I need to use the cookies instead of httpsession with spring security. Does anyone has idea that this is possible? If it is so pleas send me some resource.
Exactly what i want to do is make a web application stateless.
thanks
Rosh
http://sleeplessinslc.blogspot.com/2012/02/spring-security-stateless-cookie-based.html might get you started on what you want.
Related
am trying to implement the code using spring security with database there I found this topic but seriously i didn't understand this concept.why they add post method within this 'j_spring_security_check'
so please anyone explain me with example.
It's a preconfigured URL in spring security to authenticate via form input.
It can be configured in your spring security configuration to point to another URL if needed.
If a form submits to this URL it needs to have the relevant parameters for the AuthenticationManager to use, such as j_username and j_password
These were changed in later versions to use username and password.
The best example of this using Spring MVC is in the Spring Docs.
I have integrated CAS to Spring Security using Spring security tutorial on cas wiki. Now I want to get the current user and don't know how!
Should I get it from Spring security or CAS?
SecurityContextHolder.getContext().getAuthentication() returns null :|
If SecurityContextHolder.getContext().getAuthentication() is null means that the user is not authenticated yet.
Some pointers on CAS
Make sure that you use SSL for the communication to CAS thus CAS
must be hosted on SSL ports (443 or 8443)
Make sure that you Spring
Apps is hosted on SSL ports so that CAS can call to your Spring via
SSL server.
Common error is that both CAS and Spring Apps are not on SSL ports.
If this is the case, get a free SSL cert from www.startssl.com
Found the problem! I was going to use my own Access Control system, so I commented filters who where responsible for checking user's roles to access URLs. Apparently if I don't intercept URLs, spring security's context won't be accessible through that request (or at least it seems like that! I am not a big fan of Documents, so I try out codes and when I get an exception, I try to guess the reason! I really should stop doing that :| but anyway now that I intercept URLs, SecurityContextHolder.getContext().getAuthentication() doesn't return null anymore :) )
Does anyone over here has experience integrating TAM with Grails spring security for single sign on. If so can you help me get a quick start or point to any tutorials.
Thanks
You would probably want to use Spring Security's pre authentication feature and examine the header sent from TAM. To do so you would write your own authentication provider which is really simple and just looks for the header. See this for some more information
is there a way to configure spring security to have a default user (with roles and such)? i want to use it for testing purposes in an embedded jetty environment.
i provided an InMemoryUserDetailsService but i am missing the part where i tell spring security to use which user.
thanks for your help
fabian
Do you mean an anonymous user?
If so, try this: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/anonymous.html
("Spring Security's anonymous authentication just gives you a more
convenient way to configure your access-control attributes")
Is there an easy way to secure RESTful API exposed via Apache CXF's JAX-RS implementation? Are there any hooks for security via Spring Security?.
I heard of people using Basic Authentication over HTTPS, but I haven't seen any actual examples. Any ideas would be greatly appreciated.
Thanks!
see http://chrisdail.com/2008/08/13/http-basic-authentication-with-apache-cxf-revisited/
Don't know about CXF, but in Resteasy you can configure it as you would for any other web application, and then do..
#Context private SecurityContext sc;
Which allows you to check things such as sc.isUserInRole("admin");. CXF may provide the same functionality.