Re: Any elegant approach to integrate Spring security with GWT RPC based application?
See https://groups.google.com/forum/m/?fromgroups#!topic/google-web-toolkit/fkbowz5-5do it's old but maybe ir is still useful for your needs El sáb., jul. 2, 2016 7:52, Gilbertoescribió: > Not the answer you would like to hear, but... > > In my humble opinion, the elegant solution would be not using GWT RPC at > all. Go RESTful. > > For the annotation problem, I don't know if there's a way to escape... > maybe you could try code generation (which usually also relies on > annotations... so...). > > -- > You received this message because you are subscribed to the Google Groups > "GWT Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to google-web-toolkit+unsubscr...@googlegroups.com. > To post to this group, send email to google-web-toolkit@googlegroups.com. > Visit this group at https://groups.google.com/group/google-web-toolkit. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
Re: Any elegant approach to integrate Spring security with GWT RPC based application?
Not the answer you would like to hear, but... In my humble opinion, the elegant solution would be not using GWT RPC at all. Go RESTful. For the annotation problem, I don't know if there's a way to escape... maybe you could try code generation (which usually also relies on annotations... so...). -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
Any elegant approach to integrate Spring security with GWT RPC based application?
There is a pure GWT solution here:GWT Spring Security Integration (PURE GWT, NO JSP) <http://stackoverflow.com/questions/13914547/gwt-spring-security-integration-pure-gwt-no-jsp> 1,Do not use http element at all (http tag from config namespace) 2,Define your AuthenticationRpcService 3,Add AuthenticationRpcService.authenticate(user,password) method 4,Inject into AuthenticationServiceImpl AuthenticationProvider bean from security-context.xml 5,Implement AuthenticationRpcService.authenticate(user,password) as : User user = new User(login, password, true, true, true, true, new ArrayList()); Authentication auth = new UsernamePasswordAuthenticationToken(user, password, new ArrayList()); try { auth = this.authenticationProvider.authenticate(auth); } catch (BadCredentialsException e) { throw new ClientSideBadCredentialsException(e.getMessage(), e); } SecurityContext sc = new SecurityContextImpl(); sc.setAuthentication(auth); SecurityContextHolder.setContext(sc); 6,Ensure that spring security filter chain is executed during processing of each your GWT RPC call (to be sure that SecurityContext populated into SecurityContextHolder). 7,Secure all business services with @RolesAllowed({ "ADMIN_ROLE", "USER_ROLE" }) annotations 8,Prepare your own ClientSideAcessDeniedException that can be used on client side 9,In a case of spring AcessDeniedException propogate ClientSideAcessDeniedException to client side 10,On client side set up UncaughtExceptionHandler via GWT.setUncaughtExceptionHandler 11,In UncaughtExceptionHandler detect CustomAcessDeniedException and then show error to user. The big problem of this solution is that every service must be annotated,so any elegant solution to solve this problem? -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
Spring Security and GWT Caching Issue
I've integrated Spring Security with GWT, and it appears to mostly work. I'm having a caching issue with the main html page in IE and Chrome, however. I've separated out Spring Security login to a login.jsp that redirects to my Application.html page (the GWT page), and when I first start the app and access the page, it appears to be working fine in all browsers. I get directed to the login page, because I'm not authenticated. The issue is that in Chrome or IE, if i close the browser after a successful login, and directly browse back to that Application.html URL, it still renders as if I'm authenticated. I look in my console, and the log statements for spring security verify I am not authenticated. The moment i hit f5 to refresh the page, I get directed back to the login.jsp url. I'm lead to believe this is some caching issue because when I close the browser and reopen to the html page, even though it renders like I'm logged in, the console log statements say I'm not, and if I run in debug mode, the OnModuleLoad() in Application.java never gets hit. Finally, this appears to work properly in firefox...If anyone has seen this issue or has any advice of where I need to look to fix, I would greatly appreciate the assistance. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Spring Security and GWT Caching Issue
+1 2011/9/20 Xephonic brent.peck...@gmail.com I've integrated Spring Security with GWT, and it appears to mostly work. I'm having a caching issue with the main html page in IE and Chrome, however. I've separated out Spring Security login to a login.jsp that redirects to my Application.html page (the GWT page), and when I first start the app and access the page, it appears to be working fine in all browsers. I get directed to the login page, because I'm not authenticated. The issue is that in Chrome or IE, if i close the browser after a successful login, and directly browse back to that Application.html URL, it still renders as if I'm authenticated. I look in my console, and the log statements for spring security verify I am not authenticated. The moment i hit f5 to refresh the page, I get directed back to the login.jsp url. I'm lead to believe this is some caching issue because when I close the browser and reopen to the html page, even though it renders like I'm logged in, the console log statements say I'm not, and if I run in debug mode, the OnModuleLoad() in Application.java never gets hit. Finally, this appears to work properly in firefox...If anyone has seen this issue or has any advice of where I need to look to fix, I would greatly appreciate the assistance. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Spring Security with GWT
any sample of gwt 2.3+spring security 3+captcha. On Sat, Jul 9, 2011 at 2:57 AM, Sven sven.reinhard...@googlemail.comwrote: Hi people, I am using GWT 2.3 and Spring Security 3. To explain my application structure a little bit. My WebContent folder contains: WebContent/ -WEB-INF/ -login.html -logout.html -secure/ ---index.html Starting my application and trying to access http://127.0.0.1.:/secure/index.html redirects me to http://127.0.0.1.:/login.html... That's the way it should be. After entering my credentials I get taken to my secured index.html. There I have a navigation bar containing a FormPanel which fires a POST j_spring_security_logout. My configuration says that in this case I should get taken to http://127.0.0.1.:/logout.html. The security log shows that the security chain is processing a redirect to this page. But the strange behaviour I stay on the secured index page in FF or IE. Obviously something blocks the redirect or do I have a general missunderstanding? Here some parts of my security file: security:http auto-config=true security:intercept-url pattern=/secure/index.html requires-channel=http access=IS_AUTHENTICATED_FULLY / security:form-login login-processing-url=/j_spring_security_check login-page=/login.html default-target-url=/secure/index.html authentication-failure-url=/logout.html / security:access-denied-handler error-page=/login.html / security:logout logout-success-url=/logout.html/ /security:http The log file after pressing logout button: org.springframework.security.web.FilterChainProxy - Converted URL to lowercase, from: '/j_spring_security_logout'; to: '/ j_spring_security_logout' DEBUG 23:25:06,632 [btpool0-1] org.springframework.security.web.FilterChainProxy - Candidate is: '/ j_spring_security_logout'; pattern is /**; matched=true DEBUG 23:25:06,632 [btpool0-1] org.springframework.security.web.FilterChainProxy - / j_spring_security_logout at position 1 of 11 in additional filter chain; firing Filter: 'ChannelProcessingFilter' DEBUG 23:25:06,632 [btpool0-1] security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource - Converted URL to lowercase, from: '/j_spring_security_logout'; to: '/ j_spring_security_logout' DEBUG 23:25:06,633 [btpool0-1] security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource - Candidate is: '/j_spring_security_logout'; pattern is /secure/ index.html; matched=false DEBUG 23:25:06,633 [btpool0-1] org.springframework.security.web.FilterChainProxy - / j_spring_security_logout at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' DEBUG 23:25:06,633 [btpool0-1] springframework.security.web.context.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@441d0230: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@441d0230 : Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0 : RemoteIpAddress: 127.0.0.1; SessionId: 1mkhid3rhfysw; Granted Authorities: ROLE_USER' DEBUG 23:25:06,633 [btpool0-1] org.springframework.security.web.FilterChainProxy - / j_spring_security_logout at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter' DEBUG 23:25:06,633 [btpool0-1] security.web.authentication.logout.LogoutFilter - Logging out user 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@441d0230 : Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0 : RemoteIpAddress: 127.0.0.1; SessionId: 1mkhid3rhfysw; Granted Authorities: ROLE_USER' and transferring to logout destination DEBUG 23:25:06,633 [btpool0-1] security.web.authentication.logout.SimpleUrlLogoutSuccessHandler - Using default Url: /logout.html DEBUG 23:25:06,633 [btpool0-1] org.springframework.security.web.DefaultRedirectStrategy - Redirecting to '/logout.html' DEBUG 23:25:06,633 [btpool0-1] springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty
Re: Spring Security with GWT
Hi, last year I did some digging around on how to integrate GWT and Spring Security - see if my write-up at http://technowobble.blogspot.com/2010/05/gwt-and-spring-security.html and http://technowobble.blogspot.com/2010/07/gwt-and-open-id-using-spring-security.html can help you find a good solution. /Mattias On Jul 10, 6:32 am, Kevin Jordan ke...@kjordan.net wrote: This is because GWT uses an IFRAME to submit by default. There's no reason it has to be a form to submit to your logout URL, so I'd just do an anchor link as kellizer suggests or just do a Window.Location.replace(/j_spring_security_logout) when your button is pressed. That will redirect the whole application to your logout URL. On Jul 8, 4:27 pm, Sven sven.reinhard...@googlemail.com wrote: Hi people, I am using GWT 2.3 and SpringSecurity3. To explain my application structure a little bit. My WebContent folder contains: WebContent/ -WEB-INF/ -login.html -logout.html -secure/ ---index.html Starting my application and trying to accesshttp://127.0.0.1.:/secure/index.html redirects me tohttp://127.0.0.1.:/login.html... That's the way it should be. After entering my credentials I get taken to my secured index.html. There I have a navigation bar containing a FormPanel which fires a POST j_spring_security_logout. My configuration says that in this case I should get taken tohttp://127.0.0.1.:/logout.html. Thesecuritylog shows that thesecuritychain is processing a redirect to this page. But the strange behaviour I stay on the secured index page in FF or IE. Obviously something blocks the redirect or do I have a general missunderstanding? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Spring Security with GWT
I am using an anchor and a redirect to a logout url ; that is how I do it and it works the below line from my security context.. logout invalidate-session=true logout-success-url=/auth/login.jsp logout-url=/logmeoutplease/ Regards, Ian. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/BfzW6c-n-TcJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Spring Security with GWT
This is because GWT uses an IFRAME to submit by default. There's no reason it has to be a form to submit to your logout URL, so I'd just do an anchor link as kellizer suggests or just do a Window.Location.replace(/j_spring_security_logout) when your button is pressed. That will redirect the whole application to your logout URL. On Jul 8, 4:27 pm, Sven sven.reinhard...@googlemail.com wrote: Hi people, I am using GWT 2.3 and Spring Security 3. To explain my application structure a little bit. My WebContent folder contains: WebContent/ -WEB-INF/ -login.html -logout.html -secure/ ---index.html Starting my application and trying to accesshttp://127.0.0.1.:/secure/index.html redirects me tohttp://127.0.0.1.:/login.html... That's the way it should be. After entering my credentials I get taken to my secured index.html. There I have a navigation bar containing a FormPanel which fires a POST j_spring_security_logout. My configuration says that in this case I should get taken tohttp://127.0.0.1.:/logout.html. The security log shows that the security chain is processing a redirect to this page. But the strange behaviour I stay on the secured index page in FF or IE. Obviously something blocks the redirect or do I have a general missunderstanding? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Spring Security with GWT
Hi people, I am using GWT 2.3 and Spring Security 3. To explain my application structure a little bit. My WebContent folder contains: WebContent/ -WEB-INF/ -login.html -logout.html -secure/ ---index.html Starting my application and trying to access http://127.0.0.1.:/secure/index.html redirects me to http://127.0.0.1.:/login.html... That's the way it should be. After entering my credentials I get taken to my secured index.html. There I have a navigation bar containing a FormPanel which fires a POST j_spring_security_logout. My configuration says that in this case I should get taken to http://127.0.0.1.:/logout.html. The security log shows that the security chain is processing a redirect to this page. But the strange behaviour I stay on the secured index page in FF or IE. Obviously something blocks the redirect or do I have a general missunderstanding? Here some parts of my security file: security:http auto-config=true security:intercept-url pattern=/secure/index.html requires-channel=http access=IS_AUTHENTICATED_FULLY / security:form-login login-processing-url=/j_spring_security_check login-page=/login.html default-target-url=/secure/index.html authentication-failure-url=/logout.html / security:access-denied-handler error-page=/login.html / security:logout logout-success-url=/logout.html/ /security:http The log file after pressing logout button: org.springframework.security.web.FilterChainProxy - Converted URL to lowercase, from: '/j_spring_security_logout'; to: '/ j_spring_security_logout' DEBUG 23:25:06,632 [btpool0-1] org.springframework.security.web.FilterChainProxy - Candidate is: '/ j_spring_security_logout'; pattern is /**; matched=true DEBUG 23:25:06,632 [btpool0-1] org.springframework.security.web.FilterChainProxy - / j_spring_security_logout at position 1 of 11 in additional filter chain; firing Filter: 'ChannelProcessingFilter' DEBUG 23:25:06,632 [btpool0-1] security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource - Converted URL to lowercase, from: '/j_spring_security_logout'; to: '/ j_spring_security_logout' DEBUG 23:25:06,633 [btpool0-1] security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource - Candidate is: '/j_spring_security_logout'; pattern is /secure/ index.html; matched=false DEBUG 23:25:06,633 [btpool0-1] org.springframework.security.web.FilterChainProxy - / j_spring_security_logout at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' DEBUG 23:25:06,633 [btpool0-1] springframework.security.web.context.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@441d0230: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@441d0230: Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 1mkhid3rhfysw; Granted Authorities: ROLE_USER' DEBUG 23:25:06,633 [btpool0-1] org.springframework.security.web.FilterChainProxy - / j_spring_security_logout at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter' DEBUG 23:25:06,633 [btpool0-1] security.web.authentication.logout.LogoutFilter - Logging out user 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@441d0230: Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 1mkhid3rhfysw; Granted Authorities: ROLE_USER' and transferring to logout destination DEBUG 23:25:06,633 [btpool0-1] security.web.authentication.logout.SimpleUrlLogoutSuccessHandler - Using default Url: /logout.html DEBUG 23:25:06,633 [btpool0-1] org.springframework.security.web.DefaultRedirectStrategy - Redirecting to '/logout.html' DEBUG 23:25:06,633 [btpool0-1] springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or anonymous - context will not be stored in HttpSession. DEBUG 23:25:06,633 [btpool0-1] springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing
Spring Security with GWT : how to condition access to fields in a page ?
Hi, i read that someone else already asked for information on how to use Spring Security with GWT, so i will not ask again. I got a more detailed question then : with Spring security, you can use tags in JSP pages to restrict access to areas of pages, or fields. For instance : %@ taglib prefix=sec uri=http://www.springframework.org/security/tags; % sec:authorize access=hasRole('gestionnaire') This content will only be visible to users who have the supervisor authority in their list of ttGrantedAuthority/tts. /sec:authorize Of course with GWT I cannot do that since there are no JSP. How do i restrict access to fields with GWT then ? I want to be able to hide them if the user does not have the required role. I also want to be able to display them but disable them (read-only for a textfield for instance) if the user does not have the required role. Thanks for helping. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Spring Security with GWT : how to condition access to fields in a page ?
Check this framework: http://code.google.com/p/acris/wiki/SecurityClient http://code.google.com/p/acris/wiki/SecurityClient 2011/3/30 Celinio cel...@gmail.com Hi, i read that someone else already asked for information on how to use Spring Security with GWT, so i will not ask again. I got a more detailed question then : with Spring security, you can use tags in JSP pages to restrict access to areas of pages, or fields. For instance : %@ taglib prefix=sec uri=http://www.springframework.org/security/tags; % sec:authorize access=hasRole('gestionnaire') This content will only be visible to users who have the supervisor authority in their list of ttGrantedAuthority/tts. /sec:authorize Of course with GWT I cannot do that since there are no JSP. How do i restrict access to fields with GWT then ? I want to be able to hide them if the user does not have the required role. I also want to be able to display them but disable them (read-only for a textfield for instance) if the user does not have the required role. Thanks for helping. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Spring Security with GWT : how to condition access to fields in a page ?
Thanks but the problem is that this framework is not officially supported by GWT. It's risky to use it as long as it's not a standard. Maybe in a future version of GWT... If someone knows another way to do it, please let me know. On Wed, Mar 30, 2011 at 1:24 PM, Juan Pablo Gardella gardellajuanpa...@gmail.com wrote: Check this framework: http://code.google.com/p/acris/wiki/SecurityClient http://code.google.com/p/acris/wiki/SecurityClient 2011/3/30 Celinio cel...@gmail.com Hi, i read that someone else already asked for information on how to use Spring Security with GWT, so i will not ask again. I got a more detailed question then : with Spring security, you can use tags in JSP pages to restrict access to areas of pages, or fields. For instance : %@ taglib prefix=sec uri=http://www.springframework.org/security/tags; % sec:authorize access=hasRole('gestionnaire') This content will only be visible to users who have the supervisor authority in their list of ttGrantedAuthority/tts. /sec:authorize Of course with GWT I cannot do that since there are no JSP. How do i restrict access to fields with GWT then ? I want to be able to hide them if the user does not have the required role. I also want to be able to display them but disable them (read-only for a textfield for instance) if the user does not have the required role. Thanks for helping. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Help with openid spring security and GWT
Why the access exception is not an unexpectedFailure of the remoteServiceServlet; this is my log SEVERE: [1279499963707000] javax.servlet.ServletContext log: dispatcher: Exception while executing com.example.test.shared.model.command.GetUsers: Access is denied org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java: 71) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java: 203) at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java: 64) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java: 172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java: 202) at $Proxy10.execute(Unknown Source) this is the code of the remoteserviceservlet @Override protected void doUnexpectedFailure(Throwable e) { if (e.getCause() instanceof AccessDeniedException) { AccessDeniedException ade = (AccessDeniedException) e.getCause(); throw ade; } else { super.doUnexpectedFailure(e); } } I would appreciate any help -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Help with openid spring security and GWT
I see you handle this in GwtRPCController -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
can't seem to get spring-security and gwt going...
hi, i've spent the past couple of days trying to add spring security to my unsecured gwt app without success. after researching spring docs and forums; i added the spring- security.jar to the project. and the following to my web.xml : context-param param-nameAppsecurityContext/param-name param-value/WEB-INF/AppContext-security.xml/param-value /context-param filter filter-namespringSecurityFilterChain/filter-name filter-classorg.springframework.web.filter.DelegatingFilterProxy/ filter-class /filter filter-mapping filter-namespringSecurityFilterChain/filter-name url-pattern/*/url-pattern /filter-mapping i added this to AppContext-security.xml: beans:beans xmlns=http://www.springframework.org/schema/security; xmlns:beans=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans$ http auto-config=true intercept-url pattern=/login.html access=IS_AUTHENTICATED_ANONYMOUSLY/ intercept-url pattern=/** access=ROLE_USER / form-login login-page=/login.html/ /http i read that one way to add spring-security was to filter everything to a login.html but i could be way off. does anyone have any advice? thanks... -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: can't seem to get spring-security and gwt going...
For beginners Spring Security is not that easy to understand/ implement, because it's full featured and does a lot of things for you. If you haven't done so yet I advise you to read the Spring Security Reference: http://static.springsource.org/spring-security/site/reference.html Then download their samples to play with the framework. Finally apply it to your GWT app. This book: http://apress.com/book/view/9781590599853 explains how to apply Spring Security to GWT apps. Check as well the related source code for examples: http://code.google.com/p/tocollege-net Fred On Jul 16, 8:37 am, Henry HO djhenr...@gmail.com wrote: hi, i've spent the past couple of days trying to add spring security to my unsecured gwt app without success. after researching spring docs and forums; i added the spring- security.jar to the project. and the following to my web.xml : context-param param-nameAppsecurityContext/param-name param-value/WEB-INF/AppContext-security.xml/param-value /context-param filter filter-namespringSecurityFilterChain/filter-name filter-classorg.springframework.web.filter.DelegatingFilterProxy/ filter-class /filter filter-mapping filter-namespringSecurityFilterChain/filter-name url-pattern/*/url-pattern /filter-mapping i added this to AppContext-security.xml: beans:beans xmlns=http://www.springframework.org/schema/security; xmlns:beans=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans$ http auto-config=true intercept-url pattern=/login.html access=IS_AUTHENTICATED_ANONYMOUSLY/ intercept-url pattern=/** access=ROLE_USER / form-login login-page=/login.html/ /http i read that one way to add spring-security was to filter everything to a login.html but i could be way off. does anyone have any advice? thanks... -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Help with openid spring security and GWT
Matias, thank you very much, your guides are very helpful, I am working on it for the moment. I followed your paradigm changing at first my code of using spring security, because I followed See Wah Cheng's approach. The first problem I had is that, after implementing your configuration I was getting an AccessDeniedException, even though I had to get an AuthenticationException. Because of this, http401UnauthorizedEntryPoint wasn't called. So I added in application context the security:intercept-url pattern=/** access=ROLE_USER / directive, in order to have an AuthenticationException. So it worked. But I am wondering how you get an AuthenticationException at the first place. The only difference I see, is that I am not using !-- Initialize the Spring MVC DispatcherServlet -- servlet servlet-namespring/servlet-name servlet-classorg.springframework.web.servlet.DispatcherServlet/ servlet-class load-on-startup1/load-on-startup /servlet Spring MVC DispatcherServlet. On 15 Ιούλ, 00:26, Mattias mattias.ekstr...@gmail.com wrote: Check outhttp://technowobble.blogspot.com/2010/07/gwt-and-open-id-using-spring On Jul 14, 5:04 pm, giannisdag pascoua...@gmail.com wrote: Hi I am using spring security, and I would like to enable andopenid login and MVP. I am using spring security at the method level access, not at the page level. Simply, when the user requests an action that it is not allowed, he is redirected to the login view, where he gets two form logins, one with site checking which is done, and one with openid. Spring security is used to catch the method access denial. As I read, generallyopenidworks like this: the user is redirected to anopenidprovider, logins, and then is redirected back to the url page. This is done automatically with spring security, but with GWT it needs a new approach, implementing both spring security and GWT. Does anybody has a demo code? Also I found an interesting solution GWT +Openidwithout spring security. http://armelnene.blogspot.com/2009/12/dummies-guide-to-gwt-and-openid... What do you think? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: can't seem to get spring-security and gwt going...
also, have a look at this, by Matias http://technowobble.blogspot.com/2010/05/gwt-and-spring-security.html On 16 Ιούλ, 10:23, Frederic Conrotte frederic.conro...@gmail.com wrote: For beginners Spring Security is not that easy to understand/ implement, because it's full featured and does a lot of things for you. If you haven't done so yet I advise you to read the Spring Security Reference:http://static.springsource.org/spring-security/site/reference.html Then download their samples to play with the framework. Finally apply it to your GWT app. This book:http://apress.com/book/view/9781590599853 explains how to apply Spring Security to GWT apps. Check as well the related source code for examples:http://code.google.com/p/tocollege-net Fred On Jul 16, 8:37 am, Henry HO djhenr...@gmail.com wrote: hi, i've spent the past couple of days trying to add spring security to my unsecured gwt app without success. after researching spring docs and forums; i added the spring- security.jar to the project. and the following to my web.xml : context-param param-nameAppsecurityContext/param-name param-value/WEB-INF/AppContext-security.xml/param-value /context-param filter filter-namespringSecurityFilterChain/filter-name filter-classorg.springframework.web.filter.DelegatingFilterProxy/ filter-class /filter filter-mapping filter-namespringSecurityFilterChain/filter-name url-pattern/*/url-pattern /filter-mapping i added this to AppContext-security.xml: beans:beans xmlns=http://www.springframework.org/schema/security; xmlns:beans=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://www.springframework.org/schema/beanshttp://www.springframework... http auto-config=true intercept-url pattern=/login.html access=IS_AUTHENTICATED_ANONYMOUSLY/ intercept-url pattern=/** access=ROLE_USER / form-login login-page=/login.html/ /http i read that one way to add spring-security was to filter everything to a login.html but i could be way off. does anyone have any advice? thanks... -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Help with openid spring security and GWT
Hi I am using spring security, and I would like to enable and openid login and MVP. I am using spring security at the method level access, not at the page level. Simply, when the user requests an action that it is not allowed, he is redirected to the login view, where he gets two form logins, one with site checking which is done, and one with openid. Spring security is used to catch the method access denial. As I read, generally openid works like this: the user is redirected to an openid provider, logins, and then is redirected back to the url page. This is done automatically with spring security, but with GWT it needs a new approach, implementing both spring security and GWT. Does anybody has a demo code? Also I found an interesting solution GWT + Openid without spring security. http://armelnene.blogspot.com/2009/12/dummies-guide-to-gwt-and-openid-with.html What do you think? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Help with openid spring security and GWT
Check out http://technowobble.blogspot.com/2010/07/gwt-and-open-id-using-spring-security.html. On Jul 14, 5:04 pm, giannisdag pascoua...@gmail.com wrote: Hi I am using spring security, and I would like to enable and openid login and MVP. I am using spring security at the method level access, not at the page level. Simply, when the user requests an action that it is not allowed, he is redirected to the login view, where he gets two form logins, one with site checking which is done, and one with openid. Spring security is used to catch the method access denial. As I read, generally openid works like this: the user is redirected to an openid provider, logins, and then is redirected back to the url page. This is done automatically with spring security, but with GWT it needs a new approach, implementing both spring security and GWT. Does anybody has a demo code? Also I found an interesting solution GWT + Openid without spring security. http://armelnene.blogspot.com/2009/12/dummies-guide-to-gwt-and-openid... What do you think? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Spring Security and GWT : how I've done
I'm thinking in using Grails (JSecurity Plugin, which is Spring Security) with GWT as the interface. Have you tried this? I haven't tested this yet, but the session expiration is a issue using GWT? For example, the timeout for a session is 30 minutes, everytime GWT does an ajax request the timeout counter is restarted or every 30 minutes with the user didn't do a refresh (old school request) the session will expires? Thanks, --- Felipe Marin Cypriano Vitória - ES http://www.linkedin.com/in/felipecypriano On Wed, Feb 25, 2009 at 6:14 AM, David dmartin@gmail.com wrote: I've added additional information (examples mainly) and will upload a jar ASAP in order to make it easy to test. And do not hesitate to give me feedback. David On Feb 22, 4:13 pm, jossey joss...@gmail.com wrote: Hi David, I really appreciate you sharing this. Thanks. On Feb 19, 3:03 pm, David dmartin@gmail.com wrote: Hi everyone, This is my second message promoting something I've put in my GWT test area :) I hope you'll find it useful : It may help people to integrate Spring Security with GWT applications in a clean (that's my non-objective POV ! :)) way. Here is a small introduction on how it works ; a more detailed description is available on code.google.com. See the link at the end of this message. First thing : it uses GWT-SL to use simple Spring beans to serve RPC calls. I've extended the original GWTHandler in order to provide a convenient way to manage Security exceptions. I've also provided a specific ExceptionTranslationFilter that can deal with security exception too. With these two parts, people can handle both URL filtering and AOP strategies. As usual, feel free to post your comments, I'll really appreciate your feedback. Here is the URL of the Google Code's project : http://code.google.com/p/gwt-incubator-lib David --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Spring Security and GWT : how I've done
Hi everyone, This is my second message promoting something I've put in my GWT test area :) I hope you'll find it useful : It may help people to integrate Spring Security with GWT applications in a clean (that's my non-objective POV ! :)) way. Here is a small introduction on how it works ; a more detailed description is available on code.google.com. See the link at the end of this message. First thing : it uses GWT-SL to use simple Spring beans to serve RPC calls. I've extended the original GWTHandler in order to provide a convenient way to manage Security exceptions. I've also provided a specific ExceptionTranslationFilter that can deal with security exception too. With these two parts, people can handle both URL filtering and AOP strategies. As usual, feel free to post your comments, I'll really appreciate your feedback. Here is the URL of the Google Code's project : http://code.google.com/p/gwt-incubator-lib David --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---