 28th, 2009, 08:54 PM #1 steve666 View Profile View Forum Posts Private Message Junior Member Join Date Jun 2009 Posts 1 Tivolia Access Manager integration via HTTP Headers Hi, I ...

56. User / HTTP session management in Spring    forum.springsource.org

Hi, Im porting my servlet-based application to Spring. In this servlet application, I use the following to get servlet session id: req.getSession().getId() where req is HttpServletRequest How do I get access ...

57. applet , spring security and http invoker issues    forum.springsource.org

applet , spring security and http invoker issues Hi we have an unsigned Applet in front of a spring app running on tomcat and using spring security 2.0.5, and we're using ...

60. http invoker security problem    forum.springsource.org

http invoker security problem My Java Web Start client is using http invoker to communicate with server and use AuthenticationSimpleHttpInvokerRequestExecutor to transfer Authentication Information to server. Every time when client access ...

61. Accessing Http session in Custom Authentication Provider    forum.springsource.org

Hello Everybody, I am writing a custom authentication provider where I need to access some objects stored in http session. I am not sure how to do it? Your suggestion will ...

62. Could not access HTTP invoker remote service    forum.springsource.org

Could not access HTTP invoker remote service Hello All, I am having a peculiar problem using Spring's HttpInvoker. I have a NoRouteToHostException:- Code: Could not access HTTP invoker remote service at ...

63. How to access HTTP headers in Spring ws    forum.springsource.org

I have a requirement to access the HTTP headers in spring web service I don't see a handle to the http request object in the MessageDispatcherServlet or Interceptors. Just wondering what ...

64. ..RemoteAccessException: Could not access HTTP invoker remote service at [http://...]    forum.springsource.org

..RemoteAccessException: Could not access HTTP invoker remote service at [http://...] here's the error messages that I'm receiving when I run my client spring app. Code: Exception in thread "main" org.springframework.remoting.RemoteAccessException: Could ...

65. HTTP Security with Method Level Security    forum.springsource.org

Jul 23rd, 2010, 02:18 PM #1 kevin.jordan View Profile View Forum Posts Private Message Junior Member Join Date Nov 2007 Posts 22 HTTP Security with Method Level Security I've got HTTP ...

66. Remote authentication over HTTP - Basic Auth    forum.springsource.org

Remote authentication over HTTP - Basic Auth between two web apps Hi all, Quick question, I hope! I am in the process of wiring up authentication between two web app's (A, ...

67. Authentication works but not the http-basic one    forum.springsource.org

I have spring app, providing both services and a web-app that runs on top of it. For me the form-login works but not the http-basic.. Do I have to put in ...