log 1 « Security « Spring Q&A





1. JSF Spring security log out button    stackoverflow.com

How do I convert the following from a link to a button?

<h:outputLink value="#{request.contextPath}/j_spring_security_logout">Logout</h:outputLink>
If I try and add a navigation rule it can't find j_spring_security_logout...

2. sitemesh + spring security: show logged in user in main decorator page!    stackoverflow.com

I want to show logged in user in main decorator page. i use :

<decorator:usePage id="myPage"/>
Logged in as:<%= myPage.getRequest().getUserPrincipal().getName()%>
<decorator:body/>
but not work!

3. How to ensure the same account is not used to log in two different people at the same time in Spring Security?    stackoverflow.com

I have a Spring MVC app that does not protect updates of user data with transactions. It assumes that only a single user is accessing the account data for that account ...

4. Spring Security Log Out Failure http-bio-8080"-exec-5" java.lang.StackOverflowError    stackoverflow.com

I've seen a few examples of Spring's logout and it seems a bit abstract to me. I have a link with the href="appcontext_path/auth/logout.html". The examples I've seen don't have a ...

5. Spring Security Log Out Exception    stackoverflow.com

When I configure Spring Security 3 to log out the user I get a huge error

Exception in thread ""http-bio-8080"-exec-7" java.lang.StackOverflowError at com.dc.api.model.Users.getUsername(Users.java:200)
The Users.java:200 maps ...

6. Print the access logs before UrlRewriteFilter    stackoverflow.com

I have an application in which currently I am using two filters. First one is UrlRewriteFilter which is for re-writing the url.

<filter>
    <filter-name>UrlRewriteFilter</filter-name>
    <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
   ...

7. Getting no. of currently logged in users in Spring security    stackoverflow.com

hi I am using Spring security 2.0.5 in my current project. Can anybody please suggest me on how to get the count of currently logged in users to application. I found a solution ...

8. Spring Security: At which point do I get to know that a user logged in?    stackoverflow.com

I am using spring security with URL based interceptors to secure my application. In which classes/at which points can I do some custom processing after a user logged in? I specifically want ...

9. How to manually log out a user with spring security?    stackoverflow.com

Probably the answer is simple: How can I manually logout the currently logged in user in spring security? Is it sufficient to call:

SecurityContextHolder.getContext().getAuthentication().setAuthenticated(false); 
?





10. How to know if current web visitor logged in with Spring Security 3.0    stackoverflow.com

We're using Spring Framework and Spring Security 3.0.x, how do we know if the current visitor is logged in and what their username is? I've always had the following code:

public ...

11. Getting logged in users with a SessionRegistry    stackoverflow.com

I have a web application that is secured totally by the Weblogic container. Now I have to list the currently logged in users. I have to use Spring Security 2.0.4 for ...

12. Understanding if a person is logged in    stackoverflow.com

I would like to create a login-logout based web application with jsf and spring security 3. I can authenticate people by implementing UserDetailsService, the problem in my mind is how will ...

13. How Can I get log in time while using spring security    stackoverflow.com

I am using spring security 3 and would like to display the time when user logged in to current session. Does Spring security provide any such token? Thanks, - Akshay

14. Spring Security logged user    stackoverflow.com

I'm using Spring Security and I need to redirect to another page each time a logged user accesses a particular page. I tried testing SPRING_SECURITY_LAST_USERNAME variable and using response.sendRedirect("newpage.htm") to redirect, but ...

15. Ask password for logged in users in spring security    stackoverflow.com

I have to implement LoginController to login user, verify password and protect some resources or methods. scenario 1) lets say, user not logged in with system. he try to access a method, that ...

16. adding new role to already authenticated user (without logging him out)    stackoverflow.com

I'm using Spring Security, and in some cases after logging in user can make some actions which should gave him access to some resources, so ideally it should be done via ...





17. How to programmatically log user in with Spring Security 3.1    stackoverflow.com

What's the proper way to programmatically log a web visitor in under a particular username in Spring and Spring Security 3.1? It seems the way I was doing it under ...

18. Customizing authentication so i can retrieve more fields after log in    stackoverflow.com

What I'm trying to do is I would like to retrieve more fields regarding to the user after the user has logged in What I seem to be able to get at ...

19. Find all logged in users    forum.springsource.org

Hi, I am trying to find all the logged in users at a given time. after reading following link http://static.springsource.org/sprin...ted-principals i tried following code but sessionRegistry.getAllPrincipals() method returns empty. Code:

20. logged in users place    forum.springsource.org

how can i get a list of users that currently are login and where principle of thems or any object that indicate them identification stored. for example an arraylist or anty ...

21. How do I log access denied (403) error ?    forum.springsource.org

Hi, when authenticated user tries to access area secured by FilterSecurityInterceptor without having the required role, Acegi generates the "Access denied" error (403). This is fine, I have the application server ...

22. look which users are currently logged in    forum.springsource.org

I want to use spring security in a Grails application with the grails-spring security plugin. When the application is running, is there a way to ask the framework for a list ...

23. how to handle multiple logged in users?    forum.springsource.org

how to handle multiple logged in users? Hi, I am currently searching a solution how i can handle multiple users who are logged in to my app simultanously. The problem is, ...

24. Using pre-auth scenario, user details in SS does NOT change when user logs out.    forum.springsource.org

Mar 8th, 2011, 04:14 PM #1 jdsimmons View Profile View Forum Posts Private Message Junior Member Join Date Mar 2010 Posts 6 Using pre-auth scenario, user details in SS does NOT ...

25. help! able to access protected resource after log out!    forum.springsource.org

Mar 13th, 2011, 07:18 PM #1 bangzippy View Profile View Forum Posts Private Message Junior Member Join Date Jan 2011 Posts 10 help! able to access protected resource after log out! ...

26. Error using Spring authorize tag to check to see if user is logged in?    forum.springsource.org

Trying to test to see if a user is logged in I am using the following code: Code: <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %> YES, you are logged in! ...

27. how to get logged user id?    forum.springsource.org

Hi, I could not find the answer anywhere yet. I am trying to get user id from a database. With SecurityContextHolder.getContext().getAuthenticati on().getName(); I can get user login, but is there a ...

28. Spring Security logging gripe    forum.springsource.org

Spring Security logging gripe Since source code locations are usually (or always, I don't have tijme to research and test) only available in log output files when a stack trace is ...

29. AccessVoter vs Anonymous logged out users    forum.springsource.org

AccessVoter vs Anonymous logged out users Here's my basic configuration: Code:

30. Getting logged in users without spring security    forum.springsource.org

Getting logged in users without spring security hi! I would like to get the list of logged in users in my web application running on a (Weblogic 10.3). I have to ...

31. Does Ageci check session is user is logged in?    forum.springsource.org

Does Ageci check session is user is logged in? Hello, I have installed Ageci on my web app, and everything is working beautifully except that if you specifically type in a ...

32. Spring Security-- How to add/ remove authorities of the user after he logs in.    forum.springsource.org

Spring Security-- How to add/ remove authorities of the user after he logs in. Hi All, I am working on Spring security now. What it does is while the user logs ...

33. Force authenticate for certain pages even if logged in?    forum.springsource.org

Force authenticate for certain pages even if logged in? I know there are some financial sites out there that do this, but is there a way to force the user to ...

34. Does Spring Security Generate Session variables for a logged in user?    forum.springsource.org

With Spring Security, when a user logs in and are Authenticated, that process creates a UserDetails object which gets put into a SecurityContext. In a web environment, that object is put ...

35. Customising authentication so i can retrieve more fields after log in    forum.springsource.org

Customising authentication so i can retrieve more fields after log in hey guys just a heads up I'm new to Spring and even newer to customising Spring Security what i'm trying ...

36. How log all data access on Ibatis and Hibernate    forum.springsource.org

How log all data access on Ibatis and Hibernate Hi, I need to log all database access on a application. The app uses Hibernate and IBatis to database access. The log ...

37. when the user close the browser and action will call to log out how can it be done    forum.springsource.org

when the user close the browser and action will call to log out how can it be done hi, please help me if the user close the browser,a flag has to ...

38. Authentication exceptions are not logged    forum.springsource.org

Authentication exceptions are not logged Hi, I have a webapp secured with Spring Security 3, with a simple LDAP authentication. My spring_security.xml is very simple : Code:

39. getting the id of a user who is logged in?    forum.springsource.org

getting the id of a user who is logged in? I was just wondering what the best way to go about doing this is? solutions as I see it 1) once ...

40. Refresh Roles for Logged In User?    forum.springsource.org

Refresh Roles for Logged In User? Hello, We are using CAS authentication and Acegi 0.7.0-SNAPSHOT. We have a process that modifies the roles a logged in user can have. The modification ...

41. How to access the logging info of Hibernate?    forum.springsource.org

Hi all, I have already used the hibernate.show_sql property. This only provides all the Database related Queries and Commands applied to the database. I need to know how to use the ...

42. how to change password without logging out    forum.springsource.org

hi, when my application users change their password, they should relogin again! I get current user from SecurityContext change the password in the UserDetail object and persist it using Hibernate, but ...

43. Spring MVC: Good place to check for user logged in status?    forum.springsource.org

In Spring MVC, if I have multiple controllers for multiple screens, where is a good place to check if the user is logged in? I was considering a singleton bean handled ...

44. List of current roles of a user logged into windows XP/2003    forum.springsource.org

List of current roles of a user logged into windows XP/2003 I have a swing app that I want to restrict access depending on the roles of the user launching the ...

45. Newbie: logging acegi messages    forum.springsource.org

Newbie: logging acegi messages Hi, I am new to Acegi and has just implemented the login page for my own application. For the most part, I simply miniked whatever is done ...

46. Where does Acegi store params of link while being logged in?    forum.springsource.org

Where does Acegi store params of link while being logged in? My users click a link which has some get params in it. The link is set under lock and key ...

47. List of logged users    forum.springsource.org

I want to recover a list of the current logged users in my application. What is the best way to achieve it? Thanks in advance.

48. LoggingListener - shouldn't authentication success log to INFO    forum.springsource.org

LoggingListener - shouldn't authentication success log to INFO In the following scenario: WARN 2005-12-01 11:08:32,047 LoggerListener:onApplicationEvent - Authentication event AuthenticationFailureBadCredentialsEvent: admin; details: net.sf.acegisecurity.ui.WebAuthenticationDetails@1 4c7cd: RemoteIpAddress: 129.146.114.93; SessionId: FACEEDD1DA66AF85C817518776F193D5; exception: Bad credentials ...

49. Logged in user data?    forum.springsource.org

You could use an Interceptor ... See the Spring Pro book. Like : package com.blah.blah.controller; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.handler.HandlerInt erceptorAdapter; public class BaseInterceptorAdapter extends HandlerInterceptorAdapter { public ...

50. Logging configuration in WSAD for Spring data access classes    forum.springsource.org

Logging configuration in WSAD for Spring data access classes I need to see logging done by Spring data access classes during the application run. I was able to do it when ...

51. automatically logging user in after user creation.    forum.springsource.org

After a user creates an account for themselves using a SimpleFormController, instead of the user being redirected to the login form, I want the user to be automatically logged in with ...

52. user logged in: how to ?    forum.springsource.org

user logged in: how to ? hello, I need to be sure that whenever actions defined in controllers (multiactionctrls, simpleFormControllers) are executed, the uses has already logged in. A dumb solution ...

53. Acegi 1.0 causes additional logging from XDoclet and Canoo WebTest    forum.springsource.org

Acegi 1.0 causes additional logging from XDoclet and Canoo WebTest For some reason, upgrading from 1.0.0-RC2 to 1.0.0 causes additional logging in my application. I cracked open the RC2 JAR and ...

54. How to keep track of logged on users and their sessions?    forum.springsource.org

Hi, I'd like to keep track of who's logged into my webapp and what their sessionIds are. I set up an ApplicationListener for InteractiveAuthenticationSuccessEvents and HttpSessionDestroyedEvents. Unfortunately, I cannot get at ...

55. List of users Logged in    forum.springsource.org

List of users Logged in Hello all, I have a little problem with this isue. I've been searching over the documentation and in the posts but I'm still having the same ...

56. How to know if user is logged in?    forum.springsource.org

How to know if user is logged in? Hi, Is it possible to know if a user is logged in or not? I would like to display a link login if ...

57. Logging security events    forum.springsource.org

We have a requirement for logging security events to a specific audit log. This audit log is intended to contain only security events. It is a different file than the server ...

58. Detecting if a user is logged in    forum.springsource.org

Hi all, We have a UI requirement that when the http session times out, the unattended web page will do a login popup. Now I can't think of of how to ...

59. Enabling Acegi debug logs    forum.springsource.org

Enabling Acegi debug logs How can I enable Acegi logs in log4j.xml file? I have an XML that has the following in it:

60. Access Log with Acegi?    forum.springsource.org

Hi I need an Access Log in the "commen" Format for my Webpage. Till now I used the Tomcat build-in "Access Log Valve". But now using Acegi, the Container doesn't now ...

61. Check User Logged In/Authenticated    forum.springsource.org

Hello, I've got form authentication working. I would like to check if the user is authenticated in some of my JSPs but the following method always returns prints "LOGGED IN" regardless ...

62. Getting logged user best practice    forum.springsource.org

Getting logged user best practice Hi, in our app we have to keep track who created, updated, deleted something from database and when. Every class from Domain model has (createdBy, createdOn, ...

63. Logging all security related errors    forum.springsource.org

Hi, I want to log all security related errors which accur when processing a request. I have a FilterChainProxy like this: httpSessionContextIntegrationFilter,basicProcessin gFilter,exceptionTranslationFilter,filterSecurityI nterceptor Is it possible to place here a ...

64. Stop logged in user to relog in    forum.springsource.org

Hi, can any one help me out from stopping a logged in user to re log in. I am using springs along with hbernate,apart from considering db as a persistence medium ...

65. Recording the Date a User last logged in    forum.springsource.org

Recording the Date a User last logged in I need to configure Acegi, so that a user's (last_login Date) field in the database is updated when a user is successfully authenticated. ...

66. mismatch logged in users    forum.springsource.org

Hi We use Acegi 1.0.4 + remmber me option and sometimes it looks there is a problem of mismatch between logged-in users. Scenario: Log-in from one browser using user name X ...

67. getRemoteUser returns null with logged in user    forum.springsource.org

getRemoteUser returns null with logged in user Hi, In some of my controllers, request.getRemoteUser() always returns null. I have checked the value of request.getSession().getAttribute("ACEGI_SECURITY_ CONTEXT"), and got back the expected value: ...

68. session timeout problem user shouldnot be logged out    forum.springsource.org

session timeout problem user shouldnot be logged out Hai all, In my application i am using acegi security.My need is that the user should not be logged out until he manually ...

69. checking if user is logged in the view    forum.springsource.org

checking if user is logged in the view I am using freemarker as a view technology, i have the authz taglibs set up and they work fine. I can check if ...

70. Tag for displaying whether a user is logged in?    forum.springsource.org

You should be able to do something like this in your JSP to detect if someone is logged in asuming you're using the AnonymousProcessingFilter in acegi to give unauthenticated users the ...

71. listing current logged in users    forum.springsource.org

In the admin panel of my webapp i would like to give an overview of the currently logged in users and the timestamp of the last 'activity'. What is the best ...

72. Access Logging    forum.springsource.org

Access Logging I am writing an access logger for one of our internal web services. I'm using a tomcat valve to do this. Our web services use the PayloadRootAnnotationMethodEndpointMapping to map ...

73. mandatory user details edit while logging in    forum.springsource.org

mandatory user details edit while logging in Hello, I'm building a spring + acegi web application. I would like to have the following: When a user logs in, if it's her ...

74. Access Log    forum.springsource.org

Access Log I just converted one of my applications to using Spring Security from a customized authenticator derived from the tomcat. I just have one problem left - I'm using tomcat's ...

75. Logging in and out with Acegi security    forum.springsource.org

Logging in and out with Acegi security Hi, I'm using Acegi Security 1.0.6 and Spring 2.0.7 in my Struts 2 based application. And everything works fine, I define my users and ...

76. Logging spring security 2.0.3 activities    forum.springsource.org

I am already using log4j in my application, I was looking for the property name to enable logging for spring security. The line below did just what I want! log4j.logger.org.springframework.security=DEBUG

77. Hide content if user not logged in (ROLE_ANONYMOUS not working)    forum.springsource.org

Hide content if user not logged in (ROLE_ANONYMOUS not working) Hi all, I'm trying to hide our menu if the user is not logged in. I thought I could just use ...

78. Number of logged on users    forum.springsource.org

I would like to find out the number of logged on users, in Spring security 2.0. The app have a couple of resources that do not require login, those aren't of ...

79. how to get no. of currently logged in users    forum.springsource.org

I've developed a portal using spring portal mvc and jetspeed as the portal server. At any given point in time, i would like to know total no. of currently logged in ...

80. logging per user    forum.springsource.org

logging per user My web application uses Spring Security. I added logging statements in some of my Service-layer methods that display information the methods are called. I prepend the user's login ...

81. Access to logged in user/ Authentication object from public pages    forum.springsource.org

Access to logged in user/ Authentication object from public pages Hi, I have an application that contains some pages that are secure (you need to log in) and others that can ...

82. Change user-logged authorities on the fly    forum.springsource.org

Change user-logged authorities on the fly Hello guys! I am a newbie with Acegi, and I only know how to use it in the basic way. But now I need to ...

83. User registers, confirmation email, account activated, user logged in automatically    forum.springsource.org

User registers, confirmation email, account activated, user logged in automatically Hello, This is the flow I want to achieve: 1.) User finishes the registration wizard. 2.) User gets an email with ...

84. Receiving the user logged    forum.springsource.org

Hi, I have one problem with Acegi, a can't get the use logged. My Application uses Struts 2 ,spring , spring Acegi. I try it: Code: Usuario usuario = (Usuario)ActionContext.getSession().get("usuario"); But ...

85. Authenticating a logged-in user    forum.springsource.org

Re-Authenticating a logged-in user hi all, this is my first post in this forum . in my current project we are using spring security with LDAP. my problem is , we ...

86. Security/Logged In with no password    forum.springsource.org

Security/Logged In with no password Just curious if anyone knows if this is possible. So we have two types of users. One is authenticated with username password, then other is just ...

87. How can we find currently logged in user?    forum.springsource.org

Hi All, i want to implement a use case in which 'if no of user exceed' no further login allowed.. he/she can only login after anyone logged out. i found there ...

88. Simply getting the user logged in to Active Director    forum.springsource.org

Simply getting the user logged in to Active Director Sorry to ask what may be a very basic question, but I'm having a hard time figuring out where to start / ...

89. Logged Users    forum.springsource.org

Roosevelt Hello everybody, I wish my application only be accessed by users logged. Users not logged can only access only the login page. Note, all pages can be accessed by any ...

90. List of logged users    forum.springsource.org

Hi, I was trying to find a way to get list of logged in users but every thread i find say something like this im using grails + acegi http://forum.springsource.org/archiv...p/t-19829.html is ...

91. Fundamentally different types of user logging on - how to allow?    forum.springsource.org

Fundamentally different types of user logging on - how to allow? Hello, My web application has the notion of agents and clients. Clients "belong" to an agent (and only one agent). ...

92. Pre-Authentication scenarios and Logging out    forum.springsource.org

Pre-Authentication scenarios and Logging out Hi, I am using Spring Security 2.0.4 via the Grails-Acegi plugin inside a grails app. I have integrated Single Sign-On via SAP Portal Logon Ticket using ...

93. currently logged in users list    forum.springsource.org

94. How to authenticate a user using open Id after logging in the system    forum.springsource.org

How to authenticate a user using open Id after logging in the system I am using Spring Security in our application My requirement intially was to allow a user to login ...

95. Automatically logging in a user    forum.springsource.org

Automatically logging in a user Hey everyone, In my application, I need to automatically login a user after they have registered. I also need to redirect them to a dynamic URL ...

96. Password shows up in logs    forum.springsource.org

Hi, I'm new to Spring and I'm having a small issue with my log files. For some reason, when I log into my Spring application, my password is showing up in ...

98. Spring Security Hangs when 5th user logs in    forum.springsource.org

Spring Security Hangs when 5th user logs in Hello. I'm having a problem with Spring security hanging when the 5th user logs in. We are using Spring 2.5.4, IceFaces 1.8.2 (using ...

99. Very wired Spring Security Issue: can't log into same browser    forum.springsource.org

Very wired Spring Security Issue: can't log into same browser I have a very wierd Spring security issue. I created two application and both of them are using Spring security. The ...

100. JavaMailSenderImpl - Sender address does not belong to logged in user    forum.springsource.org

JavaMailSenderImpl - Sender address does not belong to logged in user Hello, I am new to Spring in general and I was trying to use JavaMailSenderImpl for sending mails. I tried ...