I have an existing, eclipse based web servlet application that authenticates using http basic authentication. I am looking to convert this to Spring based security. I understand what has to be done programatically, but am having problems with the details of configuring the project itself in eclipse. I am using the Spring STS toolkit, and I am able to successfully import one of the Spring Security sample apps (openid-xml) and it works fine.
My existing application also works properly when run under STS, but without Spring support
I would like a recommendation for either a tutorial on making this conversion, or some useful advice. For example, is it easier to
a) create a new Spring application and try to migrate my existing code into it, or b) try to convert my code by importing the various spring libraries, etc? c) convert my existing app to use maven instead of eclipse (Spring just doesn't seem to want to work without maven, and i am at a loss here) - naturally, I have no idea how to do this.
Any advice will be most gratefully received, after a day of hit and miss frustration.
I have answered my own question, and will try to provide some details for those who may be having the same problem.
First, there is some relatively useless info available on stackoverflow, but some good stuff as well.
This (https://stackoverflow.com/a/14867188/1374167) is completely wrong. It is certainly possible to secure a servlet with Spring Security. The trick is to realize that you are going to have to use Maven and Gradle to build the libraries for Spring and Spring Security.
Once you have built these jar files, you simply import them into Eclipse (it doesn't really seem to matter which version) and set up your web.xml and security contraints.
I used this project as a starting point. It's not perfect, but it got me on the right track, after I updated the spring and spring security jar files. The full blog post is here
I had a frustrating experience getting to this point but I hope this information will help others. It's quite simple once you understand what to do.
Related
I'm having surprising difficulty getting hold of a JWT library which works with Grails 2.2.x, and I'm hoping someone can point me in the right direction. Stormpath's JJWT looks promising (https://github.com/jwtk/jjwt), but I am running into all kinds of dependency issues which I can't resolve. There seems to be a plugin which latches on to Spring Security (http://plugins.grails.org/plugin/grails/spring-security-rest) but I'm not actually using Spring Security - not sure if I have to. Any useful pointers would be welcome!
Figured it out. Nimbus JOSE + JWT (https://connect2id.com/products/nimbus-jose-jwt) works fine. I downloaded the 2 necessary jar files, nimbus-jose-jwt-4.34.2.jar and a dependency, json-smart-2.2.1.jar, from the Maven repo.
As part of an evaluation process for a commercial project I'm searching for any full fledged example of authentication/authorization using the websharper stack. I'd like to use OWIN, since it seems to be a well designed protocol, but I'm open to alternatives.
Some requirements:
use Mono
use the Suave server.
For now, we have been trying to adapt this tutorial for the websharper toolchain: https://www.codeproject.com/tips/849113/four-easy-steps-to-set-up-owin-for-form-authentica
This is what we currently have: https://github.com/Denommus/cookies-problem/blob/master/Main.fs
I would also like to mention that the default method ctx.UserSession.LoginUser has this issue: https://github.com/intellifactory/websharper/issues/647
But the cookies file is not being generated for some reason, probably because we're missing something obvious. Anyone able to help?
EDIT
I think I figured out the reason why the cookies file is not being generated: the Suave server doesn't actually run OwinStartup, so I need to figure out another way to configure the IAppBuilder of my application. But I still don't know how to do it, so if anyone can help I'll appreciate.
EDIT 2
I think I fixed the configuration of OWIN in my application, but I still don't have cookies being generated.
I'm trying to include Grails applications into a Liferay portlet. I tried the Grails Liferay Portlets Plugin but it did not work for me at all.
Does anybody know any other possibilities? Which do you think is the best and why?
We had our Grails project integrated with Liferay at one point but it was a mess. Inevitably we pulled it out of Liferay and we were able to use Grails properly again. In our instance the question became, why are we using Liferay and do we really need it?
Now if you have a requirement for Liferay you might try simply using Spring Portlet support and use parts of Grails you like but not fully integration. Spring Portlets with Groovy were much easier and cleaner to do. If you simply want Grails goodies for services etc. you can try deploying a Grails WAR on the same tomcat and expose services to your portlets through REST, Hessian, Burlap or some other easy service serialization mechanism in Spring/Grails. In this case you have a Liferay UI app that calls your Grails services.
Once again, try some options, then decide if you truly need (or have) to use Liferay. With advances in Javascript UI packages, I'm not sure 'portlet' spec apps are as appealing as they once were and the word 'portal' is something that sounds good to management but inevitably means little to what needs to be implemented.
Based on advice posted here and here, I looked into and installed MyFaces CODI with my application. My biggest concern was overcoming the shortcomings of Weld's implementation of #ConversationScoped feature. After some hiccups I got it running on my GlassFish 3.1 development platform, and I converted all my beans to use
import org.apache.myfaces.extensions.cdi.core.api.scope.conversation.ConversationScoped;
In the end it seems like I am now not much further along than I was before. I do not have to call the conversation.begin() method anymore, which is good, but the beans hang around after the browser has left the page and come back.
What I was hoping for was the functionality of JSF 2.0 #ViewScoped that works with CDI. Once the user leaves the page, the backing bean should be discarded and re-created again if the user comes back. Is there a way to do this with CODI?
Incidentally, the documentation says it will pick up the #ViewScoped annotations and process them properly. I tried this and got and Weld wouldn't deploy it.
P.S. I am using myfaces-extcdi-dist-jsf20 version 0.9.5. I tried installing the core and JSF 2 optional module akibe but it would not deploy on my GlassFish/Weld platform. Any advice here much appreciated.
UPDATE 1: I ended up trying the ViewAccessScope annotation supported by CODI, and that seems to do what I wanted.
Follow-up question. The latest bundle that the maven repository that Apache maintains is 0.9.5 -- Can someone post the pom.xml segment that fetches the latest version?
Call conversation.close() before returning - ensure that you imported the correct annotation org.apache... and not javax... - see Wiki or use the ViewAccessScope instead. We are using: bundle in Glassfish 3.1.1 without problems. myfaces-extcdi-bundle-jsf20-1.0.1.jar is the only jar you need. Please also note that there is no "it". With CODI you have fine-grained groupable conversations instead of the monolithic and inflexible stuff you get with standard CDI conversations.
The set-up for the latest version with a Maven build is also in the Wiki.
Does Grails have any plugins with functionality similar to the django-debug-toolbar (djdt)?
See this screencast for an introduction to djdt.
Why yes it does grails debug-toolbar:
Grails Debug Toolbar is a plugin
inspired from Django Debug Toolbar
While it doesn't have all the features of djdt it is planned to expand the feature set in the future, here is relevant section from their webpage:
Future work
Currently the views of debugtoolbar
need to go in the grails-app/views of
the application. When you install the
plugin they are automatically copied
to your application grails-app/views.
Need to avoid this.
JavaScript and
static resources for the toolbar
reside in web-app/debugtoolbar. It is
also copied to your application
web-app/debugtoolbar. Need to avoid
this.
A way of ordering the panels in
the toolbar. Currently it is random
depending on how beans are found
during execution of tag.
More useful panels such as Timing the requests, SQL queries, logging etc
It not quite a toolbar (and not a plugin) but Spring Insight gives you detailled request timing right down to the JDBC level. It integrates pretty nicely with Spring Tool Suite from what I've seen.
Check out Peter's screencast: http://www.grails.org/blog/view/pledbrook/New+screencast%3A+Profiling+with+STS+%26+Spring+Insight
You need to deploy your app to Spring's tcServer rather than a plain tomcat which might be fine for development tuning.
cheers
Lee