I have a desktop application (built using Eclipse RCP) which on start, pops open a dialog box with 'UserName' and 'Password' fields in it. I need different types of authentication (LDAP, JDBC. etc).
If it was a web application the best way would be using Spring Security for this purpose. But I have Eclipse RCP application. Is there any way to integrate Eclipse RCP and Spring Security?
Eclipse RCP has security features available which you can use. The security is also JAAS compatible, so if you would like to hook Spring Security to it..it should be something doable.
Try the following links and see if you they serve your need without Spring Security:
Equinox Security Integration
Adding Security to Eclipse
Related
I am using the Grails Security Plugin im my application and I appreciate it really.
Spring security automatically adds several headers to the https responses in order to avoid the caching of sensitive pages in the browser cache. I would like to disable that for non confidential informations like, for instance, fonts.
Native Spring security allows that through the <http>, <headers> and <cache-control disabled="true"> configuration elements.
While that would be simple with an XML config, I can't figure out the way to add the equivalent of to the configuration of the security plugin. Any hints?
I am using Grails 3.2.9, and security plugin 3.1.1.
We have a product developed in grails 1.3.7 that supports Kerberos and ADS/LDAP authentication. The application is deployed in different environments. Some deployments are running as SaaS. The SaaS deployments don't require kerberos authentication. There is a dummy keytab file placed within the application and the same credentials are configured in the config.groovy as default to start the application without failing (if they are missing, application will not start). This blog helped me a lot while integrating kerberos
The authentication is working fine in all cases. Some customers accessing the SaaS application from their intranet domain are complaining extreme slowness(3-5 minutes) in the response after kerberos integration. When they access from out of the domain, it seems to be pretty faster. Mostly they are using IE browser. But when I tested the same from our domain, I don't see any issue. It loads in 5-7 seconds. So I am not sure if this is something related to their IE configuration or security policy?
Now I want to disable the Kerberos authentication in the application for specific deployments only. I don't want to keep two versions of the code. But I don't see any configuration with spring-security-kerberos plugin to do so.
Spring Security plugins used in the app are
spring-security-core=1.1.2
spring-security-kerberos=0.1
spring-security-ldap=1.0.5
Is it possible to enable/disable kerberos authentication for specific deployment alone or do I need to have 2 versions with and without kerberos?
Will any IE configuration help to solve this?
In the environments you want to disable spring -security just specifiy
grails.plugins.springsecurity.active = false
in your Config.groovy file, that is it.
I have an existing, eclipse based web servlet application that authenticates using http basic authentication. I am looking to convert this to Spring based security. I understand what has to be done programatically, but am having problems with the details of configuring the project itself in eclipse. I am using the Spring STS toolkit, and I am able to successfully import one of the Spring Security sample apps (openid-xml) and it works fine.
My existing application also works properly when run under STS, but without Spring support
I would like a recommendation for either a tutorial on making this conversion, or some useful advice. For example, is it easier to
a) create a new Spring application and try to migrate my existing code into it, or b) try to convert my code by importing the various spring libraries, etc? c) convert my existing app to use maven instead of eclipse (Spring just doesn't seem to want to work without maven, and i am at a loss here) - naturally, I have no idea how to do this.
Any advice will be most gratefully received, after a day of hit and miss frustration.
I have answered my own question, and will try to provide some details for those who may be having the same problem.
First, there is some relatively useless info available on stackoverflow, but some good stuff as well.
This (https://stackoverflow.com/a/14867188/1374167) is completely wrong. It is certainly possible to secure a servlet with Spring Security. The trick is to realize that you are going to have to use Maven and Gradle to build the libraries for Spring and Spring Security.
Once you have built these jar files, you simply import them into Eclipse (it doesn't really seem to matter which version) and set up your web.xml and security contraints.
I used this project as a starting point. It's not perfect, but it got me on the right track, after I updated the spring and spring security jar files. The full blog post is here
I had a frustrating experience getting to this point but I hope this information will help others. It's quite simple once you understand what to do.
How to use springsource tool suite for spring web service development?
quick start of how link/guidance is required
Here is a link showing almost everything step by step and you can even see the famous Spring logo in the IDE showing he's using STS: http://briansjavablog.blogspot.com/2013/01/spring-web-services-tutorial.html
http://www.springsource.com/developer/sts
in a struts application, I have a filter that forces certain pages to be accessed only over https via redirection. I'm thinking in porting it to grails so my question is: In the this environment, is there a "grails" way to implement such filter or is it similar/the same as I did ? Thanks
The Spring Security core plugin has support for this. See section 17 - "Channel security"