Spring xml looks like this
<bean id="securityManager"
class="org.jsecurity.web.DefaultWebSecurityManager">
<property name="realm" ref="poloRealm"/>
<property name="sessionMode" value="jsecurity"/>
</bean>
<bean id="poloCredentialsMatcher"
class="polo.security.PoloCredentialsMatcher">
<property name="userController" ref="userController"/>
</bean>
<bean id="poloRealm" class="polo.security.PoloRealm">
<property name="credentialsMatcher" ref="poloCredentialsMatcher"/>
</bean>
<bean id="lifecycleBeanPostProcessor"
class="org.jsecurity.spring.LifecycleBeanPostProcessor"/>
web.xml like this
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd";>
<web-app>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/beans.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>JSecurityFilter</filter-name>
<filter-class>org.jsecurity.spring.SpringJSecurityFilter</filter-class>
<init-param><param-name>config</param-name><param-value>
[main]
</param-value></init-param>
</filter>
<filter-mapping>
<filter-name>JSecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>CXFServlet</servlet-name>
<display-name>CXF Servlet</display-name>
<servlet-class>
org.apache.cxf.transport.servlet.CXFServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>service</servlet-name>
<display-name>Dispatcher Servlet</display-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>service</servlet-name>
<url-pattern>/service/*</url-pattern>
</servlet-mapping>
</web-app>
thanks,
Jelle
Les Hazlewood-2 wrote:
>
> Can we see the relevant parts of your web.xml and Spring xml
> configuration?
> Its hard to say without it...
>
> On Wed, Feb 4, 2009 at 12:07 PM, jvreeker <[email protected]> wrote:
>
>>
>> Hi Les,
>>
>> So I build in the JSecurityFilter, but If I use
>> SecurityUtils.getSubject().getSession() I still get different sessions. I
>> am
>> need the same session, because if I am logged in I use the function
>> setAttribute.
>> TRACE org.jsecurity.session.mgt.DefaultSessionManager - Creating session
>> for originating host [/192.168.0.37]
>>
>> Why is it still creating new sessions.?
>>
>> Jelle
>>
>>
>> Les Hazlewood-2 wrote:
>> >
>> > Hi Jelle,
>> >
>> > The appropriate set-up for a web-enabled application is to use the
>> > JSecurityFilter in web.xml. It will set up a DefaultWebSecurityManager
>> > and
>> > do Request binding automatically:
>> >
>> >
>> http://www.jsecurity.org/api/org/jsecurity/web/servlet/JSecurityFilter.html
>> >
>> > After the filter is defined, just do this anywhere in code:
>> >
>> > SecurityUtils.getSubject();
>> >
>> > You shouldn't interact with the SecurityManager directly unless you're
>> > programming infrastructure/framework code.
>> >
>> > Check out the sample web application in the jsecurity distribution and
>> > look
>> > at its web.xml file and applicationContext.xml file. It shows you how
>> to
>> > configure Realms and other things in Spring which will then be
>> accessible
>> > to
>> > the JSecurityFilter at runtime.
>> >
>> > Cheers,
>> >
>> > Les
>> >
>> > On Tue, Feb 3, 2009 at 12:17 PM, jvreeker <[email protected]>
>> wrote:
>> >
>> >>
>> >> Hi,
>> >>
>> >> I have a tomcat server, with spring using cxf to enable the soap
>> calls.
>> >>
>> >> So I have a soap call login. when I call securityManager.getSubject()
>> I
>> >> get
>> >> always the same subject back.
>> >> I though it was because I am using
>> >> org.jsecurity.mgt.DefaultSecurityManager.
>> >>
>> >> So I tried DefaultWebSecurityManager but then I am getting errors.
>> >> No ServletRequest found in ThreadContext. Make sure WebUtils.bind() is
>> >> being
>> >> called.
>> >>
>> >> But in the first option if I use getSubject().GetSession it returns
>> >> different sessions.
>> >> should I then use SessionManager and the correct sessionID.
>> >>
>> >> Is this the correct way?
>> >> Thanks,
>> >> Jelle
>> >> --
>> >> View this message in context:
>> >> http://n2.nabble.com/using-CXF-with-JSecurity-tp2264471p2264471.html
>> >> Sent from the JSecurity User mailing list archive at Nabble.com.
>> >>
>> >>
>> >
>> >
>>
>> --
>> View this message in context:
>> http://n2.nabble.com/using-CXF-with-JSecurity-tp2264471p2270012.html
>> Sent from the JSecurity User mailing list archive at Nabble.com.
>>
>>
>
>
--
View this message in context:
http://n2.nabble.com/using-CXF-with-JSecurity-tp2264471p2270221.html
Sent from the JSecurity User mailing list archive at Nabble.com.
