secure 1 « Security « Spring Q&A





1. @Secured() is there any statement show on log...?    stackoverflow.com

i annotated a bean class with @Secured and when i call the bean, there is no security exception throw even when no user login yet. i trying to debug it. my ...

2. @Secured throws AccessDeniedException although roles are correct    stackoverflow.com

After solving all authentication related problems in my first Spring web application I'm now stuck with authorization. Configuration using @Secured annotations is pretty straight-forward so I don't think I made a ...

3. @Secured service methods and spring ws    stackoverflow.com

I have the following project structure: base project (service layer, model) web project webservice project where both the web project and the web service project depend on the base project and ...

4. How to secure a service REST with spring3?    stackoverflow.com

I just made a web service with spring 3 using MVC annotations (@Controller, @RequestMapping) and now I'm looking for a way to secure it. Does someone know how to do it? Thanks,

5. Can a freemarker viewpage be 'user' editable and secured?    stackoverflow.com

If I let anyone modify a freemarker viewpage, can I somehow make it hack free? I know I read somewhere that I can make disable scriplets, but that was for .jsp pages ...

6. Spring-Security 3/Spring MVC and the dreaded @Secured/RequestMapping    stackoverflow.com

i had lots of problems adding Secured annotations to my Controllers. it turns out letting my Controller implement an InitializingBean was a bad idea.

public class MyController implements InitializingBean {

    ...

7. How do I create a Secure submit form in Spring 3.0.3?    stackoverflow.com

I am new to Spring (formerly a Struts guru) and I've decide to change all my code to Spring for the reason being that Spring is more Service-Oriented (and the possibility ...

8. Flex 4 & Spring 3 Integration (BlazeDS) (Refcardz): @Secured not working    stackoverflow.com

Please be gentle on the quasiNoob(expert w/Flex & Actionscript, != expert w/Spring) ! I am on Mac Snow Leopard and using STS 2.3.2 Release w/the Flash Builder 4 plugin and tomcat 6. Everything ...

9. How to use spring security3.0.3 to secure such business logic?    stackoverflow.com

I have such a requirement. There is a main business object,user a and user b, and administrator. User a or b can create/update/delete their own business object. And user a can't ...





10. Proper way to secure domain objects?    stackoverflow.com

If I have an entity Entity and a service EntityService and EntityServiceFacade with the following interfaces:

interface EntityService {

 Entity getEntity(Long id);

}

interface EntityServiceFacade {

 EntityDTO getEntity(Long id);

}
I can easily secure the read ...

11. Securing a stateful web service    stackoverflow.com

We are planning on developing a layer of REST services to expose services hosted on a legacy system. These services will be used by a classic web application and native mobile ...

12. Securing User Centric Resources (e.g. their images)    stackoverflow.com

I need to secure user resource files (like their video/images etc) using Spring security so that only the user who uploaded these can have access to them. Thinking of scalability would ...

13. How secure is Spring Security?    stackoverflow.com

How secure is Spring Security? Is it good enough to use Spring Security in web application for banking system or something equivalent?

14. When I tried to access a secured web service through spring client, I'm getting an exception : signingKey cannot be null?    stackoverflow.com

Caused by: com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException: signingKey cannot be null
    at com.sun.xml.wss.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:328)
    at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:313)
    at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:83)
    at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:237)
    ...

15. Spring Security - @Secured not securing a method    stackoverflow.com

Trying to write a simple proof of concept based around method security using spring security. But simple application I have written won't seem to pick up the @Secured annotation on a ...

16. How to secure a hybrid Spring MVC + Flex application with spring security    stackoverflow.com

I tried asking this on the Spring forums ( http://forum.springsource.org/showthread.php?109948-Problem-configuring-spring-security-3.1-with-hybrid-Spring-MVC-Flex-application ) but did not get a response. I'm working on a web application that has an (end user) user interface ...





17. Securing Methods with Spring Security    stackoverflow.com

For our current project, we are integrating JSF and the Spring Framework. I'd like to use Spring Security to handle authentication and authorization. So far, I have implemented a custom PasswordEncoder ...

18. Secure Vaadin application with Spring-Security    stackoverflow.com

Does anyone have an idea on how to use the Spring roo security set up add-on with Vaadin UI framework? I want to use Spring Source Tool Suite's vaadin UI editor ...

19. secure page dispalyed to removed user from sessionRegistry    forum.springsource.org

greeting all. i learned after one principal loggined to system with proper and valid username and password and authenticated, its principal and related session saved into org.springframework.security.core.session.SessionR egistry. so i can ...

20. Another @Secured + @RequestMapping thread...    forum.springsource.org

Feb 3rd, 2011, 05:25 PM #1 dwh View Profile View Forum Posts Private Message Junior Member Join Date Feb 2011 Posts 4 Another @Secured + @RequestMapping thread... Hello, I'm build a ...

21. Need a View to send Secured SWF files    forum.springsource.org

Need a View to send Secured SWF files Problem : I need a view resolver to use with controller to send secured SWF files on authentcation Already Tried Solution : I ...

22. Securing a stateful web service    forum.springsource.org

Securing a stateful web service Hi guys, We are planning on developing a layer of REST services to expose services hosted on a legacy system. These services will be used by ...

23. Are secure BOs better than all securiy at front end?    forum.springsource.org

Its possible to secure your business layer using spring security aop-based. The business objects are then secure. One can use the ELs with spring security. One can have written integration test ...

24. @Secured({ "ROLE_ADMIN" }) is been ignored    forum.springsource.org

Hi, I have a javaconfig file that is working fine. i debug my application in loading time and i see that the parameter is been transfered. Code: @Configuration public class SpringJavaConfig ...

25. Url pattern to secure a form    forum.springsource.org

Hi all, I'm working with ROO and Spring Security, and I wanted to secure a form. I want to allow users list books (..../books), but I want to secure the editing ...

26. Secure and Open Methods - How?    forum.springsource.org

Secure and Open Methods - How? I have created as Spring web service, and I want there to be both secure (authenticated) and open methods, but I am not sure how ...

27. secure init-method    forum.springsource.org

I think the easiest way of doing this would be by making ensuring the scope of the init-method was not viewable by any other java object.

28. Extending the Secure Object Model    forum.springsource.org

As far as I know, Spring Security supports securing an object through method invocation and web requests. We have a situation where roles/authorities are stored in database. For example, Instead of, ...

29. How do I set httpOnly and secure cookies with Spring Security?    forum.springsource.org

I have the following in my web.xml: Code: true true 15 COOKIE However, according to OWASP's Zed Attack Proxy (https://www.owasp.org/index.php/OWAS..._Proxy_Project), cookies are still being set by Spring ...

30. How to secure ?    forum.springsource.org

Hello everyone, I'm having a little trouble with my webapp. Recently I had to configure it to serve some static content, so to that purpose I used the following in my ...

31. Secure Web Service Referenced Security Token could not be retrieved    forum.springsource.org

Secure Web Service Referenced Security Token could not be retrieved I am adding security to some of our Spring web services. One is proving difficult in that it returns this error: ...

32. Calling Secure Methods from JMX Client    forum.springsource.org

Hi, We're currently using Groovy + JMX to write some system-wide integration tests. Recently, security code was added for filtering the returned domain objects based on the identity of the objects. ...

33. @Secured Is Not Working As Expected    forum.springsource.org

Hello, I have the defined in the security context.xml file. Then, I annotated a method with @Secured("ADMIN"), but regardless of the role with which I log in with, ...

34. Using @Secured always prevents a method from executing    forum.springsource.org

Using @Secured always prevents a method from executing Hello, In my security-context.xml file, I have security defined as follows: And, in the service class where I have a method ...

35. Wss4jSecurityInterceptor 's handleFault: not programmed to return a secured message    forum.springsource.org

Wss4jSecurityInterceptor 's handleFault: not programmed to return a secured message Hi I secured my webservices with WSSE Signature, Timestamp and Encryption. I have noticed that my response messages are not encrypted ...

36. Secure File Transfer from/to Multiple Remote Hosts    forum.springsource.org

Secure File Transfer from/to Multiple Remote Hosts Hi there, We have a business case that we have to login to our clients' accounts and get/put files from/to their remote sites, which ...

37. How to secure REST    forum.springsource.org

At the moment I'm developing a REST service using the negotiating resource representation. For instance if I hit the following URL: Code: http://localhost/datatest/data/32 using this controller: Code: @RequestMapping(value = "/datatest/data/{id}", method ...

38. ACL Voters and @Secured problem    forum.springsource.org

ACL Voters and @Secured problem I just have a small question. So I have configured all ACL Voters and everything is working just fine:

39. ACL and @Secured    forum.springsource.org

ACL and @Secured Hi, I am trying to secure a method using ACL, so i have a database with all the sids, aces ... but when i try to access my ...

40. @Secured and AccessDeniedException expecting additional information    forum.springsource.org

@Secured and AccessDeniedException expecting additional information Hi Spring security users, Just configured global method security based on annotations like this. My service method is perfectly secured. So far so ...

41. Securing Web Services    forum.springsource.org

Securing Web Services Hi I'm working on a project where a client is talking to server via Spring web services. I have recently secured these services using the wxss method using ...

42. Can't secure Fault messages    forum.springsource.org

Hello, I have secured my web service using the XwsSecurityInterceptor. Everything seems to be working fine except for the fact that Fault messages are not secured. This is a major problem ...

43. How secure? very...    forum.springsource.org

How secure? very... Not to waste too much bandwidth but... I am developing a simple internal web app for my client and was wondering how secure it was. I asked the ...

44. AOP for secure access to methods    forum.springsource.org

AOP for secure access to methods I don't know the exact word for that, but I would like to know if Spring give some support to centralize security access to a ...

45. Securing presentation or business layer? Arguments?    forum.springsource.org

Securing presentation or business layer? Arguments? Hello everyone, My understanding of Acegi is that (with the included classes) it gives the option building security on two different facades: - the entry ...

46. Securing Hibernate persisted objects with ACLs    forum.springsource.org

Securing Hibernate persisted objects with ACLs Hi I the web appliaction I'm working on I need to secure access to objects which are persisted using Hibernate. Those objects are plain POJOs ...

47. Verify secure method execution, before real execution.    forum.springsource.org

Verify secure method execution, before real execution. Hi all, Everything related to secure execution of methods is working fine here. It happens, we need to know before hand, if the authenticated ...

48. Can I use acegi to secure EJBs (local and Remote)    forum.springsource.org

Hi, I wanted to know if Avegi can be used to secure web app using (struts/spring/ejbs). If the answer is yes could you please point me to some documentation which discribes ...

49. JavaMailSenderImpl halts when using SSL-secure server?    forum.springsource.org

JavaMailSenderImpl halts when using SSL-secure server? Hi, I've been very pleased to work with spring javaMail classes and I got those working for simple non-secure smtp server quite easily. Finally when ...

50. How to secure a Web Service with ACEGI    forum.springsource.org

Our project is not to the point where we have to implement a Web Service but I think it's good time to start asking questions. Does acegi offer something to secure ...

51. how to secure an action?    forum.springsource.org

how to secure an action? i want to secure in my application this link which accesses an action(xwork): http://localhost:8080/myWebApp/ShowRFP.action i try to do this in my applicationContext.xml: ...

52. Securing Spring-based services with Acegi    forum.springsource.org

Securing Spring-based services with Acegi Greetings! We are currently looking into how we could leverage Acegi (0.8.3) to add method-level security to our Spring-based web services. These services are components in ...

53. Isn't there any 'secured with Acegi' logo or gif?    forum.springsource.org

Although I like a notion of a logo, I don't think it's prudent to put info on what security system you are using. I am not a security-through-obscurity advocate but telling ...

54. Creating secure pages    forum.springsource.org

Creating secure pages Hi all, You'll have to forgive me if this question is gut-renchingly obvious or annoyingly vague, but I've only started learning Spring recently. Please forgive my inevitable n00bness. ...

55. Problems with acegi-secured web services    forum.springsource.org

Problems with acegi-secured web services Hi, Using Acegi 0.8.1(not upgraded since the webapp is still powered by Spring 1.1.5). I have a POJO exported as a web service via HttpInvokerServiceExporter. The ...

56. Problem with Securing method invocations    forum.springsource.org

Problem with Securing method invocations I have problem with securing method invocations. In my applicationContext.xml I have : Code:

57. @Secured only working on interface    forum.springsource.org

@Secured only working on interface @Secured only works on my interfaces, not on my implementation I am using the following code: Code:

58. SSL - Secured & non-secured items    forum.springsource.org

SSL - Secured & non-secured items Hi, I've just setup my application to use SSL and I have a few questions... Only my login page and the admin module are secured. ...

59. Unable to Access Secured Resources - Please Help !    forum.springsource.org

Mar 9th, 2006, 07:41 PM #1 demi View Profile View Forum Posts Private Message Visit Homepage Junior Member Join Date Mar 2006 Posts 2 Unable to Access Secured Resources - Please ...

60. Linking one secure site to another on same web server    forum.springsource.org

Linking one secure site to another on same web server Hi, I need to login via Acegi+CAS to a "Main" site and allow the user to hyperlink over to a second ...

61. Securing Web Services    forum.springsource.org

Securing Web Services I'm exposing Spring managed beans as web services using XFire's exporter. I'm able to set up Acegi, to secure my web services. I have a web service, that ...

62. ExceptionTranslationFilter don't catch "access denied"exception issued secured method    forum.springsource.org

ExceptionTranslationFilter don't catch "access denied"exception issued secured method Let's take acegi-security-sample-contacts-filter.war (acegi-security-1.0.0-RC2) and change a configuration: applicationContext-acegi-security.xml Code: CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,anonymousProcessingFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor ... ...

63. Is it possible to secure CGI scripts?    forum.springsource.org

Is it possible to secure CGI scripts? Hi! Is it possible to secure perl scripts that are invoked as CGI programs? Background: We have a bunch of perl scripts with an ...

64. Autoproxying @Secured methods    forum.springsource.org

Autoproxying @Secured methods Hi All, I have started using MethodInterceptor along with @Secured annotations to secure method invocations. The manual recommends using the following setup within one's bean config files: Code: ...

65. securing the service layer / Rights Management    forum.springsource.org

securing the service layer / Rights Management Hi forum, i want to secure methods of my service (business) layer and have a roles/rights style control of them (user has n roles, ...

66. AuthorizationServiceException: how to pass secure domain instance?    forum.springsource.org

Duh As posted on My solution is to use the AfterInvocationManager. I do see how I could deny access 'before' I fetched a domain instance to be made available to ...

67. Creating FilterInvocation Secure Object    forum.springsource.org

Creating FilterInvocation Secure Object I am relatively new to Acegi - been looking at it for about a week now. I am trying to display dynamic (menu) URL's on a JSP ...

68. Securing RMI with Acegi    forum.springsource.org

Securing RMI with Acegi I am currently using an RmiServiceExporter to enable remote invocation of a pojo service with RMI. My setup follows the RMI example in the docs and works ...

69. JSF/ACEGI : weird behavior securing URLs    forum.springsource.org

JSF/ACEGI : weird behavior securing URLs Hello, I'd like to submit a painful problem I face for 2 days and that drives me crazy ! My webapp (running on tomcat 5.5) ...

70. Securing Domain Objects: Service vs. DAO    forum.springsource.org

Securing Domain Objects: Service vs. DAO I want to secure our domain objects (AOP Acegi) and extend them to the service layer clients (web, swing, etc). From examples, I've been able ...

71. Securing a site following a Schedule    forum.springsource.org

Hello all, I would like to have a few users to be able to access parts of a website within some predefined times. For instance, an action could be accessed from ...

72. secure local commandExecutors    forum.springsource.org

secure local commandExecutors Hi, Is it possible to configure local CommandExecutors to get them controlled by the acegi SecurityController like ActionCommands? I've tried to register a local CommandExecutor with a given ...

73. Secure URL    forum.springsource.org

Secure URL Hi, I've got a problem with secure url in ACEGI. I'm trying to access secure urls and it works whereas I'm not authenticated. I'm using a formAuthenticationProcessingFilter and ACEGI ...

74. not possible to secure implementation methods?    forum.springsource.org

not possible to secure implementation methods? Hi forum, I' m trying to use acegi to protect method calls in my spring controllers (spring MVC). I write a unit-test for it and ...

75. ifAny for @Secured    forum.springsource.org

I don't think this is currently possible. I would have a look if this has been raised in JIRA, if not it would be a good idea to raise it.

76. @Secured randomly works / breaks    forum.springsource.org

@Secured randomly works / breaks Using acegi 1.0.1, I have a service, configured in my application context. A method on the interface of this service has @Secured("MANAGER_ROLE") Sometimes it's applied, sometimes ...

77. @Secured nightmare    forum.springsource.org

@Secured nightmare I'm really confused and even more concerned about my @Secured annotations. We have built an entire project with @Secured annotations placed on implementation of classes. As far as we ...

78. SSL, Secure Channel, etc    forum.springsource.org

SSL, Secure Channel, etc Hi, I am new to security on a web application. I am reading the reference documentation of acegi security 1.02. Here I read that a page could ...

79. securing method invokation using acegi security    forum.springsource.org

HTML Code: public class BookBeanService extends ListenerServiceMBeanSupport implements BookBeanServiceBEan { private int value = 0; public BookBeanImpl() { super(); } public int getValue() { return this.value; } // replace the value. ...

80. Securing methods of generic interfaces    forum.springsource.org

Securing methods of generic interfaces Hi there, I want to secure my managers methods. First, here's an introduction to my architecture. My managers are described in an interface, which extends a ...

81. Use @Secured without role?    forum.springsource.org

I need to protect a page and I thought the @Secured Annotation would work well for me. However, I don't want to specify a particular role for my page, I just ...

82. @Secured - what is the best approach    forum.springsource.org

@Secured - what is the best approach This topic is touched on elsewhere, but I can't find any real conclusion. See, for instance: http://forum.springframework.org/showthread.php?t=20260 I'm, using Spring 2.0.1 and Acegi 1.03, ...

83. secure view    forum.springsource.org

secure view Hi, it's possible to secure a view through acegi? My idea is to add (show) a view in a tabbed application page only if the user logged in has ...

84. secure form submission    forum.springsource.org

hey, I have form from which the information has to be secured (https). How is the easiest way to implement a form controller in such secure method. If y could give ...

85. Secure a page!    forum.springsource.org

Secure a page! Hi all, I need a suggestion for this problem: when I go to a secure page, the Acegi system ask me for authentication: it work fine; but if ...

86. Removing a secure url from PathBasedFilterInvocationDefinitionMap    forum.springsource.org

Is there any way I can reset or remove the existing secure urls in PathBasedFilterInvocationDefinitionMap? There's only the addSecureURL() method. Does this mean I have to reset the server everytime I ...

87. Unusual Behavior - unauth user can see secured stuff if diff. user is log in    forum.springsource.org

Unusual Behavior - unauth user can see secured stuff if diff. user is log in I have an application that I deployed to Websphere 5.1 (JDK 1.4 and Servlet Spec 2.3--almost). ...

88. Secure PDFs    forum.springsource.org

Secure PDFs Hi all, I'm using Spring Web MVC (1.2.8) and Acegi, but I think this is more of a Web question - I have a number of static PDF files ...

89. Accessing Acegi secured service with Spring-Rich    forum.springsource.org

Accessing Acegi secured service with Spring-Rich Hi all, I have implemented a Spring-Rich client, bound to an application server on Tomcat, using Spring as main building framework. I am using Acegi ...

90. ACEGI - Switching back to non-secure from secure.    forum.springsource.org

Hi, In ACEGI, once the URL is switched to SECURE, if the user clicks on any other links within the site, the browser remains in secure mode (i.e. https). How do ...

91. Securing All But A Few Resources?    forum.springsource.org

Securing All But A Few Resources? I'm new to Acegi and am not sure of the best way to secure all pages of a site except for a couple. Specifically, the ...

92. rmi and secure method    forum.springsource.org

rmi and secure method hi I want secure the methods of the rmi services with a MethodSecurityInterceptor Eg: Code: true ...

93. using @RolesAllowed instated of @Secured    forum.springsource.org

is there any way to use the JSR-000250 Common Annotations like @RunAs and @RolesAllowed with acegi security , in this way there will be no depended on acegi API , And ...

94. Securing Java applications with Acegi, Part 1    forum.springsource.org

95. Securing Java applications with Acegi, Part 2    forum.springsource.org

96. Options for securing child domain objects    forum.springsource.org

Options for securing child domain objects We've got acegi currently securing service methods that return primary domain objects working pretty well. Now I'm interested in securing child domain objects also. If ...

97. Best way to do a secure post    forum.springsource.org

Best way to do a secure post Good Morning Everyone, I am writing a J2ee app where the user logs in to our app through our portal. Currently how it works ...

98. Securing Dynamic URLs    forum.springsource.org

Securing Dynamic URLs I'm a newbie to Acegi and am having troubles with using the UrlRewriteFilter and Acegi Security together. On this webapp I need some pages to be opened to ...

99. How to get additional data in UserDetailService along with Secured data    forum.springsource.org

Sep 7th, 2007, 06:44 AM #1 msridevireddy View Profile View Forum Posts Private Message Junior Member Join Date Sep 2007 Posts 2 How to get additional data in UserDetailService along with ...

100. Is /secure folder required?    forum.springsource.org

Is /secure folder required? Hi to all! This is my first post, I begun with Spring just a few days ago. I have a simple question: - Is /secure folder required ...