secure 2 « Security « Spring Q&A





1. Double Secure RMI Service    forum.springsource.org

Double Secure RMI Service Hello everybody, My problem is as follows: I have an RMI service with secured Methods. Users are able to log in and perform their allowed tasks. (The ...

2. What's the simplest way of passing in a user id and password to a secure web service    forum.springsource.org

What's the simplest way of passing in a user id and password to a secure web service I've spent a lot of time looking into this, and have come across two ...

3. How to secure spring ws    forum.springsource.org

I need sign end then encrypt SOAP message outgoing and coming on. Can I use acegi security to do that. If it does, what thing I have to do. otherwise what ...

4. Securing methods    forum.springsource.org

I'm thinking about securing some methods in my application. I know that I can use acegi to block access to some objects for certain user roles. But I've noticed that I ...

5. How to secure other URLs using Acegi    forum.springsource.org

Feb 5th, 2008, 12:49 PM #1 IrfanAnsari View Profile View Forum Posts Private Message Junior Member Join Date Nov 2007 Posts 11 How to secure other URLs using Acegi Hi, and ...

6. Securing views with Spring Security 2.0    forum.springsource.org

Dear all, Is it possible to secure buttons/links with Spring Security 2.0 ? So user will only get buttons and links that is authorized for them. Thanks in advance

7. Secure localCommands    forum.springsource.org

Secure localCommands Hi together, in my current project I have a JTree with different nodes. There is a global deleteCommand which is secured with a "writeController". Most of the time this ...

8. Securing the dialogs    forum.springsource.org

Hi togehter, I figured out, that is is possible to secure the finish command of each dialog. Therefore you just have to overwrite the method: Code: protected String getFinishSecurityControllerId() { return ...

9. How to define REQUIRES_SECURE_CHANNEL in Security 2.0?    forum.springsource.org

Dear all, I want to secure a specific URL. How do I define REQUIRES_SECURE_CHANNEL in Spring Security 2.0? I can't find it anywhere. Neither does the samples shows us this. thanks ...





10. securing html pages using acegi    forum.springsource.org

securing html pages using acegi Hi, Deployed the "Tutorial Sample" given in the acegi website. I added a new file test.html in the secure folder. So when i try to acess ...

11. @Secured supports exact/wild card/OR / multiple roles match ?    forum.springsource.org

@Secured supports exact/wild card/OR / multiple roles match ? It seems @Secured only support exact multiple role matches login user has manager and administrator two roles, but he is denied to ...

12. Securing web service    forum.springsource.org

Securing web service I need to secure a web service. Currently the client application authenticate with with a userid and token passed in the soap message. The web service is implemented ...

13. @secure ignored    forum.springsource.org

Hi, I'm currently implementing secured annotations for some methods of me but the code doesn't seem to trigger the security system. My controller Code: @Secured({"ROLE_ADMIN"}) @RequestMapping("/index.jspx") public void overviewHandler() { log.debug("Index ...

14. Cannot locate @Secured when using global-method-security    forum.springsource.org

Cannot locate 'org.springframework.security.annotation.Jsr250MethodDefinitionSource' Cannot locate 'org.springframework.security.annotation.Jsr250Voter' Cannot locate 'org.springframework.security.annotation.Secured' Cannot locate 'org.springframework.security.annotation.SecuredMethodDefinitionSource'

15. How to secure included pages with Spring Security 2.0.3    forum.springsource.org

How to secure included pages with Spring Security 2.0.3 Hi all, I am using ZK 3.0.6 and trying to secure my pages with Spring Security 2.0.3. Here's my security scenario: I ...

16. Secure cookie    forum.springsource.org

I've been reading about setting up a secure cookie and how this is important. I don't understand where I should set this code for my Spring MVC/JSP application. Can someone help ...





17. @Secured meets Domain Object    forum.springsource.org

@Secured meets Domain Object I use Spring 2.5.4, Spring Security 2.0.3 and Hibernate 3.2.5. I have the following Domain Object Structure: AbstractDomainObject (abstract class implementing interface IDomainObject) - SpecificDomainObjectA (class extending ...

18. problem with secure access of MBeans    forum.springsource.org

problem with secure access of MBeans I have a standalone server that uses Spring and exposes some MBeans using the following definition in applicationContext.xml

19. Unable to secure URL    forum.springsource.org

Unable to secure URL Hi, I am trying to authenticate my application using spring security. Nothing has been done on authorization yet. Login is working properly, so i m able to ...

20. How secure is HTTP session authentication?    forum.springsource.org

How secure is HTTP session authentication? I am using HTTP session authentication via Acegi 1.x and AuthenticationProcessingFilter. My understanding is that once the user is logged in, various acegi objects are ...

21. Consuming secure web services    forum.springsource.org

Consuming secure web services Hi all, We have developed a web application that consumes an https web service, first we tested it with the http service, things worked smoothly, but when ...

22. Secured Object in CustomVoter class    forum.springsource.org

Any Idea I can not get the secured object here.I am expecting Report object in vote method but it's not. I have a this voter Code: ...

23. How to secure web service created using jax-ws and spring-ws    forum.springsource.org

Hi every body, i created a web service project using jax-ws spring-ws and javaconfig, using the embeedded http server in jdk1.6 but still missing how to configure security this is my ...

24. Working with @Secured    forum.springsource.org

Working with @Secured Hi all! I am a newbie to spring security.I using Spring annotations like @Autowired,@Qualifier,@RequestMapping in my application.To make them work, i have put the following code in my ...

25. Do @Secured and @Configurable work together?    forum.springsource.org

Do @Secured and @Configurable work together? Basic setup is like this: - Webproject - Spring 2.5.5 - Spring Security 2.0.4 - Interface ("MyClass") with @Secured at method level ("doSomething()") - Java ...

26. Mandating a secure channel for web services    forum.springsource.org

Mandating a secure channel for web services Hi I have an application that presents a Web UI and a SOAP service. My SOAP service uses WS-Security to authenticate (i.e. NOT HTTP ...

27. Accessing secure EJB    forum.springsource.org

Accessing secure EJB Hi, I am trying to access an EJB (in Glassfish 2.1 container) that requires a username / password (configured using the EJB IOR as-context configuration) from Spring (Tomcat ...

28. RequestMapping and Secured    forum.springsource.org

Hi, I try to secured access to my app So on my controller i had secured annotation in addition of Request Mapping, but we i try I only got an WARN ...

29. How to update a secure method's ConfigAttributeDefinition dynamically ?    forum.springsource.org

How to update a secure method's ConfigAttributeDefinition dynamically ? 1) Code: public class MethodSecurityInterceptor extends AbstractSecurityInterceptor implements MethodInterceptor public abstract class AbstractSecurityInterceptor{ protected InterceptorStatusToken beforeInvocation(Object object) { ... ConfigAttributeDefinition attr = ...

30. @Secured with @Component does not work    forum.springsource.org

I used @Secured on a bean defined on applicationContext.xml and it works well. Nevertheless, I want to transform my xml definition bean to an @Component annotation with a ...

31. @Secured service method problem    forum.springsource.org

@Secured service method problem this is how i call my service CourseManager courseManager = (CourseManager) context .getBean("courseManager"); String result = courseManager.testSpringMvcJpaIntegration(); inside coursemanagerimpl.class Code: @Transactional(propagation = Propagation.REQUIRED) @org.springframework.security.annotation.Secured("ROLE_ADMIN") public String testSpringMvcJpaIntegration() ...

32. any log to check a method is @Secured..?    forum.springsource.org

any log to check a method is @Secured..? i annotated a method in service with @Secured and in my xml i put my app able to start ...

33. Mobile client - web app secure communication    forum.springsource.org

Hi guys, In your opinion, what is the best solution that is also secure to enable integration and communication between a fat mobile client and a web application, like for instance ...

34. secure url mapping similar to port mapping    forum.springsource.org

Spring Security's port mappings (http://static.springframework.org/sp...quires-channel) work great. What I also need is a url or domain mapping. Is this easy to specify with Spring Security? For example, I want https://secure.example.com to ...

35. what class to extend in logging unauthorized acces to secured url?    forum.springsource.org

Hi! Could anybody tell me what class to subclass and method to override if I want to log the URL an unauthorized user tried to access... I am using Spring Security ...

36. @Secured working... sometimes    forum.springsource.org

Jun 8th, 2009, 02:40 PM #1 Hamb View Profile View Forum Posts Private Message Member Join Date Apr 2008 Posts 43 @Secured working... sometimes Hi Spring Sec experts, currently I'm working ...

37. How to secure jmxServer (JConsole)    forum.springsource.org

How to secure jmxServer (JConsole) I have been trying to secure the JConsole access to my stand-alone Java Server which uses Spring 2.5, but it seems anyone that knows the URL ...

38. Secure page accessed by anonymous user    forum.springsource.org

Secure page accessed by anonymous user Hi, I've started a project using ICEfaces 1.8.1 + Spring 2.5.6 + Spring Security 2.0.4 + Hibernate 3.3.1. Now I'm still in the design phase ...

39. Securing RMI, how?    forum.springsource.org

Securing RMI, how? Hello everybody, I am using spring for a few months and implemented successfully a web application and a Swing client using RMI. So far everything works fine. Now ...

40. Developing Secure url using Spring framework    forum.springsource.org

I am using AbstractWizardController to navigate between pages. For every page navigation it is generating the following http://online.uat.aegon.nl/aom/UWAut...am=0x1target1= But currently I want to generate this url as https instead of http. ...

41. Securing Spring Remoting calls    forum.springsource.org

Securing Spring Remoting calls Hi, In our environment there are 3 JVMs running in the same server and I would like to implement Spring Remoting for method calls across JVM. Now ...

42. Error when using @Secured with String array    forum.springsource.org

43. Best practices: how to secure the service layer?    forum.springsource.org

Best practices: how to secure the service layer? My question is on how to securing service layer methods in J2EE multi-tier applications... I could not find particular information on that, hence ...

44. Recognizing a secure channel behind an SSL proxy    forum.springsource.org

Recognizing a secure channel behind an SSL proxy Hi, I'm looking for feedback on how to enforce channel security in Spring when a proxy in front of the application server handles ...

45. securing web application    forum.springsource.org

securing web application I have a web application with an ldap data store and I need some guidance how to use spring-security to secure the application. I want to verify that ...

46. three-flavored secured methods    forum.springsource.org

Hi I'm not much into acegi security, but i've got a problem which i don't know wheter spring security can addresss. I've got some methods (webservices) and i need to secure ...

47. @Secured not working with list of roles    forum.springsource.org

@Secured not working with list of roles Hi, When the annotation @Secured({"ROLE_USER", "ROLE_ADMIN"}) is used, does this mean that you need both roles or that you need either one or the ...

48. Securing methods from a superclass    forum.springsource.org

Securing methods from a superclass In my business layer I have a superclass and two superinterfaces as follow: interface -> IQueryService (provides methods for query); interface -> ICRUDService (extends IQueryService and ...

49. @Secured service methods and spring ws    forum.springsource.org

I have the following project structure: base project (service layer, model) web project webservice project where both the web project and the web service project depend on the base project and ...

50. securing servlets?    forum.springsource.org

51. How to run background task through @Secured?    forum.springsource.org

We've been using Spring security for about a year now with great success. We are using a custom AuthenticationProvider. Our services are secured with @Secured annotations. My question is, what is ...

52. Securing Widgets And REST Services    forum.springsource.org

Securing Widgets And REST Services I am part of a team putting together an application for my client that has two main components--a war file containing the widgets in iframes inside ...

53. Use secure channel HTTP on spring-ws    forum.springsource.org

Dec 2nd, 2009, 10:14 AM #1 Stefan2902 View Profile View Forum Posts Private Message Junior Member Join Date Nov 2009 Posts 4 Use secure channel HTTP on spring-ws Dear all, I'm ...

54. Secure web path & REST services with different method (n00b question)    forum.springsource.org

Secure web path & REST services with different method (n00b question) Hi ppl, I'm new to Spring Security and am trying to get the following working: 1. Secure a URI path ...

55. Losing EntityManager when Securing BlazeDS Remoted object    forum.springsource.org

Losing EntityManager when Securing BlazeDS Remoted object Hi, I'm having a problem that seems similar in nature to http://jira.springframework.org/browse/SEC-750, yet I'm using Spring 2.5.6 , Spring Security 2.0.0.RELEASE and Spring BlazeDS ...

56. secure servlet-based web services using JAX-WS    forum.springsource.org

Hi, I implemented a servlet-based web services with JAX-WS with spring3.0 as described in the Reference : 19.5.5 Exposing servlet-based web services using JAX-WS see http://static.springsource.org/sprin...export-servlet How can I secure this ...

57. Accessing Secure Web service    forum.springsource.org

Accessing Secure Web service I am using spring 2.0, spring ws-security-1.0.4.jar and jdk1.4 I have certificates imported into keystore using ikeymngr from websphere. I am not able to make a connection ...

58. SpringSecurity3.0.0 - @Secured is ignored    forum.springsource.org

SpringSecurity3.0.0 - @Secured is ignored Hello! I am pretty new to SpringSecurity and i am having troubles with the @Secured annotions (3.0.0) while working with JSF2.0 i want to secure a ...

59. @Secured is not working    forum.springsource.org

Hi, I have created spring webservice which also uses interceptors for authentication. It is working fine. I have followed airline sample given by spring for this example. Issue is authorisation feature ...

60. UrlFilenameViewController secure?    forum.springsource.org

UrlFilenameViewController secure? Hi, I just have to fill some security form to document our last project. We are using the Spring-Framework 2.5.6 org.springframework.web.servlet.mvc.UrlFilenameVie wController in the standard way to map an ...

61. @Secured on setters of the @ModelAttribute object    forum.springsource.org

@Secured on setters of the @ModelAttribute object Hi! I'm trying to implement a security model where I reuse the same Model for requests from users with different security levels. Basically some ...

62. Which tools to secure my application ?    forum.springsource.org

Hi everyone, did someone know a good tool which I can use in order to create license keys, as well as install and verify them, for my java/spring application. I found ...

63. securing your java bytecode    forum.springsource.org

My project has a swing front end and so there are deliverables to the client. I was wondering if anyone had any tips on securing java bytecode. From what I have ...

64. is @Secured mutually exclusive with @Pre/@Post ?    forum.springsource.org

is @Secured mutually exclusive with @Pre/@Post ? Is the use of @Secured and the @Pre/@Post expression-based method security mutually exclusive. I have a custom implementation of RoleVoter. It seems that when ...

65. @secured is not working for a method call originating in the same bean    forum.springsource.org

I am using spring security 2.0.4. When I applied @secured annonation on SSOHandlersHolder.hadle() method it is working fine. This time I applied on checkTokenAccess() method, which is called from handle() and ...

66. @Secured ignored with @RequestMapping    forum.springsource.org

@Secured ignored with @RequestMapping When I add @Secured to a method with @RequestMapping in a @Controller, it is ignored. I'm using Spring Security 3.0.2. Here is my configuration (the relevant parts, ...

67. Securing web service    forum.springsource.org

Securing web service I want to secure my restful cxf based web service, which is used internally only (i.e. no 3rd parties) and is accessed via a web tier using java, ...

68. Add AOP Aspect (before and after-returning method) to a secured method    forum.springsource.org

Add AOP Aspect (before and after-returning method) to a secured method Hi, I try to implement autorization/ authentication with spring security. What i want is to execute some actions when a ...

69. @Secured not working with @RequestMapping    forum.springsource.org

@Secured not working with @RequestMapping Hi ppl, I been having this problem for weeks and even with googling ard haven been able to find a solution to it even though there ...

70. Securing Interface Methods with AspectJMethodSecurityInterceptor in 3.03 vs 1.08    forum.springsource.org

Hi, we are upgrading an application from acegi 1.0.8 to spring-security 3.0.3 We want to secure our Service Interfaces and are using AspectJMethodSecurityInterceptor with a securityMetadataSource like this: Code: de.service.ServiceInterface.*=ROLE_USER When ...

71. How to make web service secured    forum.springsource.org

How to make web service secured Hi All, I am currently struggling to make an web service "secured" using spring framework. Using JAAS I can make it "secured" but with Spring ...

72. using secured webservice problem    forum.springsource.org

using secured webservice problem Hi there, I have a webbapplication using spring security. The security configuration of the applicationContext.xml looks like this: Code: ...

73. securing app, one step further    forum.springsource.org

securing app, one step further Hi all, I have just open a ticket for a new feature (yet another one): https://jira.springsource.org/browse/ROO-1759 this is one step further to securing application based on ...

74. How to Display error when user clicks on a secured tab    forum.springsource.org

How to Display error when user clicks on a secured tab Hi there, I have a web site with multiple tabs on it, some tabs are secured some are not. I ...