w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
Spring Security UI plugin for Grails creates neither spring-security-ui.css nor i18n files
Try extracting the files from the directory you need, from the version you need https://github.com/grails-plugins/grails-spring-security-ui/tree/master/grails-app/assets/stylesheets https://github.com/grails-plugins/grails-spring-security-ui/tree/master/grails-app/i18n

Categories : Grails

Spring security 3.2.0 > deprecated
I'm not sure if this answer can help you. However, the warning message generated by IDE is not a big problem because you did not use the deprecated method. I'm using spring security too and I also can see the same warning message but the service is working perfectly. I'm sorry if the answer is not you wanted.

Categories : Spring

Spring Security @RolesAllowed Works but @Secured gives me AccessDeniedException in Spring 3.2 with Spring Security 3.1
Try to use a security role with a name that ends with ROLE From Spring Security Reference: RoleVoter The most commonly used AccessDecisionVoter provided with Spring Security is the simple RoleVoter, which treats configuration attributes as simple role names and votes to grant access if the user has been assigned that role. It will vote if any ConfigAttribute begins with the prefix ROLE_. It will vote to grant access if there is a GrantedAuthority which returns a String representation (via the getAuthority() method) exactly equal to one or more ConfigAttributes starting with the prefix ROLE_. If there is no exact match of any ConfigAttribute starting with ROLE_, the RoleVoter will vote to deny access. If no ConfigAttribute begins with ROLE_, the voter will a

Categories : Spring

How to fetch Facebook UserName, Email, phoneno etc from Facebook Authentication for Spring Security in Grails
You have to put it into your implementation of FacebookAuthService. Just create service with such name, and add method onCreate with this code (or similar). And don't forget ot add Spring Social Facebook as a dependency

Categories : Facebook

Why is the interface WebSecurityExpressionHandler in spring security deprecated?
It looks like they are going to replace WebSecurityExpressionHandler with SecurityExpressionHandler<T> where T can be either FilterInvocation or MethodInvocation. Note that it doesn't affect implementation classes (DefaultWebSecurityExpressionHandler). See also: SEC-1562 Create SecurityExpressionHandler interface

Categories : Spring

Spring Security 3.2.0.RC1 - element and deprecated method
If you are using the namespace then an IDE error like this doesn't really matter, since you can guarantee that Spring Security will support the feature. You aren't actually using the method yourself. auto-config is a bad idea generally. Someone looking at that configuration won't easily know what it actually does. Do you really want basic authentication, for example? You are best to remove auto-config and explicitly add the features you want.

Categories : Java

Grails Spring Security plugin - "Cannot invoke isLoggedIn() on null object" error in grails-2.3.0.RC1
Obviously, this problem is related to an issue with grails-2.3.0.RC1 not injecting service bean for plugins correctly. I was able to fix my problem by adding this to grails-app/conf/resources.groovy beans = { springConfig.addAlias "springSecurityService", "springSecurityCoreSpringSecurityService" } This makes grails to inject the service first before anything. If you have similar problems using grails-2.3.0RC1, you can add an alias to the resources.groovy file to fix this error. For example: beans={ springConfig.addAlias "serviceName","pluginNameServiceName" } You can see the jira that was opened for this problem here http://jira.grails.org/browse/GRAILS-10301 Hope this helps anyone with similar issues.

Categories : Java

Using Spring Security in Grails with CAS and LDAP
I've shared (GitHub) a sample app that integrates Grails (2.2.0) + Spring Security Plugin + CAS + LDAP. My work is based on this link: http://dominikschuermann.de/index.php/2010/11/using-grails-with-cas-and-ldap/, but unfortunately the link is not active. https://github.com/luizcantoni/TestCAS-LDAP-Grails This App authenticates using CAS. After authenticated, CAS redirect to Grails that populates (through ldap) the User with some Active Directory information (email and name). This is the file that populates the user with some AD information: https://github.com/luizcantoni/TestCAS-LDAP-Grails/blob/master/src/groovy/example/PrepopulateUserDetailsService.groovy Check the resources.groovy: https://github.com/luizcantoni/TestCAS-LDAP-Grails/blob/master/grails-app/conf/spring/resources.groo

Categories : Grails

Spring 3.2 Security - Login with non-unique username and additional info
Your question is not all clear to me. Do you have a unique login for multiple stores? Then you don't need to give the store to your UserDetailsService implementation. I would simply load the user information using its username and if the users are not authorized for all the stores, you could use the GrantedAuthority to define where the users is authorized, e.g. ROLE_STORE_ID1, ROLE_STORE_ID2, etc. If you have multiple stores where users are not shared, then you could simply create a configurable custom implementation of UserDetailsService, instantiate one per store and uses the correct instance depending on the store the user is accessing. I hope this will help.

Categories : Java

Grails - different passwords for same salt in Spring Security
bcrypt generates a uniq salt each time, and includes it into result hash. Because of it springSecurityService.encodePasswod just ignores second argument, and reflectionSaltSourceProperty option as well (see sources). So, each time you'll get different hash for same input data. You can use BCrypt class to validate password, like: if (BCrypt.checkpw(candidate_password, stored_hash)) System.out.println("It matches"); else System.out.println("It does not match"); See docs for BCrypt: http://static.springsource.org/autorepo/docs/spring-security/3.1.x/apidocs/org/springframework/security/crypto/bcrypt/BCrypt.html Btw, as you're using Spring Security, it's already implemented in framework, so you can use passwordEncoder bean: def passwrodEncoder ... passwordEncoder.isPasswordValid(

Categories : Grails

Spring Security in Grails providing authorization
You can use your Role class not only for generic roles (Admin,User, etc.), but for application specific ones as well. Simply allow the user to create a Role for a resource and then allow their invitees to be granted that role. Spring Security comes with a handy ifAnyGranted() method, which accepts a comma-delimited String of role names. At a resource entry-point simply ensure that a particular role is granted: class Conversation{ Role role } class ConversationController{ def enterConversation(){ // obtain conversation instance if(!SpringSecurityUtils.ifAnyGranted(conversationInstance.role.authority){response.sendError(401)} } }

Categories : Grails

grails spring security acl query exception
I believe the default UserDetailsService looks up a user based on username, so in addition to what you've configured, you'll also need to create a custom UserDetailsService and implement the loadUserByUsername method. Here's a quick example: class CustomUserDetailsService implements GrailsUserDetailsService { UserDetails loadUserByUsername(String username, boolean loadRoles) throws UsernameNotFoundException { return loadUserByUsername(username) } UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User.withTransaction { status -> User user = User.findByEmail(username) if (!user) { throw new UsernameNotFoundException('User not found', username) } def authorities = user.authorities.collect { new Grant

Categories : Authentication

How to get current_user by using Spring Security Grails plugin in GSP
Try tags provided by springSecurity plugin, something like: <sec:isLoggedIn> <g:link controller="post" action="edit" id="${post.id}"> Edit this post </g:link> </sec:isLoggedIn> Actually you are trying to inject a service on your GSP page, you can do it with some import statement on the page, but I would say it will not be good programming practice, I think you should send current logged In user's instance from the controller to the GSP page, and then perform a check on it: let say you have the controller method: def showPostPage(){ Person currentLoggedInUser = springSecurityService.getCurrentUser(); [currentLoggedInUser:currentLoggedInUser] } and on your GSP page: <g:if test="${post.author == currentLoggedInUser }"> <g:l

Categories : Grails

Adding Spring Security dependency to Grails plugin
The plugins block is correct. If it's not working after installing from a zip, you might have some cruft left over from before. To keep things in one place, I like to remove grails.project.class.dir = "target/classes" grails.project.test.class.dir = "target/test-classes" grails.project.test.reports.dir = "target/test-reports" and replace them with grails.project.work.dir = 'target' so everything is under the target folder. When things get weird, run rm -rf target to force a full re-resolve and rebuild. Then, rather than using inline plugins (which aren't great about transitive deps because we read that info from POM files now and that's not available unless you package the plugin properly) or zips, use the release plugin's maven-install script. Add this to the plugins section (re

Categories : Grails

Trouble logging out from a Grails application using Spring Security (CAS)
Have you tried call session.invalidate() direct in the controller index method? class LogoutController { def index = { println "IN LOGOUT CONTROLLER TRYING TO LOGOUT" session.invalidate() redirect uri: SpringSecurityUtils.securityConfig.logout.filterProcessesUrl } } Cheers

Categories : Grails

Grails: disable Spring Security Core on certain paths
You can implement a simple non-authentication filter:: class NonAuthenticationFilter extends GenericFilterBean { void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { chain.doFilter(request, response); } } Define it in resources.groovy: beans = { nonAuthFilter(NonAuthenticationFilter) } And configure your url pattern: grails.plugins.springsecurity.filterChain.chainMap = [ '/api/**': 'nonAuthFilter', '/**': 'JOINED_FILTERS', ] grails.plugins.springsecurity.interceptUrlMap = [ '/api/**': ['IS_AUTHENTICATED_ANONYMOUSLY'] ]

Categories : Spring

grails spring security - implementing screen lock
If you are saving encoded passwords to DB then You need to do something like this def userInstance = ... //get user instance if (springSecurityService.encodePassword(params.pass) != userInstance.password) { ... }

Categories : Grails

Grails Spring Security & LDAP Auth Failure
Try these settings: grails.plugins.springsecurity.ldap.authorities.groupSearchBase ='DC=example,dc=org' grails.plugins.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'

Categories : Spring

Grails Spring Security interceptUrlMap: how to restrict access of index.gsp
grails.plugins.springsecurity.interceptUrlMap = [ '/testcontroller/**': ["isAuthenticated()"], '/*': ["isAuthenticated()"] ] This is stricter. Authenticates non-anonymous user from anonymous user at the root context. Should this work?

Categories : Grails

Grails Database migration problems with Spring Security password
So in grails-app/conf/spring/resources.groovy you can specify the password encoder bean beans = { passwordEncoder(YourClassHere) } The class must implement PasswordEncoder. In your class you can do whatever you did previously to encrypt the passwords.

Categories : Grails

How to set custom time out for remember me cookie in grails spring security?
Override the method calculateLoginLifetime, by default this will return the value as set in the configuration (it calls getTokenValiditySeconds(). By overriding this you can determine (based on the request) if the normal timeout should be passed or a custom one. protected int calculateLoginLifetime(HttpServletRequest request, Authentication authentication) { if (request.getRemoteAddr().startsWith("subdomain") { return 15; // Or whatever you want, you could also make it configurable. } return getTokenValiditySeconds(); }

Categories : Grails

grails and spring security acl: show only some instances of a domain class
If I understand you right you need to define belongsTo. This will create mapping in database from Patient to User. Edit: to get current logged in user use class SomeController { def authenticateService def list = { def user = authenticateService.principal() def username = user?.getUsername() ..... ..... } } To map to user change logic in controller or use events to create mapping Edit: edit create action: class PatientController { def authenticateService ... def create() { def patientInstance = new Patient(params) patientInstance.user = authenticateService.principal() ... [patientInstance: patientInstance] } ... }

Categories : Grails

Change AccessDecisionManager to UnanimousBased in Grails Spring Security Plugin
Based on Burt Beckwith's "Hacking the Grails Spring Security Plugin" [http://www.slideshare.net/gr8conf/hacking-the-grails-spring-security-plugins], it should be possible to simply provide a different implementation of the accessDecisionManager bean. Something like this: accessDecisionManager(org.springframework.security.access.vote.UnanimousBased) in resources.groovy When I tried this, I had trouble with the constructor syntax in the bean definition. The access decision manager wants a list of voters in the constructor and I couldn't quote figure out how to get my voters defined in config.groovy as parameters to the constructor. I was about to derive my own decision manager (with parameterless constructor) from UnanimousBased when I stumbled upon the source code for AuthenticatedVetoab

Categories : Grails

Grails Spring Security Core Plugin redirect issue
I might be wrong, but I don't think you can do what you want using ['IS_AUTHENTICATED_ANONYMOUSLY'], it won't restrict logged in user since per documentation The token accepts any authentication, even anonymous. Why not just put something like //in user controller def create() { if(springSecurityService.currentUser) { //let them know they're already logged in flash.message = message(code: 'your.....message') redirect(action: "list") } //else take them to create form ... }

Categories : Grails

Spring Security 3.1.x & JSF 2.0 : " BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains' "
I would start by checking your classpath (look in the lib directory of your WAR file) and make sure you don't have different Spring jars in there. It's not uncommon for maven to pull in transitive dependencies from some dependency and cause you to end up with Spring 3.0.x and Spring 3.1.x jars at once. You can avoid this by adding exclusions to your pom, or more simply by explicit versions each Spring jar you need. Then make sure you are using up-to-date versions of both Spring Security and Spring. Note that Spring and Spring Security are separate projects with independent version numbers. There's no reason why you can't be using Spring 3.2.3 with Spring Security 3.1.4, for example, but you should have the latest minor version of whichever release you choose.

Categories : Java

Spring security override specific message : Your login attempt was not successful, try again. - not found under org.springframework.security
Actually it is easy resolvable by custom login form. Since it won't display any of sf error messages we can pass error param back after processing. Consequently simply check for this param and add whatever text message you like. authentication-failure-url="/login?error=true" then in our new login page simply add something like: <c:if test="${error}"> <s:message code="AbstractUserDetailsAuthenticationProvider.badCredentials"/></c:if> where you can use any message code from your resource bundle.

Categories : Spring

Providing security for Restful Web Services into existing Spring security 3.1
You should use two http tags. One for your web application and the other one for your REST API. Let's say, you can use an entry point web/** for your web app and an entry point api/** for your REST API. You propaply want to secure your API with HTTP Basic, so your web app should work with form login (that uses java session) and your REST API with HTTP Basic authentication. REST APIs are better secured with OAuth 2, but depending on size or audience of your application would be overkill.

Categories : Spring

Is it possible to run a spring webmvc webapp with spring security in one spring container?
Short answer Remove the /WEB-INF/myapp-servlet.xml from the contextConfigLocation context param. Long Answer The ContextLoaderListener creates a root application context based on the configuration files defined in the contextConfigLocation and loads it into the ServletContext before any Servlet is initialized. The DispatcherServlet at the same time, will create a child application context with the specified configuration. You are not explicitly specifying any bean definition file, so by convention it will take /WEB-INF/appName-servlet.xml (/WEB-INF/myapp-servlet.xml in your case, which by chance exists). It happens that both your root application context and your child application context will have some common beans (duplicates, because they load the same configuration file). You hav

Categories : Java

Spring Security - 'global-method-security' does not work
Looks like you should follow with recomendation from Spring Security Reference Manual: The annotated methods will only be secured for instances which are defined as Spring beans (in the same application context in which method-security is enabled). A similar problem is discussed here: How can <global-method-security> work on my controller by Spring-Security? See the last post.

Categories : Java

Grails: create rest api with plugin jaxrs and protect resource with spring security oauth?
i believe you should use the annotation @Secured provided by spring security in your rest controllers or methods import grails.plugins.springsecurity.Secured @Secured(['YOUR_ROLE'])

Categories : Grails

AngularJS and Spring Security. How to handle AngularJS Urls with Spring Security
I wrote a little sample application that illustrates how to integrate AngularJS with Spring Security by exposing the session id as an HTTP header (x-auth-token). The sample also provides some (simple) authorization (returning the roles from the server) so that the client AngularJS application can react to that. This is of course primarily for user-experience (UX) purposes. Always make sure your REST endpoints have property security. My blog post on this is here.

Categories : Spring

Spring 3.2: Filtering Jackson JSON output based on Spring Security role
Althou it is possible to write custom JSON processing filter (e.g. based on JSON Pointers), it will be a little bit complex to do. The simplest way is to create your own DTO and map only those properties, which the user is authorized to get.

Categories : Spring

Spring security session management and Spring MVC view resolver error
You are redirecting to the jsp not the mapped url. session management tag should be : <session-management invalid-session-url="/login?error=sessionExpired" session-authentication-error-url="/login?error=alreadyLogin"> <concurrency-control max-sessions="1" expired-url="/login?error=sessionExpiredDuplicateLogin" error-if-maximum-exceeded="false"/> </session-management>

Categories : Spring

Including "spring-security-config" into classpath makes spring hang with NoClassDef at "Aware"
Spring security has a different version scheme with spring core (I believe historically they are maintained by different organization). I suggest you don't use generic ${spring.version} variable. Read the documentation of what minimum spring core is required for corresponding spring security version If you believe you've got all the versioning correct, next possible cause is your maven configuration itself. Often you did not realize you've set your settings to NOT lookup from central repository / your organization internal maven repo (nexus) has a stale index not having latest version of spring artifacts

Categories : Spring

Redirect to the original URL after signin using Spring Social, Spring security?
Have you actually tried it to see if it works? Spring security does this automatically. If you are an anonymous user and attempt to access a resource that requires a certain permission, spring security will store the attempted URL and redirect you to the login page. After successful login it fetches the attempted URL back and redirects you there.

Categories : Java

Spring security- org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains'
Looking at the stacktrace information it appears as if you have conflicting framework jars in your classpath. When using maven use mvn dependency:tree to figure out which dependencies get used, I suspect that there is an older spring-beans.jar in your classpath.

Categories : Java

Spring Bean not found for Spring Security RememberMe?
Cannot convert value of type [groovy.util.ConfigObject] to required type [int] for property 'tokenLength' This suggests to me that you don't have a grails.plugins.springsecurity.rememberMe.persistentToken.tokenLength property set in your grailsApplication.config - when you ask a ConfigObject for a non-existent key what it returns to you is a new empty ConfigObject.

Categories : Java

Spring MVC + Spring Security login with a rest web service
you can define a custom pre-auth filter by extending AbstractPreAuthenticatedProcessingFilter. In your implementation of getPreAuthenticatedPrincipal() method you can check if cookie exists and if it exists return cookie name is principal and cookie value in credentials. Use PreAuthenticatedAuthenticationProvider and provide your custom preAuthenticatedUserDetailsService to check if cookie is vali, if its valid also fetch granted authorities else throw AuthenticationException like BadCredentialsException For authenticating user using username/password, add a form-login filter, basic-filter or a custom filter with custom authentication provider (or custom userdetailsService) to validate user/password In case cookie exists, pre auth filter will set authenticated user in sprin

Categories : Spring

Url Mapping fails for /oauth/token - Spring security + OAuth in a Grails application
I ran into similar symptoms when trying to get my /oauth/authorize endpoint to work properly. In order to get things going, I had to add the following to UrlMappings.groovy: "/oauth/authorize" (uri:"/oauth/authorize.dispatch") "/oauth/token" (uri:"/oauth/token.dispatch") This solution came from examining the source for a grails spring-security-oauth provider plugin: https://github.com/adaptivecomputing/grails-spring-security-oauth2-provider Note that getting this setup to work completely might also involve updating the grails cache plugin: when using 1.0.1, I received a 500 after I got the mapping to work (when trying to load /oauth/authorize). Upgrading my cache plugin to 1.1.1 fixed that issue for me. Hope something in there is useful.

Categories : Grails

Spring MVC Spring Security and Error Handling
The reason is right there, in the DispatcherServlet class; it sends error response without bothering to call exception handler (by default). Since 4.0.0.RELEASE this behaviour can be simply changed with throwExceptionIfNoHandlerFound parameter: Set whether to throw a NoHandlerFoundException when no Handler was found for this request. This exception can then be caught with a HandlerExceptionResolver or an @ExceptionHandler controller method. XML configuration: <servlet> <servlet-name>rest-dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>throwExceptionIfNoHandlerFound</param-name> <param-value>true</param-value>

Categories : Spring



© Copyright 2017 w3hello.com Publishing Limited. All rights reserved.