I tried spring security with GWT, its redirecting to login perfectly.
I stopped the server and started again and tried to access the URL.
Application doesn't show the login page. It directly going to home page.
Is this how the security works, how to make it work. User name, password and roles are configured in spring configuration files.
web.xml
<!-- web.xml -->
<web-app>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/gwtsecuritydemo-security.xml
/WEB-INF/gwtsecuritydemo-base.xml
</param-value>
</context-param>
<!-- Spring Security Filter Chain -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- Servlets -->
<servlet>
<servlet-name>greetServlet</servlet-name>
<servlet-class>au.com.securitydemo.gwt.maven.sample.server.GreetingServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>greetServlet</servlet-name>
<url-pattern>/gwtsecuritydemo/greet</url-pattern>
</servlet-mapping>
<!-- Default page to serve -->
<welcome-file-list>
<welcome-file>gwtsecuritydemo.html</welcome-file>
</welcome-file-list>
</web-app>
and
spring configuration.
<!-- Spring Config -->
<http auto-config="true">
<intercept-url pattern="/*" access="ROLE_USER" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user authorities="ROLE_USER" name="guest" password="guest" />
</user-service>
</authentication-provider>
</authentication-manager>
Thanks,
Bennet.
You server preserved sessions during restart or you configured "remember-me cookie".
To be sure, remove relevant cookies (usually JSESSIONID and REMEMBER_ME) from your browser and reload the page.
Related
I would like to to test the Application Insight tool of Microsoft Azure.
For this reason, I took a Spring application, jpetshop (https://github.com/mybatis/jpetstore-6), and I am trying to set up the Application Insight on top of it following this guide: https://learn.microsoft.com/en-us/azure/application-insights/app-insights-java-get-started
I added the Maven dependency and repository and, thanks to Eclipse, I created the ApplicationInsights.xml file with my InstrumentationKey. The only thing that I am not sure about is how to add is the HTTP filter on this application.
I modified the web.xml in this way:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<display-name>JPetStore</display-name>
<description>Online Pet Store Sample Application</description>
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>StripesResources</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<display-name>Stripes Filter</display-name>
<filter-name>StripesFilter</filter-name>
<filter-class>net.sourceforge.stripes.controller.StripesFilter</filter-class>
<init-param>
<param-name>ActionResolver.Packages</param-name>
<param-value>org.mybatis.jpetstore.web</param-value>
</init-param>
<init-param>
<param-name>Extension.Packages</param-name>
<param-value>net.sourceforge.stripes.integration.spring</param-value>
</init-param>
<init-param>
<param-name>ApplicationInsightsRequestNameInterceptor</param-name>
<param-value>com.microsoft.applicationinsights.web.struts.RequestNameInterceptor</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>StripesFilter</filter-name>
<servlet-name>StripesDispatcher</servlet-name>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>StripesDispatcher</servlet-name>
<servlet-class>net.sourceforge.stripes.controller.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>StripesDispatcher</servlet-name>
<url-pattern>*.action</url-pattern>
</servlet-mapping>
</web-app>
However, if I change the filter-mapper field as shown in the guide, the application doesn't work anymore.
Since the jpetshop application uses the Spring framework I also though to modify the *-servlet.xml file. However, this file is not present in this project.
Do you know how can I make the Azure Application Insight work on this application?
Thank you
I think you missed the section where you need to define ApplicationInsights's filter:
<filter>
<filter-name>ApplicationInsightsWebFilter</filter-name>
<filter-class>
com.microsoft.applicationinsights.web.internal.WebRequestTrackingFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>ApplicationInsightsWebFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
This question already has answers here:
Why request is going to Struts Dispatcher?
(2 answers)
Closed 6 years ago.
I am using jersey with Struts2. But by RestFul Service calls are not working. Below are my configurations files
struts.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.1//EN"
"http://struts.apache.org/dtds/struts-2.1.dtd">
<struts>
<package name="default" namespace="/" extends="struts-default">
<result-types>
<result-type name="tiles" class="org.apache.struts2.views.tiles.TilesResult" />
</result-types>
<interceptors>
<interceptor-stack name="default">
<interceptor-ref name="defaultStack">
<param name="exception.logEnabled">true</param>
<param name="exception.logLevel">ERROR</param>
<param name="params.excludeParams">/service/*</param>
</interceptor-ref>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="default" />
<action name="defaultAction"
class="com.gemini.web.controller.BinMasterController"
method="binMaster">
<result name="binMaster" type="tiles">binMaster</result>
</action>
</package>
</struts>
Web.xml
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
<!-- Client config -->
<context-param>
<param-name>
org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG
</param-name>
<param-value>
/WEB-INF/tiles.xml
</param-value>
</context-param>
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>
org.apache.struts2.tiles.StrutsTilesListener
</listener-class>
</listener>
<!-- Jersey Support Configuration for RestFul WebServices -->
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>
com.sun.jersey.spi.container.servlet.ServletContainer
</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.gemini.rest.controller</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/service/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
With this configuration Struts2 filter intercepts all requests.
To exclude your /service/* requests use struts.action.excludePattern constant:
<constant name="struts.action.excludePattern" value="/service/.*" />
I have a similar architecture (using Struts2 and Jersey).
In my web.xml I have:
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
My Jersey is configured through an extended ResourceConfig:
#ApplicationPath("rest")
public class Config extends ResourceConfig {
public Config() {
super();
register(new Binder());
packages(true, this.getClass().getPackage().getName());
}
}
So the two are on separate url paths:
Struts is on /admin and Jersey is on /rest.
I have created the REST web services using dynamic web project in eclipse and running in tomcat 7.
I am able to do basic authentication for the web services. Now I am trying to implement form based authentication.Now, any web service call from the browser shows 404 error instead of showing the login form.
May be , I guess the issue is path of the LoginForm.html. I have created the LoginForm.html directly under webcontent.
My web.xml code is
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>CustomerConnect</display-name>
<security-role>
<role-name>manager</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>management pages</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.html</form-login-page>
<form-error-page>/LoginError.html</form-error-page>
</form-login-config>
</login-config>
<!-- <session-config> -->
<!-- <session-timeout> -->
<!-- 1 -->
<!-- </session-timeout> -->
<!-- </session-config> -->
<servlet>
<servlet-name>Jersey REST Service</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.feature.Redirect</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.config.property.JSPTemplatesBasePath</param-name>
<param-value>/views/</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.config.property.WebPageContentRegex</param-name>
<param-value>/(images|css|jsp)/.*</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.bvbi.customerconnect.middletier</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Jersey REST Service</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<context-param>
<description>Location to store uploaded file</description>
<param-name>file-upload</param-name>
<param-value>
/home/bvbi/Desktop/apache-tomcat-7.0.26/webapps/CredoImages/
</param-value>
</context-param>
</web-app>
Your path configuration is correct. Remove * from your <url-pattern> inside the <servlet-mapping>.
<servlet-mapping>
<servlet-name>Jersey REST Service</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
Does it make any difference?
I found the same question asked previously here but I didn't found the suitable answer. I am designing my web in JSF2.0 with PrimeFaces 3.5 as a JSF component suite. Below is the error coming while automatic deploy is in process-
Below is the error which is coming while restarting the GlassFish Server 3.1.2 (As automatic deploy is not working so i thought of restarting it)-
Below is the error displayed by GlassFish Server 3.1.2 in Eclipse console-
SEVERE: service exception
java.lang.NullPointerExceptionnull at java.lang.String.replace(String.java:2219)null at com.sun.enterprise.v3.common.PropsFileActionReporter.setMessage(PropsFileActionReporter.java:67)null at com.sun.enterprise.v3.admin.AdminAdapter.service(AdminAdapter.java:219)null at com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:179)null at com.sun.enterprise.v3.server.HK2Dispatcher.dispath(HK2Dispatcher.java:117)null at com.sun.enterprise.v3.services.impl.ContainerMapper$Hk2DispatcherCallable.call(ContainerMapper.java:354)null at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)null at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:860)null at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:757)null at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1056)null at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:229)null at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)null at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)null at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)null at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)null at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)null at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)null at com.sun.grizzly.ContextTask.run(ContextTask.java:71)null at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)null at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)null at java.lang.Thread.run(Thread.java:679)null
My web.xml looks like below-
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="portal" version="3.0">
<display-name>Portal</display-name>
<!-- Change to "Production" when you are ready to deploy -->
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>primefaces.THEME</param-name>
<param-value>cupertino</param-value>
</context-param>
<context-param>
<param-name>javax.faces.INTERPRET_EMPTY_STRING_SUBMITTED_VALUES_AS_NULL</param-name>
<param-value>true</param-value>
</context-param>
<!-- Primefaces file upload -->
<!-- thresholdSize specifies the maximum file size in bytes to keep uploaded
files in memory. If it exceeds this limit, it’ll be temporarily written to
disk. -->
<!-- uploadDirectory is the folder where to keep temporary files that exceed
thresholdSize. -->
<filter>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
<init-param>
<param-name>thresholdSize</param-name>
<param-value>51200</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<context-param>
<param-name>uploadDirectory</param-name>
<param-value>/opt/upload/</param-value>
</context-param>
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
</web-app>
I am using Eclipse Indigo on Ubuntu 10.04.4 LTS.
here is the description of problem. I am develepping a web application with GWT. I have successfullly integrate spring security with gwt for the authentication feature with the following code. Now I want to use the spring "method security" in my web application. So I did what it says in http://static.springsource.org/spring-security/site/docs/3.1.x/reference/ns-config.html,
just adding <global-method-security secured-annotations="enabled"/> in the above mentionned application context file.
<http>
<http-basic/>
<intercept-url pattern="/**" access=""/>
<form-login />
<logout />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="jimis" password="jimispassword" authorities="ROLE_USER,ROLE_ADMIN" />
<user name="bob" password="bobspassword" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
**<global-method-security secured-annotations="enabled"/>**
then adding the annotation #Secured("ROLE_ADMIN") above the function that I what to controle the access
Then I add the declaration of application context in the web.xml as following:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee">
<!-- Default page to serve -->
<welcome-file-list>
<welcome-file>App.html</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>10</session-timeout> <!-- in minutes -->
</session-config>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>appService</servlet-name>
<servlet-class>com.google.gwt.app.example.server.AppServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>appService</servlet-name>
<url-pattern>/app/appService.rpc</url-pattern>
</servlet-mapping>
</web-app>
Note that I've just declared the gwt-servlet not the spring dispatcher servlet.
However it seems that this configuration doesn't work. In fact, whatever role can have the authority to access the function.
Very Strange.
Hope your answers!
Use a single global-method-security element containing both attributes.
Also read the relevant section of the Spring Security FAQ on issues with using method security and web controllers, if that's what you are doing (you will also find the same issue discussed here).
The log message you report is not an error and is unimportant unless you are using hasPermission() within your expressions.