I have a GWT application that I am trying to login using spring security. Currently, after a successful login, I am redirected back to the Login page. I am guessing this is because of my spring configuration and my lack of spring security knowledge.
In my spring-security.xml I define my intercepts like so:
<security:http auto-config="true">
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
</security:http>
I am guessing that the issue is on the access=isAuthenticated() but I am not sure. I want it to redirect to the gwt page/app which will handle the view based on the role returned. I made a very simple gwt app with this method and it worked.
I am using the Spring generated login page and not a JSP.
spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- This is where we configure Spring-Security -->
<security:http auto-config="true">
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
</security:http>
<b:bean id="graplAuthentication" class="com.foo.rim.security.GraplAuthentication"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="graplAuthentication" />
</security:authentication-manager>
</b:beans>
This turned out to be two things.
1) I needed to add the user-expressions="true" so it would pick up the access=
<security:http auto-config="true" use-expressions="true">
2) I had a custom user Authentication class and forgot to set the the Authenticated boolean to true. Both of these got it working correctly.
Related
We are trying to develop custom Intershop Managed Service following cookbook: https://support.intershop.com/kb/index.php/Display/2329T4
But when trying to enable service in Operations for our Organization, it is not listed there and there is a warning log message:
WARN localhost ES1 appserver0 [Test-Site] com.intershop.component.service.internal.service.ORMServiceConfigurationBORepositoryImpl [] [Storefront] [8ocH1vmRUp4E1qKOZQQC5FFRtQai9r4QV6dAV1yx] [oBlLAFsfl5kFMqjA-0-00] "oBlLAFsfl5kFMqjA-0-00" Can't load implementation for service definition: cartridge='service_esb', service definition id='ESBServiceDefinition'.
Here is services.compoment:
<?xml version="1.0" encoding="UTF-8"?>
<components xmlns="http://www.intershop.de/component/2010">
<!-- Adapter interface -->
<contract name="ESBService" class="com.test.service.capi.ESBService" />
<!-- ServiceDefintion implementation -->
<implementation name="ESBServiceDefinitionImpl" class="com.test.service.internal.ESBServiceDefinition" implements="ServiceDefinition" />
<!-- ServiceDefintion instance that has already one adapter added -->
<instance name="ESBServiceDefinition" with="ESBServiceDefinitionImpl" />
<!-- Registering the ServiceDefintion instance to the (global) ServiceDefinitionRegistry -->
<fulfill requirement="serviceDefinition" of="serviceDefinitionRegistry">
<instance with="ServiceDefinitionRegistry.Entry">
<fulfill requirement="cartridgeID" value="service_esb" />
<fulfill requirement="groupID" value="service.group.name.test" />
<fulfill requirement="parameterGroupID" value="ESBParameters" />
<fulfill requirement="serviceDefinitionID" value="esbService" />
<fulfill requirement="localizationKeyForName" value="service.definition.name.esbService" />
<fulfill requirement="serviceDefinition" with="ESBServiceDefinition" />
<fulfill requirement="ChainElementID" value="LogHandler" />
<fulfill requirement="ChainElementID" value="MonitorHandler" />
</instance>
</fulfill>
</components>
All required classes (AdapterInterface, Adapter, ExecutorService, ServiceDefinition - extending AbstractServiceDefinition) are implemented and compiled successfully. Does anybody knows why Intershop can't load implementation?
Also, in Intershop Studio in component editor following error is displayed when services.component is opened:
With 'Implementation - ESBServiceDefinitionImpl (unresolved)' cannot be resolved
But when clicking CTRL+left mouse button on "ESBServiceDefinitionImpl" implementation is found and
<implementation name="ESBServiceDefinitionImpl" class="com.test.service.internal.ESBServiceDefinition" implements="ServiceDefinition" />
is highlighted.
Of course it was typo :) I named folder with service.component "component", and not "components".
Thank you all for your help!
Maybe the ServiceDefinitionID does not match:
esbService vs. ESBServiceDefinition
Can you try the following component settings:
<?xml version="1.0" encoding="UTF-8"?>
<components xmlns="http://www.intershop.de/component/2010" scope="global">
<!-- Adapter interface -->
<contract name="ESBService" class="com.test.service.capi.ESBService" />
<!-- ServiceDefintion implementation -->
<implementation name="com.test.service.internal.ESBServiceDefinition" class="com.test.service.internal.ESBServiceDefinition" implements="ServiceDefinition" />
<!-- Registering the ServiceDefintion instance to the (global) ServiceDefinitionRegistry -->
<fulfill requirement="serviceDefinition" of="serviceDefinitionRegistry">
<instance with="ServiceDefinitionRegistry.Entry">
<fulfill requirement="cartridgeID" value="service_esb" />
<fulfill requirement="groupID" value="service.group.name.test" />
<fulfill requirement="parameterGroupID" value="ESBParameters" />
<fulfill requirement="serviceDefinitionID" value="esbService" />
<fulfill requirement="localizationKeyForName" value="service.definition.name.esbService" />
<fulfill requirement="serviceDefinition">
<instance with="com.test.service.internal.ESBServiceDefinition" />
</fulfill>
<fulfill requirement="ChainElementID" value="LogHandler" />
<fulfill requirement="ChainElementID" value="MonitorHandler" />
</instance>
</fulfill>
</components>
This is a long shot but did you try to redeploy the server after creating the custom managed service?
Stop the server.
Run gradlew deployServer
Start the server
i had a WCF server running through a Console application, it will run as an azure service so i don't to host it in ISS.
I belived it work well and share datas to my web app through ajax request. But when i maked a service that recieve a filestream, i realized that my binding configuration is not used at all. My WCF work same without binding section.
My probleme concerne especially the key "maxReceivedMessageSize" because default value limit me to 8Ko request and it is a problem for uploading file.
Bindings section (that i can comment) :
<webHttpBinding>
<binding name="MyBindingConfig" crossDomainScriptAccessEnabled="true" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" transferMode="Buffered">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647" />
<security mode="None" />
</binding>
</webHttpBinding>
Services section :
<service name="MyData.Service.MyDataServiceRestFull">
<endpoint binding="webHttpBinding"
contract="MyData.Service.IMyDataServiceRestFull" bindingName="MyBindingConfig" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:9997/MyDataServer"/>
</baseAddresses>
</host>
</service>
Note that i tryed with basicHttpBinding and i had same issue.
The problem is that you're incorrectly referring to your binding in your <endpoint/> element. You're using the bindingName attribute, when you should be using the bindingConfiguration attribute:
<endpoint binding="webHttpBinding"
contract="MyData.Service.IMyDataServiceRestFull"
bindingConfiguration="MyBindingConfig" />
I am trying to publish an application to Azure Service Fabric cluster. The moment I click publish from VS2015, I get those following errors:
"An error occurred reading the file xxx\publishprofiles\cloud.xml. There is an error in XML document (7, 6)"
"Object reference not set to an instance of an object"
This is the content of the Cloud.xml file:
<?xml version="1.0" encoding="utf-8"?>
<PublishProfile xmlns="http://schemas.microsoft.com/2015/05/fabrictools">
<ClusterConnectionParameters ConnectionEndpoint=... />
<ApplicationParameterFile Path="xxx\ApplicationParameters\Cloud.xml" />
<UpgradeDeployment Mode="Monitored" Enabled="true">
<Parameters FailureAction="Rollback" Force="True" />
<Parameters UpgradeReplicaSetCheckTimeoutSec="1" Force="True" />
</UpgradeDeployment>
</PublishProfile>
It seems that I can have only one of the parameters (FailureAction OR UpgradeReplicaSetCheckTimeoutSec) for VS2015 to successfully load the file.
I wonder if anyone has some insights into this issue?
There can only be one Parameters element. Combine all your parameters into just one Parameters element.
Example:
<?xml version="1.0" encoding="utf-8"?>
<PublishProfile xmlns="http://schemas.microsoft.com/2015/05/fabrictools">
<ClusterConnectionParameters ConnectionEndpoint=... />
<ApplicationParameterFile Path="xxx\ApplicationParameters\Cloud.xml" />
<UpgradeDeployment Mode="Monitored" Enabled="true">
<Parameters FailureAction="Rollback" Force="True" UpgradeReplicaSetCheckTimeoutSec="1" />
</UpgradeDeployment>
</PublishProfile>
I have to implement an SAML 2.0 identity provider with an WildFly server and picketlink, but I stuck at the authentication process. I followed the picketlink guide and also looked at the quickstarts on github but I still not get it working.
The problem is that my service provider sends an POST AuthnRequest to the wildfly server which redirects via a GET request to the login.jsp and then my SAMLRequest attribute is gone and then after a successful login the IDPFilter can't get the SAMLRequest attribute. Because of that the user is not authenticated on the service provider or redirected back to it.
I'm using a very basic FORM authentication which I configured in the web.xml of my identity provider project.
WildFly Version: 8.1.0-FINAL
Picketlink Version: 2.7.1.Final
firefox network monitoring:
picketlink.xml
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
<PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:2.1" SupportsSignatures="true"
AttributeManager="org.picketlink.identity.federation.bindings.wildfly.idp.UndertowAttributeManager"
RoleGenerator="org.picketlink.identity.federation.bindings.wildfly.idp.UndertowRoleGenerator">
<IdentityURL>${idp.url::http://localhost:7080/idp}</IdentityURL>
<Trust>
<Domains>locahost</Domains>
</Trust>
<KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
<Auth Key="KeyStoreURL" Value="/jbid_test_keystore.jks" />
<Auth Key="KeyStorePass" Value="changeit" />
<Auth Key="SigningKeyPass" Value="changeit" />
<Auth Key="SigningKeyAlias" Value="wildfly" />
<ValidatingAlias Key="localhost" Value="wildfly" />
<ValidatingAlias Key="127.0.0.1" Value="wildfly" />
</KeyProvider>
<MetaDataProvider ClassName="org.picketlink.identity.federation.core.saml.md.providers.FileBasedEntityMetadataProvider">
<Option Key="FileName" Value="/WEB-INF/classes/test_sp_metadata.xml"/>
</MetaDataProvider>
</PicketLinkIDP>
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2EncryptionHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler" />
</Handlers>
</PicketLink>
web.xml
...
<display-name>PicketLink Identity Provider</display-name>
<description>PicketLink Identity Provider Using a Servlet Filter</description>
<listener>
<listener-class>org.picketlink.identity.federation.web.listeners.IDPHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>IDPFilter</filter-name>
<filter-class>org.picketlink.identity.federation.web.filters.IDPFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>IDPFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
...
I hope you can help me with this problem...
Greetings, Chris
I have a j2ee web application using spring web flow ang spring security. I want to redirect the user to page(maybe an error page) if the user's role has no access on the page being accessed because currently I get the error
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.
How do I do this redirection.I tried the access-denied-page attribute of security:http but I still get the error. Here's my configuration for security-http.
By the way.I am using Spring Faces and Facelets. Could this have been the cause of the problem?
<!-- Configure Spring Security -->
<security:http auto-config="true" access-denied-page="/deniedpage.xhtml"
session-fixation-protection="newSession">
<security:intercept-url pattern="/main.do"
access="ROLE_SUPERVISOR, ROLE_USER" />
<security:intercept-url pattern="/logoutSuccess.do"
access="ROLE_SUPERVISOR, ROLE_USER" />
<security:intercept-url pattern="/edit.do"
access="ROLE_SUPERVISOR" />
<security:intercept-url pattern="/register.do"
access="ROLE_SUPERVISOR" />
<security:intercept-url pattern="/admin_main.do"
access="ROLE_SUPERVISOR" />
<security:intercept-url pattern="/*"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:form-login login-page="/loginForm.do"
default-target-url="/main.do" authentication-failure-url="/loginForm.do?login_error=1" />
<security:logout logout-url="/logout.do"
invalidate-session="true" logout-success-url="/logoutSuccess.do" />
<security:concurrent-session-control
max-sessions="-1" exception-if-maximum-exceeded="true" expired-url="/loginform.do" />
</security:http>
The access-denied-page attribute of security:http should be enough, show us the Spring configuration you are using.
In the meantime try adding this to web.xml:
<error-page>
<error-code>404</error-code>
<location>notfound.jsp</location>
</error-page>