Re: Any elegant approach to integrate Spring security with GWT RPC based application?

2016-07-02 Thread Juan Pablo Gardella 
See
https://groups.google.com/forum/m/?fromgroups#!topic/google-web-toolkit/fkbowz5-5do
it's old but maybe ir is still useful for your needs

El sáb., jul. 2, 2016 7:52, Gilberto  escribió:

> Not the answer you would like to hear, but...
>
> In my humble opinion, the elegant solution would be not using GWT RPC at
> all. Go RESTful.
>
> For the annotation problem, I don't know if there's a way to escape...
> maybe you could try code generation (which usually also relies on
> annotations... so...).
>
> --
> You received this message because you are subscribed to the Google Groups
> "GWT Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to google-web-toolkit+unsubscr...@googlegroups.com.
> To post to this group, send email to google-web-toolkit@googlegroups.com.
> Visit this group at https://groups.google.com/group/google-web-toolkit.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups "GWT 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

Re: Any elegant approach to integrate Spring security with GWT RPC based application?

2016-07-02 Thread Gilberto 
Not the answer you would like to hear, but...

In my humble opinion, the elegant solution would be not using GWT RPC at 
all. Go RESTful.

For the annotation problem, I don't know if there's a way to escape... 
maybe you could try code generation (which usually also relies on 
annotations... so...).

-- 
You received this message because you are subscribed to the Google Groups "GWT 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

Any elegant approach to integrate Spring security with GWT RPC based application?

2016-07-01 Thread Alex Luya 


There is a pure GWT solution here:GWT Spring Security Integration (PURE 
GWT, NO JSP) 
<http://stackoverflow.com/questions/13914547/gwt-spring-security-integration-pure-gwt-no-jsp>

1,Do not use http element at all (http tag from config namespace)

2,Define your AuthenticationRpcService

3,Add AuthenticationRpcService.authenticate(user,password) method

4,Inject into AuthenticationServiceImpl AuthenticationProvider bean from 
security-context.xml

5,Implement AuthenticationRpcService.authenticate(user,password) as :

User user = new User(login, password, true, true, true, true, new 
ArrayList());
Authentication auth = new UsernamePasswordAuthenticationToken(user, password,
new ArrayList());
try {
auth = this.authenticationProvider.authenticate(auth);
} catch (BadCredentialsException e) {
throw new ClientSideBadCredentialsException(e.getMessage(), e);
}
SecurityContext sc = new SecurityContextImpl();
sc.setAuthentication(auth);

SecurityContextHolder.setContext(sc);

6,Ensure that spring security filter chain is executed during processing of 
each your GWT RPC call (to be sure that SecurityContext populated into 
SecurityContextHolder).

7,Secure all business services with @RolesAllowed({ "ADMIN_ROLE", 
"USER_ROLE" }) annotations

8,Prepare your own ClientSideAcessDeniedException that can be used on 
client side

9,In a case of spring AcessDeniedException propogate 
ClientSideAcessDeniedException to client side

10,On client side set up UncaughtExceptionHandler via 
GWT.setUncaughtExceptionHandler

11,In UncaughtExceptionHandler detect CustomAcessDeniedException and then 
show error to user.

The big problem of this solution is that every service must be annotated,so 
any elegant solution to solve this problem?

-- 
You received this message because you are subscribed to the Google Groups "GWT 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

Spring Security and GWT Caching Issue

2011-09-20 Thread Xephonic 
 I've integrated Spring Security with GWT, and it appears to mostly
work. I'm having a caching issue with the main html page in IE and
Chrome, however.

I've separated out Spring Security login to a login.jsp that redirects
to my Application.html page (the GWT page), and when I first start the
app and access the page, it appears to be working fine in all
browsers. I get directed to the login page, because I'm not
authenticated.

The issue is that in Chrome or IE, if i close the browser after a
successful login, and directly browse back to that Application.html
URL, it still renders as if I'm authenticated. I look in my console,
and the log statements for spring security verify I am not
authenticated. The moment i hit f5 to refresh the page, I get directed
back to the login.jsp url.

I'm lead to believe this is some caching issue because when I close
the browser and reopen to the html page, even though it renders like
I'm logged in, the console log statements say I'm not, and if I run in
debug mode, the OnModuleLoad() in Application.java never gets hit.

Finally, this appears to work properly in firefox...If anyone has seen
this issue or has any advice of where I need to look to fix, I would
greatly appreciate the assistance.

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: Spring Security and GWT Caching Issue

2011-09-20 Thread Juan Pablo Gardella 
+1

2011/9/20 Xephonic brent.peck...@gmail.com

  I've integrated Spring Security with GWT, and it appears to mostly
 work. I'm having a caching issue with the main html page in IE and
 Chrome, however.

 I've separated out Spring Security login to a login.jsp that redirects
 to my Application.html page (the GWT page), and when I first start the
 app and access the page, it appears to be working fine in all
 browsers. I get directed to the login page, because I'm not
 authenticated.

 The issue is that in Chrome or IE, if i close the browser after a
 successful login, and directly browse back to that Application.html
 URL, it still renders as if I'm authenticated. I look in my console,
 and the log statements for spring security verify I am not
 authenticated. The moment i hit f5 to refresh the page, I get directed
 back to the login.jsp url.

 I'm lead to believe this is some caching issue because when I close
 the browser and reopen to the html page, even though it renders like
 I'm logged in, the console log statements say I'm not, and if I run in
 debug mode, the OnModuleLoad() in Application.java never gets hit.

 Finally, this appears to work properly in firefox...If anyone has seen
 this issue or has any advice of where I need to look to fix, I would
 greatly appreciate the assistance.

 --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To post to this group, send email to google-web-toolkit@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: Spring Security with GWT

2011-08-13 Thread Navindian 
any sample of gwt 2.3+spring security 3+captcha.

On Sat, Jul 9, 2011 at 2:57 AM, Sven sven.reinhard...@googlemail.comwrote:

 Hi people,

 I am using GWT 2.3 and Spring Security 3. To explain my application
 structure a little bit. My WebContent folder contains:

 WebContent/
 -WEB-INF/
 -login.html
 -logout.html
 -secure/
 ---index.html

 Starting my application and trying to access
 http://127.0.0.1.:/secure/index.html
 redirects me to http://127.0.0.1.:/login.html... That's the way it
 should be. After entering my credentials I get taken to my secured
 index.html. There I have a navigation bar containing a FormPanel which
 fires a POST j_spring_security_logout.

 My configuration says that in this case I should get taken to
 http://127.0.0.1.:/logout.html.
 The security log shows that the security chain is processing a
 redirect to this page. But the strange behaviour I stay on the secured
 index page in FF or IE.

 Obviously something blocks the redirect or do I have a general
 missunderstanding?

 Here some parts of my security file:

 security:http auto-config=true
security:intercept-url pattern=/secure/index.html
requires-channel=http
 access=IS_AUTHENTICATED_FULLY /
security:form-login
 login-processing-url=/j_spring_security_check
login-page=/login.html
 default-target-url=/secure/index.html
authentication-failure-url=/logout.html /
security:access-denied-handler
error-page=/login.html /
security:logout logout-success-url=/logout.html/
/security:http

 The log file after pressing logout button:

 org.springframework.security.web.FilterChainProxy - Converted URL to
 lowercase, from: '/j_spring_security_logout'; to: '/
 j_spring_security_logout'
 DEBUG 23:25:06,632 [btpool0-1]
 org.springframework.security.web.FilterChainProxy - Candidate is: '/
 j_spring_security_logout'; pattern is /**; matched=true
 DEBUG 23:25:06,632 [btpool0-1]
 org.springframework.security.web.FilterChainProxy - /
 j_spring_security_logout at position 1 of 11 in additional filter
 chain; firing Filter: 'ChannelProcessingFilter'
 DEBUG 23:25:06,632 [btpool0-1]
 security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
 - Converted URL to lowercase, from: '/j_spring_security_logout'; to: '/
 j_spring_security_logout'
 DEBUG 23:25:06,633 [btpool0-1]
 security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
 - Candidate is: '/j_spring_security_logout'; pattern is /secure/
 index.html; matched=false
 DEBUG 23:25:06,633 [btpool0-1]
 org.springframework.security.web.FilterChainProxy - /
 j_spring_security_logout at position 2 of 11 in additional filter
 chain; firing Filter: 'SecurityContextPersistenceFilter'
 DEBUG 23:25:06,633 [btpool0-1]
 springframework.security.web.context.HttpSessionSecurityContextRepository
 - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT:
 'org.springframework.security.core.context.SecurityContextImpl@441d0230:
 Authentication:

 org.springframework.security.authentication.UsernamePasswordAuthenticationToken@441d0230
 :
 Principal: org.springframework.security.core.userdetails.User@36ebcb:
 Username: user; Password: [PROTECTED]; Enabled: true;
 AccountNonExpired: true; credentialsNonExpired: true;
 AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials:
 [PROTECTED]; Authenticated: true; Details:
 org.springframework.security.web.authentication.WebAuthenticationDetails@0
 :
 RemoteIpAddress: 127.0.0.1; SessionId: 1mkhid3rhfysw; Granted
 Authorities: ROLE_USER'
 DEBUG 23:25:06,633 [btpool0-1]
 org.springframework.security.web.FilterChainProxy - /
 j_spring_security_logout at position 3 of 11 in additional filter
 chain; firing Filter: 'LogoutFilter'
 DEBUG 23:25:06,633 [btpool0-1]
 security.web.authentication.logout.LogoutFilter - Logging out user

 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@441d0230
 :
 Principal: org.springframework.security.core.userdetails.User@36ebcb:
 Username: user; Password: [PROTECTED]; Enabled: true;
 AccountNonExpired: true; credentialsNonExpired: true;
 AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials:
 [PROTECTED]; Authenticated: true; Details:
 org.springframework.security.web.authentication.WebAuthenticationDetails@0
 :
 RemoteIpAddress: 127.0.0.1; SessionId: 1mkhid3rhfysw; Granted
 Authorities: ROLE_USER' and transferring to logout destination
 DEBUG 23:25:06,633 [btpool0-1]
 security.web.authentication.logout.SimpleUrlLogoutSuccessHandler -
 Using default Url: /logout.html
 DEBUG 23:25:06,633 [btpool0-1]
 org.springframework.security.web.DefaultRedirectStrategy - Redirecting
 to '/logout.html'
 DEBUG 23:25:06,633 [btpool0-1]
 springframework.security.web.context.HttpSessionSecurityContextRepository
 - SecurityContext is empty

Re: Spring Security with GWT

2011-08-09 Thread Mattias 
Hi,

last year I did some digging around on how to integrate GWT and Spring
Security - see if my write-up at 
http://technowobble.blogspot.com/2010/05/gwt-and-spring-security.html
and 
http://technowobble.blogspot.com/2010/07/gwt-and-open-id-using-spring-security.html
can help you find a good solution.

/Mattias

On Jul 10, 6:32 am, Kevin Jordan ke...@kjordan.net wrote:
 This is because GWT uses an IFRAME to submit by default.  There's no
 reason it has to be a form to submit to your logout URL, so I'd just
 do an anchor link as kellizer suggests or just do a
 Window.Location.replace(/j_spring_security_logout) when your button
 is pressed.  That will redirect the whole application to your logout
 URL.

 On Jul 8, 4:27 pm, Sven sven.reinhard...@googlemail.com wrote:







  Hi people,

  I am using GWT 2.3 and SpringSecurity3. To explain my application
  structure a little bit. My WebContent folder contains:

  WebContent/
  -WEB-INF/
  -login.html
  -logout.html
  -secure/
  ---index.html

  Starting my application and trying to 
  accesshttp://127.0.0.1.:/secure/index.html
  redirects me tohttp://127.0.0.1.:/login.html... That's the way it
  should be. After entering my credentials I get taken to my secured
  index.html. There I have a navigation bar containing a FormPanel which
  fires a POST j_spring_security_logout.

  My configuration says that in this case I should get taken 
  tohttp://127.0.0.1.:/logout.html.
  Thesecuritylog shows that thesecuritychain is processing a
  redirect to this page. But the strange behaviour I stay on the secured
  index page in FF or IE.

  Obviously something blocks the redirect or do I have a general
  missunderstanding?

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: Spring Security with GWT

2011-07-09 Thread kellizer 
I am using an anchor and a redirect to a logout url ; that is how I do it 
and it works   the below line from my security context..

logout invalidate-session=true 
logout-success-url=/auth/login.jsp logout-url=/logmeoutplease/

Regards,

Ian.

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/BfzW6c-n-TcJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: Spring Security with GWT

2011-07-09 Thread Kevin Jordan 
This is because GWT uses an IFRAME to submit by default.  There's no
reason it has to be a form to submit to your logout URL, so I'd just
do an anchor link as kellizer suggests or just do a
Window.Location.replace(/j_spring_security_logout) when your button
is pressed.  That will redirect the whole application to your logout
URL.

On Jul 8, 4:27 pm, Sven sven.reinhard...@googlemail.com wrote:
 Hi people,

 I am using GWT 2.3 and Spring Security 3. To explain my application
 structure a little bit. My WebContent folder contains:

 WebContent/
 -WEB-INF/
 -login.html
 -logout.html
 -secure/
 ---index.html

 Starting my application and trying to 
 accesshttp://127.0.0.1.:/secure/index.html
 redirects me tohttp://127.0.0.1.:/login.html... That's the way it
 should be. After entering my credentials I get taken to my secured
 index.html. There I have a navigation bar containing a FormPanel which
 fires a POST j_spring_security_logout.

 My configuration says that in this case I should get taken 
 tohttp://127.0.0.1.:/logout.html.
 The security log shows that the security chain is processing a
 redirect to this page. But the strange behaviour I stay on the secured
 index page in FF or IE.

 Obviously something blocks the redirect or do I have a general
 missunderstanding?

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Spring Security with GWT

2011-07-08 Thread Sven 
Hi people,

I am using GWT 2.3 and Spring Security 3. To explain my application
structure a little bit. My WebContent folder contains:

WebContent/
-WEB-INF/
-login.html
-logout.html
-secure/
---index.html

Starting my application and trying to access 
http://127.0.0.1.:/secure/index.html
redirects me to http://127.0.0.1.:/login.html... That's the way it
should be. After entering my credentials I get taken to my secured
index.html. There I have a navigation bar containing a FormPanel which
fires a POST j_spring_security_logout.

My configuration says that in this case I should get taken to
http://127.0.0.1.:/logout.html.
The security log shows that the security chain is processing a
redirect to this page. But the strange behaviour I stay on the secured
index page in FF or IE.

Obviously something blocks the redirect or do I have a general
missunderstanding?

Here some parts of my security file:

security:http auto-config=true
security:intercept-url pattern=/secure/index.html
requires-channel=http access=IS_AUTHENTICATED_FULLY 
/
security:form-login 
login-processing-url=/j_spring_security_check
login-page=/login.html 
default-target-url=/secure/index.html
authentication-failure-url=/logout.html /
security:access-denied-handler
error-page=/login.html /
security:logout logout-success-url=/logout.html/
/security:http

The log file after pressing logout button:

org.springframework.security.web.FilterChainProxy - Converted URL to
lowercase, from: '/j_spring_security_logout'; to: '/
j_spring_security_logout'
DEBUG 23:25:06,632 [btpool0-1]
org.springframework.security.web.FilterChainProxy - Candidate is: '/
j_spring_security_logout'; pattern is /**; matched=true
DEBUG 23:25:06,632 [btpool0-1]
org.springframework.security.web.FilterChainProxy - /
j_spring_security_logout at position 1 of 11 in additional filter
chain; firing Filter: 'ChannelProcessingFilter'
DEBUG 23:25:06,632 [btpool0-1]
security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
- Converted URL to lowercase, from: '/j_spring_security_logout'; to: '/
j_spring_security_logout'
DEBUG 23:25:06,633 [btpool0-1]
security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
- Candidate is: '/j_spring_security_logout'; pattern is /secure/
index.html; matched=false
DEBUG 23:25:06,633 [btpool0-1]
org.springframework.security.web.FilterChainProxy - /
j_spring_security_logout at position 2 of 11 in additional filter
chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG 23:25:06,633 [btpool0-1]
springframework.security.web.context.HttpSessionSecurityContextRepository
- Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT:
'org.springframework.security.core.context.SecurityContextImpl@441d0230:
Authentication:
org.springframework.security.authentication.UsernamePasswordAuthenticationToken@441d0230:
Principal: org.springframework.security.core.userdetails.User@36ebcb:
Username: user; Password: [PROTECTED]; Enabled: true;
AccountNonExpired: true; credentialsNonExpired: true;
AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials:
[PROTECTED]; Authenticated: true; Details:
org.springframework.security.web.authentication.WebAuthenticationDetails@0:
RemoteIpAddress: 127.0.0.1; SessionId: 1mkhid3rhfysw; Granted
Authorities: ROLE_USER'
DEBUG 23:25:06,633 [btpool0-1]
org.springframework.security.web.FilterChainProxy - /
j_spring_security_logout at position 3 of 11 in additional filter
chain; firing Filter: 'LogoutFilter'
DEBUG 23:25:06,633 [btpool0-1]
security.web.authentication.logout.LogoutFilter - Logging out user
'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@441d0230:
Principal: org.springframework.security.core.userdetails.User@36ebcb:
Username: user; Password: [PROTECTED]; Enabled: true;
AccountNonExpired: true; credentialsNonExpired: true;
AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials:
[PROTECTED]; Authenticated: true; Details:
org.springframework.security.web.authentication.WebAuthenticationDetails@0:
RemoteIpAddress: 127.0.0.1; SessionId: 1mkhid3rhfysw; Granted
Authorities: ROLE_USER' and transferring to logout destination
DEBUG 23:25:06,633 [btpool0-1]
security.web.authentication.logout.SimpleUrlLogoutSuccessHandler -
Using default Url: /logout.html
DEBUG 23:25:06,633 [btpool0-1]
org.springframework.security.web.DefaultRedirectStrategy - Redirecting
to '/logout.html'
DEBUG 23:25:06,633 [btpool0-1]
springframework.security.web.context.HttpSessionSecurityContextRepository
- SecurityContext is empty or anonymous - context will not be stored
in HttpSession.
DEBUG 23:25:06,633 [btpool0-1]
springframework.security.web.context.SecurityContextPersistenceFilter
- SecurityContextHolder now cleared, as request processing

Spring Security with GWT : how to condition access to fields in a page ?

2011-03-30 Thread Celinio 
Hi,
i read that someone else already asked for information on how to use Spring
Security with GWT,
so i will not ask again.

I got a more detailed question then :
with Spring security, you can use tags in JSP pages to restrict access to
areas of pages, or fields.
For instance :

%@ taglib prefix=sec uri=http://www.springframework.org/security/tags; %
 sec:authorize access=hasRole('gestionnaire')
 This content will only be visible to users who have
the supervisor authority in their list of ttGrantedAuthority/tts.
 /sec:authorize

Of course with GWT I cannot do that since there are no JSP.

How do i restrict access to fields with GWT then ?
I want to be able to hide them if the user does not have the required role.

I also want to be able to display them but disable them (read-only for
a textfield for instance) if the user does not have the
required role.

Thanks for helping.

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: Spring Security with GWT : how to condition access to fields in a page ?

2011-03-30 Thread Juan Pablo Gardella 
Check this framework: http://code.google.com/p/acris/wiki/SecurityClient

http://code.google.com/p/acris/wiki/SecurityClient

2011/3/30 Celinio cel...@gmail.com

 Hi,
 i read that someone else already asked for information on how to use Spring
 Security with GWT,
 so i will not ask again.

 I got a more detailed question then :
 with Spring security, you can use tags in JSP pages to restrict access to
 areas of pages, or fields.
 For instance :

 %@ taglib prefix=sec uri=http://www.springframework.org/security/tags; %
  sec:authorize access=hasRole('gestionnaire')
  This content will only be visible to users who have
 the supervisor authority in their list of ttGrantedAuthority/tts.
  /sec:authorize

 Of course with GWT I cannot do that since there are no JSP.

 How do i restrict access to fields with GWT then ?
 I want to be able to hide them if the user does not have the required role.


 I also want to be able to display them but disable them (read-only for a 
 textfield for instance) if the user does not have the
 required role.

 Thanks for helping.


  --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To post to this group, send email to google-web-toolkit@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: Spring Security with GWT : how to condition access to fields in a page ?

2011-03-30 Thread Celinio 
Thanks but the problem is that this framework is not officially supported by
GWT.
It's risky to use it as long as it's not a standard.
Maybe in a future version of GWT...

If someone knows another way to do it, please let me know.

On Wed, Mar 30, 2011 at 1:24 PM, Juan Pablo Gardella 
gardellajuanpa...@gmail.com wrote:

 Check this framework: http://code.google.com/p/acris/wiki/SecurityClient

 http://code.google.com/p/acris/wiki/SecurityClient

 2011/3/30 Celinio cel...@gmail.com

  Hi,
 i read that someone else already asked for information on how to use
 Spring Security with GWT,
 so i will not ask again.

 I got a more detailed question then :
 with Spring security, you can use tags in JSP pages to restrict access to
 areas of pages, or fields.
 For instance :

 %@ taglib prefix=sec uri=http://www.springframework.org/security/tags; %
  sec:authorize access=hasRole('gestionnaire')
  This content will only be visible to users who have
 the supervisor authority in their list of ttGrantedAuthority/tts.
  /sec:authorize

 Of course with GWT I cannot do that since there are no JSP.

 How do i restrict access to fields with GWT then ?
 I want to be able to hide them if the user does not have the required role.




 I also want to be able to display them but disable them (read-only for a 
 textfield for instance) if the user does not have the
 required role.

 Thanks for helping.


  --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To post to this group, send email to google-web-toolkit@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.


  --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To post to this group, send email to google-web-toolkit@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: Help with openid spring security and GWT

2010-07-18 Thread giannisdag 
Why the access exception is not an unexpectedFailure of the
remoteServiceServlet;

this is my log
SEVERE: [1279499963707000] javax.servlet.ServletContext log:
dispatcher: Exception while executing
com.example.test.shared.model.command.GetUsers: Access is denied
org.springframework.security.access.AccessDeniedException: Access is
denied
at
org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:
71)
at
org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:
203)
at
org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:
64)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:
172)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:
202)
at $Proxy10.execute(Unknown Source)

this is the code of the remoteserviceservlet


@Override
protected void doUnexpectedFailure(Throwable e) {
if (e.getCause() instanceof AccessDeniedException) {
AccessDeniedException ade = (AccessDeniedException) 
e.getCause();
throw ade;
} else {
super.doUnexpectedFailure(e);
}
}

I would appreciate any help

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: Help with openid spring security and GWT

2010-07-17 Thread giannisdag 
I see you handle this in GwtRPCController

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

can't seem to get spring-security and gwt going...

2010-07-16 Thread Henry HO 
hi,
i've spent the past couple of days trying to add spring security to my
unsecured gwt app without success.
after researching spring docs and forums; i added the spring-
security.jar to the project.
and the following to my web.xml :
context-param
 param-nameAppsecurityContext/param-name
 param-value/WEB-INF/AppContext-security.xml/param-value
/context-param

filter
  filter-namespringSecurityFilterChain/filter-name
  filter-classorg.springframework.web.filter.DelegatingFilterProxy/
filter-class
/filter

filter-mapping
  filter-namespringSecurityFilterChain/filter-name
  url-pattern/*/url-pattern
/filter-mapping

i added this to AppContext-security.xml:

beans:beans xmlns=http://www.springframework.org/schema/security;
xmlns:beans=http://www.springframework.org/schema/beans;
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
xsi:schemaLocation=http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans$

http auto-config=true
intercept-url pattern=/login.html
access=IS_AUTHENTICATED_ANONYMOUSLY/
intercept-url pattern=/** access=ROLE_USER /
form-login login-page=/login.html/
  /http


i read that one way to add spring-security was to filter everything to
a login.html but i could be way off.
does anyone have any advice?

thanks...

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: can't seem to get spring-security and gwt going...

2010-07-16 Thread Frederic Conrotte 
For beginners Spring Security is not that easy to understand/
implement, because it's full featured and does a lot of things for
you.

If you haven't done so yet I advise you to read the Spring Security
Reference:
http://static.springsource.org/spring-security/site/reference.html

Then download their samples to play with the framework.

Finally apply it to your GWT app.

This book:
http://apress.com/book/view/9781590599853

explains how to apply Spring Security to GWT apps.

Check as well the related source code for examples:
http://code.google.com/p/tocollege-net

Fred

On Jul 16, 8:37 am, Henry HO djhenr...@gmail.com wrote:
 hi,
 i've spent the past couple of days trying to add spring security to my
 unsecured gwt app without success.
 after researching spring docs and forums; i added the spring-
 security.jar to the project.
 and the following to my web.xml :
 context-param
  param-nameAppsecurityContext/param-name
  param-value/WEB-INF/AppContext-security.xml/param-value
 /context-param

 filter
   filter-namespringSecurityFilterChain/filter-name
   filter-classorg.springframework.web.filter.DelegatingFilterProxy/
 filter-class
 /filter

 filter-mapping
   filter-namespringSecurityFilterChain/filter-name
   url-pattern/*/url-pattern
 /filter-mapping

 i added this to AppContext-security.xml:

 beans:beans xmlns=http://www.springframework.org/schema/security;
     xmlns:beans=http://www.springframework.org/schema/beans;
     xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
     
 xsi:schemaLocation=http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans$

 http auto-config=true
         intercept-url pattern=/login.html
 access=IS_AUTHENTICATED_ANONYMOUSLY/
         intercept-url pattern=/** access=ROLE_USER /
         form-login login-page=/login.html/
   /http

 i read that one way to add spring-security was to filter everything to
 a login.html but i could be way off.
 does anyone have any advice?

 thanks...

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: Help with openid spring security and GWT

2010-07-16 Thread giannisdag 
Matias, thank you very much, your guides are very helpful, I am
working on it for the moment. I followed your paradigm changing at
first my code of using spring security, because I followed See Wah
Cheng's approach. The first problem I had is that, after implementing
your configuration I was getting an AccessDeniedException, even though
I had to get an AuthenticationException. Because of this,
http401UnauthorizedEntryPoint wasn't called. So I added in application
context the security:intercept-url pattern=/** access=ROLE_USER /
 directive, in order to have an AuthenticationException. So it
worked. But I am wondering how you get an AuthenticationException at
the first place. The only difference I see, is that I am not using
!-- Initialize the Spring MVC DispatcherServlet --
servlet
servlet-namespring/servlet-name
servlet-classorg.springframework.web.servlet.DispatcherServlet/
servlet-class
load-on-startup1/load-on-startup
/servlet
Spring MVC DispatcherServlet.

On 15 Ιούλ, 00:26, Mattias mattias.ekstr...@gmail.com wrote:
 Check 
 outhttp://technowobble.blogspot.com/2010/07/gwt-and-open-id-using-spring

 On Jul 14, 5:04 pm, giannisdag pascoua...@gmail.com wrote:

  Hi I am using spring security, and I would like to enable andopenid
  login and MVP. I am using spring security at the method level access,
  not at the page level. Simply, when the user requests an action that
  it is not allowed, he is redirected to the login view, where he gets
  two form logins, one with site checking which is done, and one with
 openid. Spring security is used to catch the method access denial. As
  I read, generallyopenidworks like this:
  the user is redirected to anopenidprovider, logins, and then is
  redirected back to the url page. This is done automatically with
  spring security, but with GWT it needs a new approach, implementing
  both spring security and GWT. Does anybody has a demo code?
  Also I found an interesting solution GWT +Openidwithout spring
  security.
   http://armelnene.blogspot.com/2009/12/dummies-guide-to-gwt-and-openid...
  What do you think?

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: can't seem to get spring-security and gwt going...

2010-07-16 Thread giannisdag 
also, have a look at this, by Matias
http://technowobble.blogspot.com/2010/05/gwt-and-spring-security.html

On 16 Ιούλ, 10:23, Frederic Conrotte frederic.conro...@gmail.com
wrote:
 For beginners Spring Security is not that easy to understand/
 implement, because it's full featured and does a lot of things for
 you.

 If you haven't done so yet I advise you to read the Spring Security
 Reference:http://static.springsource.org/spring-security/site/reference.html

 Then download their samples to play with the framework.

 Finally apply it to your GWT app.

 This book:http://apress.com/book/view/9781590599853

 explains how to apply Spring Security to GWT apps.

 Check as well the related source code for 
 examples:http://code.google.com/p/tocollege-net

 Fred

 On Jul 16, 8:37 am, Henry HO djhenr...@gmail.com wrote:

  hi,
  i've spent the past couple of days trying to add spring security to my
  unsecured gwt app without success.
  after researching spring docs and forums; i added the spring-
  security.jar to the project.
  and the following to my web.xml :
  context-param
   param-nameAppsecurityContext/param-name
   param-value/WEB-INF/AppContext-security.xml/param-value
  /context-param

  filter
    filter-namespringSecurityFilterChain/filter-name
    filter-classorg.springframework.web.filter.DelegatingFilterProxy/
  filter-class
  /filter

  filter-mapping
    filter-namespringSecurityFilterChain/filter-name
    url-pattern/*/url-pattern
  /filter-mapping

  i added this to AppContext-security.xml:

  beans:beans xmlns=http://www.springframework.org/schema/security;
      xmlns:beans=http://www.springframework.org/schema/beans;
      xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
      
  xsi:schemaLocation=http://www.springframework.org/schema/beanshttp://www.springframework...

  http auto-config=true
          intercept-url pattern=/login.html
  access=IS_AUTHENTICATED_ANONYMOUSLY/
          intercept-url pattern=/** access=ROLE_USER /
          form-login login-page=/login.html/
    /http

  i read that one way to add spring-security was to filter everything to
  a login.html but i could be way off.
  does anyone have any advice?

  thanks...

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Help with openid spring security and GWT

2010-07-14 Thread giannisdag 
Hi I am using spring security, and I would like to enable and openid
login and MVP. I am using spring security at the method level access,
not at the page level. Simply, when the user requests an action that
it is not allowed, he is redirected to the login view, where he gets
two form logins, one with site checking which is done, and one with
openid. Spring security is used to catch the method access denial. As
I read, generally openid works like this:
the user is redirected to an openid provider, logins, and then is
redirected back to the url page. This is done automatically with
spring security, but with GWT it needs a new approach, implementing
both spring security and GWT. Does anybody has a demo code?
Also I found an interesting solution GWT + Openid without spring
security.
 http://armelnene.blogspot.com/2009/12/dummies-guide-to-gwt-and-openid-with.html
What do you think?

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: Help with openid spring security and GWT

2010-07-14 Thread Mattias 
Check out 
http://technowobble.blogspot.com/2010/07/gwt-and-open-id-using-spring-security.html.


On Jul 14, 5:04 pm, giannisdag pascoua...@gmail.com wrote:
 Hi I am using spring security, and I would like to enable and openid
 login and MVP. I am using spring security at the method level access,
 not at the page level. Simply, when the user requests an action that
 it is not allowed, he is redirected to the login view, where he gets
 two form logins, one with site checking which is done, and one with
 openid. Spring security is used to catch the method access denial. As
 I read, generally openid works like this:
 the user is redirected to an openid provider, logins, and then is
 redirected back to the url page. This is done automatically with
 spring security, but with GWT it needs a new approach, implementing
 both spring security and GWT. Does anybody has a demo code?
 Also I found an interesting solution GWT + Openid without spring
 security.
  http://armelnene.blogspot.com/2009/12/dummies-guide-to-gwt-and-openid...
 What do you think?

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: Spring Security and GWT : how I've done

2009-02-25 Thread Felipe Cypriano 
I'm thinking in using Grails (JSecurity Plugin, which is Spring Security)
with GWT as the interface. Have you tried this?

I haven't tested this yet, but the session expiration is a issue using GWT?
For example, the timeout for a session is 30 minutes, everytime GWT does an
ajax request the timeout counter is restarted or every 30 minutes with the
user didn't do a refresh (old school request) the session will expires?


Thanks,

---
Felipe Marin Cypriano
Vitória - ES
http://www.linkedin.com/in/felipecypriano


On Wed, Feb 25, 2009 at 6:14 AM, David dmartin@gmail.com wrote:


 I've added additional information (examples mainly) and will upload a
 jar ASAP in order to make it easy to test.

 And do not hesitate to give me feedback.

 David

 On Feb 22, 4:13 pm, jossey joss...@gmail.com wrote:
  Hi David,
  I really appreciate you sharing this.
  Thanks.
 
  On Feb 19, 3:03 pm, David dmartin@gmail.com wrote:
 
   Hi everyone,
 
   This is my second message promoting something I've put in my GWT test
   area :) I hope you'll find it useful : It may help people to
   integrate Spring Security with GWT applications in a clean (that's my
   non-objective POV ! :)) way.
 
   Here is a small introduction on how it works ; a more detailed
   description is available on code.google.com. See the link at the end
   of this message.
 
   First thing : it uses GWT-SL to use simple Spring beans to serve RPC
   calls. I've extended the original GWTHandler in order to provide a
   convenient way to manage Security exceptions. I've also provided a
   specific ExceptionTranslationFilter that can deal with security
   exception too.
 
   With these two parts, people can handle both URL filtering and AOP
   strategies.
 
   As usual, feel free to post your comments, I'll really appreciate your
   feedback.
 
   Here is the URL of the Google Code's project :
 http://code.google.com/p/gwt-incubator-lib
 
   David
 
 
 


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to Google-Web-Toolkit@googlegroups.com
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~--~~~~--~~--~--~---

Spring Security and GWT : how I've done

2009-02-19 Thread David 

Hi everyone,


This is my second message promoting something I've put in my GWT test
area :) I hope you'll find it useful : It may help people to
integrate Spring Security with GWT applications in a clean (that's my
non-objective POV ! :)) way.

Here is a small introduction on how it works ; a more detailed
description is available on code.google.com. See the link at the end
of this message.

First thing : it uses GWT-SL to use simple Spring beans to serve RPC
calls. I've extended the original GWTHandler in order to provide a
convenient way to manage Security exceptions. I've also provided a
specific ExceptionTranslationFilter that can deal with security
exception too.

With these two parts, people can handle both URL filtering and AOP
strategies.

As usual, feel free to post your comments, I'll really appreciate your
feedback.

Here is the URL of the Google Code's project : 
http://code.google.com/p/gwt-incubator-lib

David
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to Google-Web-Toolkit@googlegroups.com
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~--~~~~--~~--~--~---