i am using spring mvc. for login whenever request comes it passes through various Filters to get the flow(as different flow for different types of users). please suggest me a good reference to Spring Filters. or a good example on it. how to configure context.xml,web.xml
Do you need something other than the spring security docs ?
This is the page from the official docs related to filters.
Filters need to be configured in both the application context.xml and the web.xml file in your project. Here are examples of each of these files and also a Login filter that I wrote for my application... Hope it helps.
Web.xml
<filter>
<filter-name>randomFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
Filter mappings also need to be specified in this file and the order in which these mappings occur decide which filter is called first.
<filter-mapping>
<filter-name>randomFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
In the application context.xml, we mention the filter path, for example:
<bean id="randomFilter" class="folderPath.RandomFilter"/>
Related
1. Short Intro
recently we've updated our application just to be compliant with new Apple's rules about Apple signing flow, but wasn't enough.
Apple blocks our release base on the fact that we do not currently adopt the new web view WkWebView.
So we decide to use the following plugin: < cordova-plugin-ionic-webview > ( https://github.com/ionic-team/cordova-plugin-ionic-webview )
It was too wonderful to see that problems with XHR file:// request was fixed by new versions BUT an important CORS block is still present.
2. Problem
As the title says, every call that we perform to our server still continue to receive the error " Failed to load resource: Origin ionic://localhost is not allowed by Access-Control-Allow ... "
3. What we've done
Reading aware, we add into our server configuration (web.xml) the following filter
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
And in our config.xml as guides describe, we add:
<allow-navigation href="ionic://localhost/*"/>
<allow-navigation href="http://localhost*"/>
<content src="index.html" />
<allow-navigation href="*" />
But the problem is still present.
4. Environment versioning
iOS 13.3
Cordova 7.1.0
Ionic v1
Angular 1.5
So how to allow the application to pull data from our server ?
According to the docs, this web.xml config will not work:
The above configuration enables the filter but does not relax the cross-origin policy. As a minimum, you will need to add a cors.allowed.origins initialisation parameter as described below to enable cross-origin requests.
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>http://localhost, ionic://ionic</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
The docs also have url-pattern set to /* and not *, but I'm not sure if that's important.
You might have to add more configuration depending on what types of requests your app makes.
have developed one spring integration project in which i have implemented spring security.Configurations are fine.When i am hitting the to the given URL (e.g.localhost:8080/test/api) to fetch the response,the spring-security should intercept the request and should authenticate using spring security.
<http auto-config="true" create-session="never" >
<intercept-url pattern="/api/" access="ROLE_USER" />
<http-basic entry-point-ref="basicAuthenticationEntryPoint" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="customAuthenticationProvider">
</authentication-provider>
</authentication-manager>
The above are the basic configurations for spring security.
Thanx in advance.
If the spring security filter chain is not fired, many times is because being not configured in web app context.
Did you remember to set the spring security filter chain in web.xml:
<!-- Spring security filter -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
There could be various resons why this does not work. I suggest you to follow a step-by-step tutorial and see if you are missing anything:
Here is one that is very basic and concentrates on getting a simple spring security configuration up and running:
http://jtuts.com/2016/03/02/spring-security-login-form-integration-example-with-xml-configuration/
I am developed a tool in JSF,with UI in .xhtml.The tool is working fine in eclipse.Once i deployed in production server i got VIEWEXPIRED exception[no saved view state would be found for the identifier:] often.Once i cleared the cookies and run the tool,the tool was wroking for 70%.
I have used #view scope in managed bean in faces-config.
So i did the changes by
using STATE_SAVING_METHOD as client in web.xml.
Though i deployed and restart the server still I am facing the same issue.
I am sitting with this issue for more than a week.
Anyone help me for solving this issue.
Kindly help me by solving this issue in jsf itself.
Thanks for advance.
Could you please look into this thread(in case if you have missed this link) : [jsf vewexpiredexception][1]
i also faced the same issue. There can be multiple reasons for getting this exception. Scope of the bean should not play a role in this.
Solution 1.Add this code in your web.xml
<context-param>
<param-name>com.sun.faces.numberOfViewsInSession</param-name>
<param-value>150</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.numberOfLogicalViews</param-name>
<param-value>150</param-value>
</context-param>
default is 15, u can use some higher value.
Solution 2: Add this line to web.xml, Default is server, change it to client
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
For me 1st solution worked.
I trying to upgrade from OrbeonForms version 3.8 to 3.9. I'm using PriorityResourceManagerFactory as follows:
<context-param>
<param-name>oxf.resources.factory</param-name>
<param-value>org.orbeon.oxf.resources.PriorityResourceManagerFactory</param-value>
</context-param>
<!-- Uncomment this for the filesystem resource manager -->
<context-param>
<param-name>oxf.resources.priority.1</param-name>
<param-value>org.orbeon.oxf.resources.FilesystemResourceManagerFactory</param-value>
</context-param>
<context-param>
<param-name>oxf.resources.priority.1.oxf.resources.filesystem.sandbox-directory</param-name>
<param-value>d:/Sources/esb-repository/user-interface</param-value>
</context-param>
<context-param>
<param-name>oxf.resources.priority.2</param-name>
<param-value>org.orbeon.oxf.resources.WebAppResourceManagerFactory</param-value>
</context-param>
<context-param>
<param-name>oxf.resources.priority.2.oxf.resources.webapp.rootdir</param-name>
<param-value>/WEB-INF/resources</param-value>
</context-param>
<context-param>
<param-name>oxf.resources.priority.3</param-name>
<param-value>org.orbeon.oxf.resources.FilesystemResourceManagerFactory</param-value>
</context-param>
<context-param>
<param-name>oxf.resources.priority.3</param-name>
<param-value>org.orbeon.oxf.resources.ClassLoaderResourceManagerFactory</param-value>
</context-param>
I have entry in page-flow.xml:
<files path-info=".+\.(gif|css|pdf|json|js|png|jpg|xsd|ico)"
matcher="oxf:perl5-matcher"/>
Within my directory I keep whole application code and I have file theme/styles/layout.css. In Orbeon 3.8 server path /orbeon/theme/styles/layout.css works perfectly, but not in 3.9.
How to configure it to keep backward compatibility?
I'll assume /orbeon is the context on which you deployed the Orbeon Forms web app.
If you're using Orbeon Forms PE, starting with 3.9 versioned resources are enabled by default, the path requested by the browser needs to be /orbeon/3.14/theme/styles/layout.css, where 3.14 is the app version. If you write /theme/styles/layout.css in your code, Orbeon Forms will automatically rewrite it for you, adding the version number in the HTML it sends to the browser.
Since 3.9, the default app path is prepended when looking up resources. So a request for /orbeon/3.14/theme/styles/layout.css, with versioned resources, or /orbeon/theme/styles/layout.css without versioned resources, will look for the file app/theme/styles/layout.css in your resource directory. So you need to either:
Move your CSS to a different place on disk (move theme under the app directory).
Add theme as a platform path, by adding it to the oxf.url-rewriting.platform-paths property. Most likely this is the option that makes the most sense for you.
I'm trying to do a simple forwarding to an error page in a JSF 2 application. The instructions everywhere seem simple enough but it just doesn't work for me. This is what I tried. I put the following in web.xml:
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/pages/error.jsf</location>
</error-page>
I tried an exception-type java.lang.Exception, and I tried using error-code instead of the exception-type. I also tried to name the page (in the above snippet) error.xhtml, and I tried all this with an error.jsp page. Nothing works.
I'm testing this by simply disconnecting the database server so any attempt to log in causes an exception. And it's being displayed on the screen instead of the error page.
I'm using eclipse, tomcat 7, and myfaces 2.1.4. Also in my WEB-INF/lib I have primefaces-3.0.RC2 and prettyfaces-jsf2-3.3.2.
What am I doing wrong / not doing?
Have you shut down the error mechanisms of Facelets? In you web.xml file, you may need to have the following context-param:
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>false</param-value>
</context-param>
If you also use MyFaces, you need this additional context-param:
<context-param>
<param-name>org.apache.myfaces.ERROR_HANDLING</param-name>
<param-value>false</param-value>
</context-param>
This article may be useful to you.
Did you use any managed bean to process the error? If so, have you declared them? Check out this article.