url « Security « Spring Q&A





1. How can I determine what roles are required to access a URL with Spring Security?    stackoverflow.com

I'm using Spring Security to secure a webapp. The URLs are secured like this:

<security:http entry-point-ref="authenticationEntryPoint">
  <security:intercept-url pattern="/" access="ROLE_ANONYMOUS" />
  <security:intercept-url pattern="/assets/**/*" access="ROLE_ANONYMOUS" />
  ...
  <security:intercept-url pattern="/**" access="ROLE_USER" ...

2. Spring Security: How to get the initial target url    stackoverflow.com

I am using the spring security to restricted urls. I am trying to provide signup and login page, on the same page. On login spring security transfers to the restricted page. However ...

3. How to encode a url in spring framework?    stackoverflow.com

greetings all I have a post method in a controller, which redirects to a new page I a way such like:

@RequestMapping(method = RequestMethod.POST)
    public String post(HttpServletRequest request) {

  ...

4. How do I Programmatically test autorization for URLs in Spring Security?    stackoverflow.com

I'm using Spring security 3.0.5 in a JSF 2 application. In order to deactivate/hide entries in my navigation menu for users that are not permitted to access them, I need a way ...

5. How do I connect to a remote URL which requires Spring Security forms authentication (Java)?    stackoverflow.com

I've searched and searched but can't seem to find the answer to what seems like a straightforward authentication scenario. We have an existing Java web application that uses form-based authorization provided by ...

6. Spring Security 3 Get Initially Requested URL    stackoverflow.com

I need to modify my spring security login page based on where the user came from. My client wants the styles different between the two. If you come from appcontextroot/test ...

7. Spring Security URL pattern configuration    stackoverflow.com

This one should be quite simple. But I've been stuck with it for a while. I'm trying to implement Spring Security in my web application. By default, all URL's should be publically accessible. ...

8. Spring Security - url rewriting    stackoverflow.com

I am using a org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint with useForward=true and loginFormUrl="/login.jsp" and hence the login url of my application is - http://sub.domain.com Upon successful login I redirect to http://sub.domain.com/app. Spring MVC Dispatcher Servlet is ...

9. Spring security role-based URL    stackoverflow.com

How do I get spring-security to change the redirect page after login based on the role of the user?





10. In Spring MVC, how can I map nested URLs such as /settings/, /settings/users/, and /settings/users/delete?    stackoverflow.com

In Spring 3 MVC, I have a controller that I call SettingsController, and it has methods such as displayUsers() for displaying a list of users, saveUser(), and deleteUser(). SettingsContoller also ...

11. Url rewrite issue not getting current session (getPrincipal()) for redirected url    stackoverflow.com

I have rewrited url from: http://www.xyz.com/Sample/showSamples-ASA21DS to: http://www.xyz.com/Sample/showSamples.do?sampleId=ASA21DS using urlRewrite.xml

<urlrewrite>

<rule>
    <from>^/http://www.xyz.com/Sample/showSamples-ASA21DS</from>
    <to>http://www.xyz.com/Sample/showSamples.do?sampleId=ASA21DS</to>
</rule>
</urlrewrite>
But, I dont get current session for this new url.. For this,
SecurityContextHolder.getContext().getAuthentication().getPrincipal()
i m getting null

12. Spring Security Access Denied Handler - how do you determine what the URL was that the user tried to access?    stackoverflow.com

I'm doing some proof-of-concept work with Spring Security and have come across an interesting use case regarding logging access denied exceptions. The request is that every time a user tries ...

13. Weird Spring Security URL rewrite    stackoverflow.com

I'm having a strange problem with the j2ee app I am working on at work. We are trying to deploy our application at our client's hosting site and are running ...

14. Spring Security access-denied-handler    stackoverflow.com

I have the same exact question as here, except that the answer doesn't make sense to me. Spring Security Access Denied Handler - how do you determine what the URL was ...

15. multiple authentication providers and url rewriting    stackoverflow.com

can somebody please explain how is it possible to use Spring Security in order to secure RESTful application using

  • api key, provided as part of the URL
  • basic HTTP auth
  • username and encrypted password ...

16. multiple-target url using spring security 3.1    stackoverflow.com

i want multiple target url to be redirected to for the different roles of the users, how to achieve it using spring security 3.1, I have already done with the single ...





17. determine target url based on roles in spring security 3.1    stackoverflow.com

In spring security 3.0, we are having AuthenticationProcessingFilter class, in which we were using determineTargetUrl() method, which returned the url based on different roles. Now, we are moving to spring security 3.1.0.RC3 ...

18. Already authorized access url send to customer by email, How to?    forum.springsource.org

Hello. I have a requisite to create an authorized url and send it by email to a client. So the client only have to push the url an access the application. ...

19. Defining Roles based in url parameters    forum.springsource.org

I need to define various roles depending on url parameters without need of user login. Is there any way to implement it with filters or the autentication manager? I have found ...

20. dispatcher servlet and url-pattern with spring security    forum.springsource.org

dispatcher servlet and url-pattern with spring security Hi, My dispatcher servlet is named cDream and this is the way is mapped in web.xml: cDream *.do cDream /j_spring_security_check ...

21. How to have multiple target-url based on ROLES?    forum.springsource.org

How to have multiple target-url based on ROLES? Hi, I've implemented a ROLE based login mechinism using Spring Security. It has 2 roles viz. ROLE_USER --> Common user ROLE_ADMIN --> Admin ...

22. Spring Security 3 Get Initially Requested URL    forum.springsource.org

Hello, I need to modify my spring security login page based on where the user came from. My client wants the styles different between the two. If you come from appcontextroot/test ...

23. Authentication through an URL    forum.springsource.org

Authentication through an URL Hi, I use Spring Security for my web app; here is what I want to do. I've made a lot of researches but didn't find an answer. ...

24. How to preserve the original URL as a parameter in the Form authentication?    forum.springsource.org

Hi! I have tried to look in forum without success. I need to preserve the original URL as a parameter in the Form authentication From the thread below I understand that ...

25. multiple authentication providers and url rewriting    forum.springsource.org

multiple authentication providers and url rewriting Hello, can somebody please explain how is it possible to use Spring Security in order to secure RESTful application using - api key, provided as ...

26. I want to authenticate according to url's params    forum.springsource.org

PathBasedFilterInvocationDefinitionMap and RegExpBasedFilterInvocationDefinitionMap both use AbstractFilterInvocationDefinitionSource's getAttribute(Object) method. It looks like this: Code: public ConfigAttributeDefinition getAttributes(Object object) throws IllegalArgumentException { if ((object == null) || !this.supports(object.getClass())) { throw new IllegalArgumentException( "Object ...

27. Prevent access via entering url in address bar of browser    forum.springsource.org

Prevent access via entering url in address bar of browser I only want to allow requests that originate from an application event. For example, clicking on a link in the application ...

28. scenario prob: External configured menu url + acegi    forum.springsource.org

scenario prob: External configured menu url + acegi Let me quickly explain the 'problem' I'm having: I'm using a config file like below to configure my web menus Code: ...

29. Waht did I miss in my Acegi configuration: URL /j_acegi_security_check is not handled    forum.springsource.org

Hello all, sorry for this poor subject. I'am trying to setup Acegi 1.0RC2 with one of my spring web application. I read a examples and step by step guides, I followed ...

30. where to set authorization fail URL    forum.springsource.org

if authentication successful, but failed on AccessDecisionManager (not in the role), how to redirect URL to go to my AZ-fail page? right now it gives me 403 back.

31. Security based on urls    forum.springsource.org

Hi, I have a question here for url based security I have a user A who can only view /secure/*.jsp I have a user B who can view /admin/*.jsp Now, when ...

32. ROLE and URL    forum.springsource.org

Hi, I am a newbie of Acegi Security. From my understanding, Acegi Security will check URL based on ROLE. So I defined a role: USER USER <==> http://localhost/user/display.jsp USER <==> http://localhost/user/upload.jsp ...

33. AspectJSecurityInterceptor: How to upgrade to URL security?    forum.springsource.org

Code: logger.debug("Setting authentication object!"); Authentication at = null; try { // get the current authentication object which has to be set before at = SecurityContextHolder.getContext().getAuthentication(); if (at == null) { throw ...

34. How to provide dynamic authorization for url's?    forum.springsource.org

hi, I want to provide authorization for a list of url's, but i want these URL's to come from database. I also want roles to come from database. How can i ...

35. ACEGI - Security Rules for URL Parameters ?    forum.springsource.org

ACEGI - Security Rules for URL Parameters ? Hi all Is it possible in ACEGI to define security rules which act on URL Parameter ? My problem is that I have ...

36. restrict access to url based on additional condition check    forum.springsource.org

restrict access to url based on additional condition check Hello I have gone thru the forums but didn't find much information on this particular request. Here is what i am trying ...

37. ACEGI not precluding users from URLs (supposedly) protected by roles    forum.springsource.org

ACEGI not precluding users from URLs (supposedly) protected by roles I can't figure out why ACEGI is letting me get in as a user that doesn't have admin role to the ...

38. Different target urls for different user roles    forum.springsource.org

Hi ! I have two types of roles, ROLE_USER and ROLE_ADMIN. I want user to be redirected after sign in to appropriate urls, something like ROLE_USER => /profile/privateProfile ROLE_ADMIN => /admin/ControlPanel ...

39. changing the authentication-failure-url    forum.springsource.org

changing the authentication-failure-url Hi I am using spring security 2.0.1. I was wondering if there was any way to dynamically set the authentication-failure-url. I basically need the authentication-failure-url to go to ...

40. authenticate users by url parameters    forum.springsource.org

thanks for the replies - I will try the url parameters. I can see why teh WC3 do nto recommend this. Can the url parameters be posted (over https)? The reason ...

41. Default URL based on ROLE    forum.springsource.org

Default URL based on ROLE Good afternoon, After doing some research it seems like the way to redirect a request based on a users role is similar to this recommendation: "Use ...

42. Howto reject authorization on url with null ConfigAttributeDefinition ?    forum.springsource.org

Hi everybody, For one app I have to dynamically retrieve roles linked with an URL. So I have writed my own FilterInvocationDefinitionSource who retrieve roles from the database en create and ...

43. problem with authentication-failure-url    forum.springsource.org

problem with authentication-failure-url Hi, I am using following setting for my application:

44. How ACEGI compares URL with query string?    forum.springsource.org

How ACEGI compares URL with query string? ACEGI security is failing when we use URLs with query string. Can anyone help me to find out where ACEGi is actually doing the ...

45. How to bypass authentication for a specific url.    forum.springsource.org

How to bypass authentication for a specific url. Hi Friends, I am new to spring acegi-security which we are using in our current project. If user is not logged in to ...

46. How to access requested URL?    forum.springsource.org

Hello, Is there a way to access the URL a user was trying to get to when Spring Security filter intercepted for a login? For example: 1. user requests http://localhost/myapp/mapp_page 2. ...

47. lookUpAttribute(String url) does not work after migrating acegi to spring security 2.    forum.springsource.org

lookUpAttribute(String url) does not work after migrating acegi to spring security 2. Hi, I have migrated acegi to spring security 2.0.4. I am facing some problem with dynamic authorization. In the ...

48. Spring security, jsf and URL with parameters    forum.springsource.org

Code: int pos = url.indexOf("#{"); if (pos > -1 && url.indexOf("}", pos) > -1) { Application app =context.getApplication(); ExpressionFactory elFactory = app.getExpressionFactory(); ELContext elContext = context.getELContext(); ValueExpression valueExp = elFactory.createValueExpression(elContext, url, ...

49. Restricting access to a particular URL    forum.springsource.org

Restricting access to a particular URL Hi All, we are using Acegi 1.0.6 in our project, and we need to allow only one user to access a particular use case(url) at ...

50. Security configuration to have different auth methods per url pattern    forum.springsource.org

Mar 12th, 2009, 02:27 PM #1 cvarona View Profile View Forum Posts Private Message Junior Member Join Date Mar 2009 Posts 2 Security configuration to have different auth methods per url ...

51. Resource access with only 1 url extension    forum.springsource.org

Resource access with only 1 url extension Hello guys, This question may sound simple but I really did my best to ask mr google but unfortunately it was fruitless. May I ...

52. Is there a way not using any role to protect a URL    forum.springsource.org

Is there a way not using any role to protect a URL Hi, I want to protect some URL without specific roles. Basically, I want to use Acegi for authentication and ...

53. To add URL and roles in customObjectDefinitionSource    forum.springsource.org

To add URL and roles in customObjectDefinitionSource HI Folks, Iam using my own object definition source and as of now iam hardcoding the roles in my getAttributes methods like below. Can ...

54. access-denied-page & url    forum.springsource.org

I put this at security context Code: When access is denied for user, it redirects him to home page, but the url address in address bar at browser ...

55. Prevent User Through URL Address ?    forum.springsource.org

I have a little bit problem, i want catch and prevent user through url. If user try write something in url address bar, my aplication will return the index. How can ...

56. Can anyone get authentication-failure-url to work    forum.springsource.org

Can anyone get authentication-failure-url to work Ok, I have read all of the posts, implemented all the fixes each time to no avail. Here is my code: Code:

57. Last visited URL on ROLE_ANONYMOUS pages    forum.springsource.org

Last visited URL on ROLE_ANONYMOUS pages Hello Guys, I've noticed something. (Or maybe I misconfigured Spring Security), but my Last Visited URL does not work. I have set always-use-default-target="false" but it ...

58. Security using the session id in the URL    forum.springsource.org

Hi All Is it possible to use the session id in the url for authentication? For example: http://www.mysite.com/somecontext/ma...sionid=1234567 I want to use 1234567 for authentication. This value will be used in ...

59. ConcurrentSessionFilter: url's to give info to the user    forum.springsource.org

ConcurrentSessionFilter: url's to give info to the user My problem was: In the concurrentSessionController, with exceptionIfMaximumExceeded to TRUE, so if the sessions are in use and a new one try to ...

60. Spring Security url- pattern    forum.springsource.org

Spring Security url- pattern Hello, first I have to say that I beginner with the Spring Security Framework, In my web application I use the Spring Security Framework. When I login, ...

61. How to turn off security for certain url pattern    forum.springsource.org

How to turn off security for certain url pattern Hi, I want to turn-off authentication for certain url pattern. I tried the following but is not working. Did I use anything ...

62. Spring security 3 and Url Rewrite    forum.springsource.org

Spring security 3 and Url Rewrite Hi all, I'm looking to secure my basic application with Spring security 3 however because I am using a Urlrewrite filter (required for RESTful urls) ...

63. How to set authentication success handler and have my own target url resolver in 3.0    forum.springsource.org

How to set authentication success handler and have my own target url resolver in 3.0 Hi, I am migrating to 3.0 now, but could not figure out how to set my ...

64. Spring Security and Web Crawlers - Session ID in URL    forum.springsource.org

Spring Security and Web Crawlers - Session ID in URL Hi folks, I'm using Spring Security in order to establish an administration backend for my web application. Everything works great and ...

65. Form and Basic authentication for separate url patterns    forum.springsource.org

Hi, Is it possible to configure the http basic authentication for a given url pattern and form based authentication for all the rest? The reason for this is that I want ...

66. Different authentication providers for different urls    forum.springsource.org

Different authentication providers for different urls Hi, I have an application where I need to implement a different authentication logic based in accessed URL. I'm using my custom authentication provides which ...

67. Can SS verify the URL authentication?    forum.springsource.org

68. How to protect records if a user changes the id in the URL.    forum.springsource.org

How to protect records if a user changes the id in the URL. Hi, i have an application where users submit a form and they can view their results. Example: apps/viewForm?id=2. ...

69. custom authentication with url parameters    forum.springsource.org

I am trying to perform an authentication via url parameters. The system should check, whether certain parameters (not neccessarily just a username password combination) are set and then authenticate against an ...

70. How to check for url access?    forum.springsource.org

Hi, I would like to programatically check to see if the current user has access to a particular URL. I configured all of the url's in the spring xml config file. ...

71. Proper way to customize authorization by URL    forum.springsource.org

Proper way to customize authorization by URL I have a problem that seems like it would be pretty common, but I'm having a hard time figuring out the correct approach and ...

72. Check url access in actions    forum.springsource.org

Check url access in actions Hi I need to create a custom menu for my app, based on the roles of a user. In this way, any user will see only ...

73. Posting to external URL & Spring Security    forum.springsource.org

Posting to external URL & Spring Security My application is secured by Spring Security framework. Within one JSP page, I am doing a post to an external URL (i.e. a service), ...

74. Authorization based on parameters in the url    forum.springsource.org

Hi! I have an application where the access to an url depends on some of the parameters in the url, something like https://myhost.com/edit?articleId=45 If the person who is logged in has ...

75. URL Pattern Matching Using Spring Security without Spring MVC    forum.springsource.org

URL Pattern Matching Using Spring Security without Spring MVC Hi All, I am attempting to use Spring Security with my home grown web app. I am using Front Controller with Command ...

76. channel security rewrite urls    forum.springsource.org

channel security rewrite urls Hi, When using spring security namespace you can set the required channel (http/https) with the intercept-url directive. A servlet filter will be configured to check if a ...

77. Access a list of site URL's    forum.springsource.org

Hello, When using the to wire in Controllers how can I go about getting a list of all the URL's my site has? When using SimpleUrlHandlerMapping you could call ...

78. How can access multiactionController by URL    forum.springsource.org

Hi everyone, I'm a beginner in Spring and I had a problem when using MultiactionController. I have a MultiactionController for delete action and when I tried to access this method by ...

79. Displaying links to urls that only a user has access to    forum.springsource.org

Displaying links to urls that only a user has access to Hello! We are currently in the process of securing our site that uses Spring MVC, jsps, and Spring Security 3.0.3 ...