web « Security « Spring Q&A





1. Spring Security: What is the UserDetailsManager interface used for? And more!    stackoverflow.com

I'm curious about the UserDetailsManager interface. It's not mentioned in the reference guide and in the JavaDoc it's described as:

An extension of the

2. spring security: what is the difference between account locked and not enabled    stackoverflow.com

The UserDetails interface has two properties that seem to be the same, locked and enabled. Aren't these just the opposite one of the other?

3. Best practices in modelling user constraints in a webapp?    stackoverflow.com

I'm building a webapp with role based access control using Acegi (Spring) security. So i have different users with roles: ROLE_ADMIN, ROLE_USER and etc.
However, i need to implement various user ...

4. Can i put 3 different authentication schemes in same spring security configuration?    stackoverflow.com

My requirement is to provide:

  1. Userid password based authentication.
  2. Open id based authentication
  3. Url based authentication (its a custom sso impl we have)
in the same project. I have tried to plug in Spring security into ...

5. How do swap implementations on a per user basis on a web application using Spring's DI    stackoverflow.com

Say a web application is a central payment processing engine, where each user may have a different credit card provider that will be processing the credit card. There is an interface that ...

6. How do I use a custom authentication mechanism for a Java web application with Spring Security?    stackoverflow.com

I'm working on a project to convert an existing Java web application to use Spring Web MVC. As a part of this I will migrate the existing log-on/log-off mechanism ...

7. How to manage user authentication/sessions?    stackoverflow.com

What is the best way to manage user authentication/sessions in a web app, ideally in a clustered environment, using Spring Framework/MVC? I thought of creating a login bean that creates a ...

8. Web user account management components    stackoverflow.com

I need to create user account registration / login / management components for a Spring backed web application. I'm intending to use Acegi to help with the authentication side of things. ...

9. Clean up user input from unwanted HTML in a Spring web application    stackoverflow.com

I need to tidy user input in a web application so that I remove certain HTML-tags and encode < to &gt etc. I've made a couple of simple util methods that strips ...





10. Per-user TimeZones in a webapp using Spring    stackoverflow.com

I have a web application which has different users logging in to view transactions. I want to be able to let the users set their own time zone and then ...

11. Externalizing Spring Security configuration?    stackoverflow.com

I have a web application that works with several different configurations of Spring Security already. However, these difference configuration are all setup within my applicationContext configuration file. Therefore, in ...

12. How to allow users to create or edit web forms within a Spring MVC web application?    stackoverflow.com

We would like to provide our users with a limited set of drag-n-drop fields so they could manage template web forms in an application. The admins would define these templates ...

13. Where should I store a user ID key in spring / spring-security in a webapp?    stackoverflow.com

Once a user is authenticated I have an Object userID. Where is the "best" place to store this in Spring using Spring-Security (this is a webapp)?

  • Session seems inelegant, because then I have ...

14. How To Approach Authentication In My Web App? JSF2 + Spring3 + GlassFish3 + Hibernate    stackoverflow.com

I'm building a new web app from scratch for a client. The tools are JSF2, PrimeFaces, Spring3, GlassFish3, Hibernate. I have a basic web app working fine. Now I have to put ...

15. Is there any good e-material or web site to start up with spring and spring security?    stackoverflow.com

I mean to say like for html/css/jquery etc. we have w3schools like that is there any web site or e-material for starting up with spring and spring security.

16. Is Spring the right choice for me?    stackoverflow.com

I want to start developing a little web-based game, and would appreciate some advice before I get into it. Hopefully this is the place to ask! The game is basically a fantasy-football ...





17. Simple web site user management with Spring    stackoverflow.com

I've done many sites, using Java, Php, etc... When I needed user management I would use HttpSession and a DB to keep passwords and eventually session data. What's the recomended/standard way ...

18. Authentication Between Two Separate Web Applications    stackoverflow.com

I have two web applications that live on different web servers but if you're authenticated in web app A then the user should also be authenticated in web app B. The ...

19. Can I be sure my Java web app running on localhost:8080 is invisible from my fellow Starbucks customers?    stackoverflow.com

I'm developing a Spring application on my Windows 7 machine and running it on localhost:8080. Is there any chance that if I do this in a public location like Starbucks that it ...

20. Programming User registration in web application Java Spring MVC    stackoverflow.com

I am building web application where i am building the first stage with user registration and login. I am thinking of

class User 
{
    private userid;
    private ...

21. DAO scope in spring-hibernate multi-user web-app?    stackoverflow.com

I actually saw this question, but couldn't get much from it, so I'll try to be more specific with mine.
I have BaseDAO class in my multi-user web-app that looks like ...

22. Best way for a Spring MVC web app to detect a brute force attack?    stackoverflow.com

Are there any features specifically in Spring 3.0 MVC that would help implementing detection of a brute force attack on the authentication/login page of a web app?

23. Unable to let the user download PDF from web application    stackoverflow.com

This is the controller class

@Controller
public class ReportController {
    @RequestMapping("/reports.htm")
    public void onSubmit(ModelMap map, HttpServletResponse response) {

        PayrollService ps ...

24. Spring webapp security based on owner of record    stackoverflow.com

Let's say I have users and articles. Anonymous can list and read articles.
Only registered and logged user can create articles.
User can edit only own articles.
And, of course, admin can do anything.
I've looked ...

25. How to add disclaimer in webapp    stackoverflow.com

I am using spring and spring security in our application, and authentication is done through ldap. after authentication role is check with database, and according to role he was able access ...

26. Get a file attachment from User and send an email along with that attachment. Java Web App    stackoverflow.com

I have a scenario. I just want to understand the technical feasibility and some direction on it. There is an existing Web Application written in Java. Basically the requirement is to get ...

27. Sharing Authentication Between Two Separate Web Applications    forum.springsource.org

Sharing Authentication Between Two Separate Web Applications Hello, I have two web applications that live on different web servers but if you're authenticated in web app A then the user should ...

28. Configuration problem: spring-security-web classes are not available    forum.springsource.org

Feb 2nd, 2011, 09:03 AM #1 astronaute View Profile View Forum Posts Private Message Junior Member Join Date Sep 2009 Posts 14 Configuration problem: spring-security-web classes are not available Hello all, ...

29. Configuration problem: spring-security-web classes are not available. You need ...    forum.springsource.org

Configuration problem: spring-security-web classes are not available. You need ... Hello. I'm working with STS 2.6.1 and Spring security 3.1.0 RC2 Here my spring security config: Code:

30. 2 webapps configured with spring security cause havoc on each other    forum.springsource.org

2 webapps configured with spring security cause havoc on each other Hi, I've created 2 web apps and I have configured them both to use spring security. When I start up ...

31. Global authentication between 3 webapps    forum.springsource.org

Global authentication between 3 webapps Hi: I've got 3 web application runnning into Tomcat 7: login.war , admin.war and stuff.war I want to secure admin.war and stuff.war by redirecting to a ...

33. Paranoid web-security? How-to?    forum.springsource.org

Paranoid web-security? How-to? Hello all. Recently I started implementing a web-based application. I like Acegi, and decided to give it a try. One of my colleagues had written something prior to ...

34. Endless loop in web authentication    forum.springsource.org

Mar 31st, 2005, 04:21 PM #1 gmansoor View Profile View Forum Posts Private Message Visit Homepage Member Join Date Mar 2005 Location Sterling, VA USA Posts 34 Endless loop in web ...

35. using acegi on a distributed system without web    forum.springsource.org

using acegi on a distributed system without web Hi, We are considering using acegi for the security layer of our app, which doesn't have a web layer. We have a server ...

36. Putting all together for web authentication    forum.springsource.org

May 31st, 2005, 06:28 PM #1 jagarciaga View Profile View Forum Posts Private Message Visit Homepage Member Join Date Sep 2004 Location Bogota Posts 57 Putting all together for web authentication ...

37. MDB-access to objects created during web app startup?    forum.springsource.org

MDB-access to objects created during web app startup? Hello, I'll start by explaining our current setup. We have a web application that, at initialization time, all singleton objects are created and ...

38. Reward for WEB Site Security Testing    forum.springsource.org

Hi all: First of all, thanks for offering Acegi as an open source project. We have developed a web site using Acegi framework for user authentication and content authorization. We are ...

39. Unable to configure security for path /admin in webapp    forum.springsource.org

Aug 24th, 2005, 05:39 PM #1 juan110470 View Profile View Forum Posts Private Message Junior Member Join Date Jan 2005 Posts 18 Unable to configure security for path /admin in webapp ...

40. Application needs web and command line user interfaces    forum.springsource.org

Application needs web and command line user interfaces I am working on the architecture of a telecom monitoring application that must allow the user to kick off actions through a web ...

41. Use of Acegi in non web application    forum.springsource.org

Use of Acegi in non web application Hi, I am trying to use Acegi in a non web application. Application also doesnt make use of any web/application container (Tomcat, JBoss etc) ...

42. Common security for different webapps    forum.springsource.org

Hello! I have an EAR with a set of WARs, and application.xml declaring webapps and corresponding root contexts (e.g., /webapp1, /webapp2, etc.). What is the best way to implement common security ...

43. acegi and external web based authorization    forum.springsource.org

acegi and external web based authorization We have an external web based authorization system here. To use it, on your web page (step 1) you put a form just with a ...

44. security problems with hosted web site    forum.springsource.org

security problems with hosted web site Hi, i have a hosted web site with some security restrictions that don't let my app run. The web admin ask me if there's another ...

45. Acegi and multiple/nested web apps?    forum.springsource.org

Acegi and multiple/nested web apps? Well I don't know if the title is concise enough, but here is an explanation. I'm looking at an application which really is a collection of ...

46. Cannot transmit proxy ticket from proxy web app to acegi spring web app    forum.springsource.org

How to transmit proxy tickets to acegi? Hello, I would like to know how to transmit proxy ticket from a web app A to a web app B which is CASified ...

47. Simple web app security    forum.springsource.org

Simple web app security Hi, I have just started to learn spring and acegi. Im trying to get a simple webapp running. I found this website http://www.thearcmind.com/confluence...ation+Possible and have tried to ...

48. Authentication in Non-Web application    forum.springsource.org

Authentication in Non-Web application Looking at how the authentication manager accesses the security context for the authorization; I can't figure out how to do this in a non-web J2EE application. I ...

49. Using Form-based and Basic authentication in the same web app    forum.springsource.org

Using Form-based and Basic authentication in the same web app Hi everybody, I have a web app, that is protected using acegi and form based authentication. Now I would like to ...

50. Q:Web app for managin users    forum.springsource.org

Hi all, I am using DB authentication with simple schema http://www.acegisecurity.org/dbinit.txt I am not using ACL part just user part - user and authorities tables. I am wondering if somebody has ...

51. Acegi in non-web app    forum.springsource.org

Acegi in non-web app I'm having a problem with acegi in a standard java app (not a web app). The docs are predominantly for web applications, so I think I'm just ...

52. New user - acegi use *without* web application    forum.springsource.org

New user - acegi use *without* web application Hi, I am a newbie to acegi and have spent some time reading the material and understanding this great framework better. I am ...

53. 2nd layer of web security    forum.springsource.org

2nd layer of web security assuming the following use case scenario: 1. user has not been authenticated 2. user tries to open secure page http://foo/bar.html 3. system displays login form instead ...

54. Basic and Form based authentication in same webapp    forum.springsource.org

Hi, A very short description of my problem: I have two types of users: 1) Humans 2) Systems (e.g. Google Search Appliance crawler) I would like humans to be prompted by ...

55. Acegi Security simple non-web sample?    forum.springsource.org

Acegi Security simple non-web sample? Acegi Security simple non-web sample? Is there such thing? On the acegi web site, in their suggested steps they recommend to try their sample applications first. ...

56. One authentication for more than one web apps    forum.springsource.org

Hi friends. I did not find information about setting up acegi to share authentication features between differentes web apps (more precisely, different wars in a same tomcat). Spring/Acegi can manage authentication ...

57. Authenticate to multiple webapps    forum.springsource.org

Hi all, We have to support multiple webapps with a single-sign-on-process (SSO to different webapps on the same Tomcat). What is the best way to achive this? Are there any examples? ...

58. not able to access the web page    forum.springsource.org

PHP Code: ...

59. Web Authorization & Security    forum.springsource.org

Hi, I'm brand new to Spring and have read the tutorial and some documentation. There doesn't appear to be anything in Spring related to the typical login mechanism found on a ...

60. Integrate acegi with existed web application    forum.springsource.org

Hello, I am integrating acegi into our existed web application. Does anybody know how to build the existed application's httpsession data (e.g username, password etc.) after successfully acegi login (e.g via ...

61. how authenticate all web requets by acegi    forum.springsource.org

how authenticate all web requets by acegi I saw some example one of them: in orde to authenticate web requets ,you can extends abstrast class AbstractProcessingFilter.this class has filterProcessesUrl property . ...

62. WebApp User input checking- smart way?    forum.springsource.org

63. acegi security vs. web server container security    forum.springsource.org

acegi security vs. web server container security Hi: I am a newbie to spring & acegi and I have a simple web application where I want to secure the methods of ...

64. Using spring security in non-traditional web app    forum.springsource.org

I have an app that accepts flash transport requests via a 3rd party flash connector running in a Jetty instance. The 3rd party connector calls back into my code through a ...

65. Spring + Web Authentication + Connect RDBMS    forum.springsource.org

Spring + Web Authentication + Connect RDBMS Hello everyone: We are undertaking a web project and we decided to use Java and several frameworks for the corresponding layers (Hibernate, Spring, icefaces) ...

66. Spring + Web Authentication + Connect RDBMS    forum.springsource.org

Spring + Web Authentication + Connect RDBMS Hello everyone: We are undertaking a web project and we decided to use Java and several frameworks for the corresponding layers (Hibernate, Spring, icefaces) ...

67. Spring + Web Authentication + Connect RDBMS    forum.springsource.org

Spring + Web Authentication + Connect RDBMS Hello everyone: We are undertaking a web project and we decided to use Java and several frameworks for the corresponding layers (Hibernate, Spring, icefaces) ...

68. Spring Security in a Web Bundle?    forum.springsource.org

Spring Security in a Web Bundle? I would like to add basic authentication to a web bundle and I am using the Spring DM server. My problem is that the application ...

69. Problem adding security to existing Spring Web app    forum.springsource.org

Problem adding security to existing Spring Web app I'm trying to add security to an app and get the following error: "The requested resource (/appname/j_spring_security_check) is not available." Is there something ...

70. Spring Security without web container    forum.springsource.org

Spring Security without web container Hi everybody, first of all: i'm a newbie to Java and Spring! My problem is: i'm running a webApp secured by http://code.google.com/p/dynamic-rule-security/. It uses spring security. ...

71. What framework/tool do I use to manage user groups for web pages?    forum.springsource.org

What framework/tool do I use to manage user groups for web pages? What framework/tool do I use to manage user groups for web pages? Spring Security? I read what it offers, ...

72. Spring Security and Stateless WebApp    forum.springsource.org

Spring Security and Stateless WebApp Hello all, where I work, we are currently evaluating if we can integrate Spring Security in our web application. It is our favorite at the moment ...

73. Error when setting up simple web project security    forum.springsource.org

Error when setting up simple web project security I created a web project and added spring library files, along with above mentioned applicationContext-security.xml and web.xml files. Web.xml Code: ...

74. Simple spring security web    forum.springsource.org

Jul 21st, 2009, 06:31 PM #1 neotherack View Profile View Forum Posts Private Message Visit Homepage Junior Member Join Date Jun 2009 Location Len, Spain Posts 24 Simple spring security web ...

75. Spring Security implementaion for a web application ?    forum.springsource.org

Hi Friends, We are developing java based Web application having different users we have classified the users on role basis. Roles defined as below: 1. Office Admin - Admin can access ...

76. Can i implement only spring security in web application.    forum.springsource.org

Hi All, Is it possible to implement only one features of spring (spring security) in my web application without implementing other spring features ( like dependency injection.....etc).

77. Acegi Security and Spring 3 WebApp    forum.springsource.org

Acegi Security and Spring 3 WebApp Hi folks, i am working with Spring 3 on a pretty simple web application, trying to use all the spring related tools to get a ...

78. 2 webapps : 1 acegi master & 1 slave ??    forum.springsource.org

hello, my question is perhaps a little bit stupid, but ... i have a webapp with acegi which work perfectly. i want put put acegi to the second webapp. but it ...

79. Authentication: different webapp same application server    forum.springsource.org

Authentication: different webapp same application server Hi all, i'm new to spring-security i'm searching for a solution (could someone point me to the right way), my problem is: I've set-up spring-security ...

80. Please help!!! - Cannot access JNDI in non-web application?    forum.springsource.org

Please help!!! - Cannot access JNDI in non-web application? In my non-web application on websphere 7.0, I am getting this error: A JNDI operation on a "java:" name cannot be completed ...

81. Spring security with mutliple web applications    forum.springsource.org

Spring security with mutliple web applications Hi All, I have a deployment scenario in which I have got one main application and few supporting applications, all deployed in a tomcat container ...

82. Access web app in two different ways    forum.springsource.org

Access web app in two different ways I have been using Acegi / Spring Security for years but have always used the 'plain vanilla' setup - using a local database, default ...

83. Testing Spring web app with RESTeasy, JPA, Spring Security    forum.springsource.org

Testing Spring web app with RESTeasy, JPA, Spring Security Hi, I've recently inherited a Spring based web services application that uses RESTeasy to expose its services. It also has a database ...

84. how to keep user authentication across multiple web application    forum.springsource.org

Hi All, I have two web application, they are deployed in separate tomcat instance. one run on 8080 and other one run on 9090 port. Let's assume they are "admin" and ...

85. Hibernate, connecting with different user/password per web session    forum.springsource.org

Hibernate, connecting with different user/password per web session Hi. I'm writing a web GUI using FLEX, Hibernate & Spring for an existing application. I use BlazeDS to connect FLEX and Spring. ...

86. org.springframework.security.ui.webapp    forum.springsource.org

Hi Guy, Can I know the org.springframework.security.ui is in which library file? I using Spring 3.0 has download the 1) spring-security-core-3.0.2 2) spring-security-web-3.0.2 3) spring-security-config-3.0.2 4) spring-security-acl-3.0.2 5) spring-security-taglibs-3.0.2 But can't ...

87. Typical Creating webapp: User registration/forget password etc.    forum.springsource.org

I think the closest you are going to get is JdbcUserDetailsManager which implements both UserDetailsManager and GroupManager. You will need to write the UI yourself. You might find this blog valuable ...

88. spring-security-web classes are not available    forum.springsource.org

spring-security-web classes are not available Hi, I'm having some trouble with Spring Security and would appreciate your help. I've created a very basic web application (2 pages - one secured) as ...

89. Password change only takes effect after restarting web app    forum.springsource.org

I read elsewhere in this forum that the following bits of code should be used after the user's password has been successfully changed in the database: Code: SecurityContext context = SecurityContextHolder.getContext(); ...

90. does spring security work for both enterprise web application and standalone java app    forum.springsource.org

does spring security work for both enterprise web application and standalone java app Hi, The followings are my questions: 1 .our company is trying to build both standalone and web java ...

91. Web security and parameters    forum.springsource.org

Web security and parameters Hi folks, Is there a way to obfuscate the information that goes to the web page? Not everything, of course, but all primary keys. This is to ...