Quantcast
Channel: Spring Community Forums - Security
Viewing all 284 articles
Browse latest View live

Redirect to j_spring_security_logout from a Controller in Spring Security 3.1.1

November 30, 2012, 3:56 am
$
0
0
I have a jsp with a form that has 2 buttons "save" and "close", both call the same method and if I detect that the close button was pressed I should then redirect to Spring Security logout... but when I do that I get a 404 error in tomcat:

Code:
Estado HTTP 404 - /SICCO/WEB-INF/jsp/j_spring_security_logout.jsp

type Informe de estado

mensaje /MyWebapp/WEB-INF/jsp/j_spring_security_logout.jsp

descripción El recurso requerido (/MyWebapp/WEB-INF/jsp/j_spring_security_logout.jsp) no está disponible.
the piece of code is:

Code:
@RequestMapping("guardar")
public String guardar(Model model, @ModelAttribute("precol")Precolonoscopia precol, HttpServletRequest request) {

    if (WebUtils.hasSubmitParameter(request, "cerrar")) {
        return "j_spring_security_logout";
    }
        //things...
    return "/other/page";
}
I've also tried with

return "/j_spring_security_logout"

but I got the same error. And also returning ModelAndView instead of String... I got the same result.

I have another jsp that calls directly to Spring Security Logout:

Code:
< c:url value="/j_spring_security_logout" var="url" / >
< form action="${url}" method="post">
* * < button name="cerrar">< s:message code="myapp.cerrar"/ >< /button>
< /form>
And this works as expected...

What am I doing wrong?
Search

[After changed authentication, intercept-url pattern keeps forwarding to login page ]

November 30, 2012, 6:41 am
$
0
0
What I need to do is,

1. Once I login with an id and a password (e.g. user1/pw1), use some pages corresponding to user1
2. And then switch the user1 to another id (e.g. user2) and then use some other pages corresponding to user2.
without logout and login via login page.
3 And then switch user2 back to user1 in a menu and use some other pages corresponding to user1
without logout and login via login page..

To change account in a controller, I changeAccount(String newUserId) is defineded in BaseController.java

In security.xml, I defined intercept-url patterns as follow,
so whenever I choose any jsp files under file or group directory, it goes to login page, if a user didn't login.

Code:
<intercept-url pattern="/file/**" access="ROLE_USER"/>
<intercept-url pattern="/group/**" access="ROLE_USER"/>

Code:
@Controller
public class BaseController {
...
 public void changeAccount(String newUserId) {
  //SecurityContext ctx = new SecurityContextImpl();
  SecurityContext ctx = SecurityContextHolder.getContext();
  ctx.setAuthentication(new UsernamePasswordAuthenticationToken(newUserId, null));
  SecurityContextHolder.setContext(ctx);
       
  SecurityContextHolder.getContext().getAuthentication().getName());
  String currentSessionUserId = SecurityContextHolder.getContext().getAuthentication().getName();
  System.out.println("currentSessionUserId : "+ currentSessionUserId);
 }
...
}
For example, I called changeAccount("user2") to change sessionId from user1 to user2
in a controller FileController.java by calling changeAccount(selectedAccountId).

Code:
@Controller
public class FileController extends BaseController {
    ...       
    protected ModelAndView changeAccount(@ModelAttribute("user") User user, Model model) throws Exception {
               
                changeAccount(selectedAccountId);
                ...
                return new ModelAndView("file/file");
  }
After I changed id from user1 to user2,
Code:
  String currentSessionUserId = SecurityContextHolder.getContext().getAuthentication().getName();
displays user2 correctly.

BUT, since
Code:
<intercept-url pattern="/file/**" access="ROLE_USER"/>
<intercept-url pattern="/group/**" access="ROLE_USER"/>
are defined, so when I choose any menu under /file or /group (e.g., /file/file.htm or /group/group.htm),
it is fowarded to login menu.
Which means even though
Code:
SecurityContextHolder.getContext().getAuthentication().getName();
correctly changed the authentication, but this is not considered as logined user by intercept-url.

How can I make it work?
What I want if whenever I change to another user after I login a certain id (user1 --> user2),
it (user2) must be considered as legitimate login person so as not to be forwarded to login menu.

Timeout URL vs Expired URL?

November 30, 2012, 6:57 am
$
0
0
Hello experts

I have a fairly simple spring-security context as seen below. My requirement is to have different urls for a user when they:

1) log out
2) time out
3) concurrent log in exception

Log out is fine but I cannot get the time out url (sessiontimeout.htm) to work with the max concurrency expired url (duplicatesession.htm). It seems that the invalid-session-url attribute overrides the concurrency expired-url attribute at all times.

Can anyone spot what is going wrong or provide a suggestion please?

Thanks

==================================================

<http use-expressions="true" auto-config="false">

<custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<session-management session-authentication-strategy-ref="sas" invalid-session-url="/sessiontimeout.htm" />
<logout invalidate-session="true" delete-cookies="JSESSIONID" />

<intercept-url pattern="/logon.htm" access="permitAll" />
<intercept-url pattern="/logoff.htm" access="permitAll" />
<intercept-url pattern="/sessiontimeout.htm" access="permitAll" />
<intercept-url pattern="/duplicatesession.htm" access="permitAll" />
<intercept-url pattern="/css/**" access="permitAll" />
<intercept-url pattern="/js/**" access="permitAll" />
<intercept-url pattern="/images/**" access="permitAll" />
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

<form-login login-page="/logon.htm"
login-processing-url="/processlogon.htm"
authentication-details-source-ref="loginPostProcessor"
always-use-default-target="true"
default-target-url="/files/summary.htm"
authentication-failure-url="/logon.htm?error=true" />
</http>

<beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.Co ncurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/duplicatesession.htm" />
</beans:bean>

<beans:bean id="sas" class="org.springframework.security.web.authentica tion.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>

<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.S essionRegistryImpl" />

==================================================

Spring social type of current connection

December 2, 2012, 12:52 am
$
0
0
Hi, I would like to get type of current connection in spring social. I want to know if logged user is signed by Facebook account, Twitter, Google or no social account. Is there any way to get this ? Thanks

without form login

December 2, 2012, 5:47 am
$
0
0
Hi,

I am developing a REST API and using spring security but every time the authentication fails I get a "Spring Security Application" popup. How do to prevent this from coming ?

applicationContext.xml:

Code:
<sec:http auto-config="false" create-session="never" entry-point-ref="restAuthenticationEntryPoint">
        <sec:http-basic/>
        <sec:intercept-url pattern="/**" access="ROLE_USER"/>
    </sec:http>
 
  <bean id="authenticationProvider" class="com.jani.rest.CustomAuthenticationProvider"/>
 
    <sec:authentication-manager>
        <sec:authentication-provider ref="authenticationProvider"/>
    </sec:authentication-manager>

in the CustomAuthenticationProvider I just check the username and password and in the restAuthenticationEntryPoint i send and Unauthorized error if authentication fails


Code:
  @Override
  public void commence(HttpServletRequest request, HttpServletResponse response,
    AuthenticationException authException) throws IOException{
          response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");         
      }
I appreciate any advice, I would like to always throw the authorized error when authentication fails, in my case it does not work using popups since I am developing an API

Thanks,
JaniR

Scripting authentication and action.

December 3, 2012, 11:59 am
$
0
0
I would like to be able to send a single http request that executes both the authentication and the request with one URL invoke. Basically I want one request that passes the userid and password plus the parameters for the http request and performs the authentication then continues with the request. Is that possible?

Updating Session's Authentication object ala Refresh

December 3, 2012, 2:18 pm
$
0
0
This must be a common problem but I didn't find a solid example in the forum. I will contrive the example to simplify the use case.

On our client, we allow the user to opt-in to a role. We then make a call to the server to add the role to the user's record. How would I go about "refreshing" the user's credentials in the SecurityContextHolder without requiring the user to sign out and then back in?

Authentication with RESTEasy + Spring Security

December 4, 2012, 8:11 am
$
0
0
I'm trying to create a method authentication with RESTEasy.

My URLs REST are mapped with con Spring Security

I want to know how Spring Security can to recognize to authenticated user...:confused:

I've created a login URL and login method in a service class. This method is used in my web application and call other method that return true o false

Code:
@Path("/service/login")
public class LoginService {
        private UsuarioBusiness usuarioBusiness;
       
        @GET
        @Path("/go/{user}/{pass}")
        @Produces("application/json")
        public Response login(@PathParam("user") String usuario, @PathParam("pass") String pass){
          //call other method
        }
}
Code:
//Other method
public boolean login(String username, String password) {

                try {
                        Authentication authenticate = authenticationManager.authenticate(
                                        new UsernamePasswordAuthenticationToken(username, password));
                        if (authenticate.isAuthenticated()) {
                                SecurityContextHolder.getContext().setAuthentication(authenticate);       
                                return true;
                        }
                } catch (AuthenticationException e) {       
                        System.out.println("Error en login");
                }
                return false;
        }
But this only serves for that the app that call login service redirect to the homepage application. When the app want to access to other URL is rejected because is mapped with Spring Security

How I make for Spring Security recognize to my user authenticated?

In this post mentioned entry-point but I don't understand how associate to a URL

Thanks :D
Search

How to use active directory over LDAP for authorization only using spring security3.1

December 4, 2012, 2:00 pm
$
0
0
Hi All,

I am new to spring security. We built a security framework with active directory over LDAP by using plain filters and java classes. But we are planning to move that to spring security and use spring security only for authorization authentication is done through siteminder. Can you please provide me the guidance about how to use pre-authentication filters in this case?

Thanks.

CAS SSO Logout using spring security

December 5, 2012, 8:40 pm
$
0
0
Hi ,

i am a newbie to Spring Security and CAS. I am implementing SSO using CAS integrated with spring security. I need help in implementing CAS logout which which invalidate the session,ST generated both in the application and CAS and redirects to the CAS login page.

These are my config i have done referring to various websites but still struggling

Changes in CAS -
In cas-servlet.xml:

<bean id="logoutController" class="org.jasig.cas.web.LogoutController"
<!-- other reqd props ->
p:followServiceRedirects="true"/>

I want to know what must be the URL i need to configure in the logoutFilter . As of now i have configured the CAS logout URL. But the issue is the page is just redirected to the url configured , but neither the CAS nor the application is logged out. Below is the bean config

<bean id="logoutFilter" class="org.springframework.security.web.authentica tion.logout.LogoutFilter">
<!-- URL redirected to after logout success -->
<constructor-arg value="https://CAS-server URL:8443/cas-server-webapp-3.5.1/j_spring_security_logout"/>
<constructor-arg>
<list>
<bean class="org.springframework.security.web.authentica tion.logout.SecurityContextLogoutHandler"/>
<bean class="com.infosys.iengage.sso.logout.CustomLogout Handler"/>
</list>
</constructor-arg>
</bean>

I have implemented a CustomLogoutHandler which redirects the user to the https://CAS-server URL:8443/cas-server-webapp-3.5.1/j_spring_security_logout.


Can you please help me understanding and resolving this?

Thanks,
Mckenzie

Having trouble testing secured web resources with spring test mvc

December 6, 2012, 2:24 am
$
0
0
Hello,

I am trying to test web resources secured with Spring security but it seems that my tests are always able to access the secured resources i.e. I always get a status of 200 even though the credentials are dummy.

I am not sure what I get wrong.

Here is the test class:
Code:
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:/META-INF/spring/applicationContext*.xml" })
public class AuthorizationTest {

        private String contextLocWeb = "file:src/main/webapp/WEB-INF/spring/webmvc-config.xml";
        private String contextLoc = "classpath:/META-INF/spring/applicationContext*.xml";
        private String warDir = "src/main/webapp";

        @Autowired
        private FilterChainProxy springSecurityFilterChain;
       
        private Authentication authentication;

        @Before
        public void setup() {
                List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_DUMMY");
                authentication = new UsernamePasswordAuthenticationToken("jumartin", "dummy", authorities);
                SecurityContextHolder.getContext().setAuthentication(authentication);
        }

        @Test
        public void testFailedAuthorization() throws Exception {
                MockMvc mockMvc = MockMvcBuilders.xmlConfigSetup(contextLocWeb, contextLoc).configureWebAppRootDir(warDir, false).addFilters(springSecurityFilterChain).build();
                mockMvc.perform(MockMvcRequestBuilders.get("/admin/clients").principal(authentication).param("form", "")).andExpect(MockMvcResultMatchers.status().isForbidden());
        }

}
and the relevant snippet from applicationContext-security.xml file:

Code:
<global-method-security pre-post-annotations="enabled"/>
        <!-- HTTP security configurations Enlever les commentaires pour Spring security -->
        <http auto-config="true" use-expressions="true">
                <!-- Session control -->
                <session-management>
                        <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" expired-url="/login" />
                </session-management>
                <form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
                <logout logout-url="/resources/j_spring_security_logout" />
                <intercept-url pattern='/css/**' access="permitAll" />
                <intercept-url pattern='/resources/**' access="permitAll" />
                <!-- Page accès interdit -->
                <intercept-url pattern='/authzError/**' access="permitAll" />
                <!-- login -->
                <intercept-url pattern='/login' access="permitAll" />
                <!-- Entité utilisateur -->
                <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
                <!-- Définir les rôles dans l’application -->
                <intercept-url pattern="/**" access="hasAnyRole('ROLE_ADMIN','ROLE_OPE_NUM','ROLE_OPE_NUM_RENFORT','ROLE_ACCN','ROLE_CHEF_EQUIPE','ROLE_RESP_PROD','ROLE_CODIR')" />
        </http>
Can anyone please help?

Regards,

J.

Using @PreAuthorize on SpringData repositories

December 6, 2012, 2:26 pm
$
0
0
I am trying to secure Spring-Data repositories by using @PreAuthorize annotations on the my repository interface (since most methods are inherited) so that all methods get secured.
The result is that any custom methods included in my interface get security by all methods inherited by Spring-Data interfaces are not.
Applying the same thing on a simple component interface extending a superinterface will work properly.
I am not sure whether this is a Spring-Security or Spring-Data issue. I would appreciate some help figuring this out.
I attach an example with unit tests for the working service setup and the non working Spring-Data repository. The failing testSuperRepositoryWithUser should get an AccessDeniedException, but the @PreAuthorize annotation does not apply on the JpaRepository interface.
Attached Files

How to insert Roles from database as GrantedAuthoritySid in MutableAcl?

December 7, 2012, 3:57 am
$
0
0
I have a mutableacl service as follows:-

private MutableAclService mutableAclService;

public void setMutableAclService(MutableAclService mutableAclService) {
this.mutableAclService = mutableAclService;
}
And i have added the ObjectIdentity into it.

ObjectIdentity oid =new ObjectIdentityImpl(Message.class, message.getId());
MutableAcl acl = mutableAclService.createAcl(oid);

And set permission as follows:-

acl.insertAce(0, BasePermission.ADMINISTRATION,new PrincipalSid(request.getRemoteUser()), true);
acl.insertAce(1, BasePermission.DELETE,new GrantedAuthoritySid("ROLE_ADMIN"), true);
acl.insertAce(2, BasePermission.READ,new GrantedAuthoritySid("ROLE_USER"), true);

I need to know how to make the roles(ie "ROLE_ADMIN","ROLE_USER") dynamic from database.

The HTTP request parameter are cleanened after successful Authetication

December 7, 2012, 4:19 am
$
0
0
Hi,
We have existing web application but need to secure with Spring.
I have used custom authentication-manager and and custom filter. The Authentication Provider calls Database for authentication. After successful authentication able to forward to the default URL but the form fields are nullified as new request is created.
The existing application has some logic on those hidden fields and we don't want to touch existing code base.
How to go about it. In short how to not to erase the existing HTTPRequest?

~Abhay

Handling exceptions using ActiveDirectoryLdapAuthenticationProvider

December 7, 2012, 6:19 am
$
0
0
I need to authenticate against ActiveDirectory and I need to handle an error which happens when the user is forced to renew password, so I expected to catch some kind of exception created for that error, the same way I can handle exceptions for account expired, credentials expired, locked account and so on.

When I log in using a user forced to reset password I get a BadCredentials exception so I cannot even get the Active directory or Ldap error code. I am expecting to handle errors like USER MUST RESET PASSWORD (error code 773) in https://wiki.servicenow.com/index.ph...AP_Error_Codes

I managed to authenticate using LdapTemplate.authenticate method passing a AuthenticationErrorCallback as a parameter, and then parse the exception message and interpret the error code, but I do not understand why ActiveDirectoryLdapAuthenticationProvider is not already handling that error code (but recognising it just for logging). Is there any specifi reason for that?

Could anybody tell me a better way of dealing with errors that are not represented by exceptions when working with LDAP / AD, please? Am I using the wrong class for whathever I want to do?

I have not found other Thread for the specific same problem, if I missed it, please direct me to it.

Thanks
Search

NTLM authentication

December 9, 2012, 3:55 am
$
0
0
Hello,
I am currently trying to connect to Entreprise Web Services on a secure MS Echange Server using a Spring Integration WS Outbound Gateway.
How do you do NTLM authentication in Spring WS?
Many thanks.
Philroc

SimpleMappingExceptionResolver not catching exceptions from ActiveDirectoryLdapAuthen

December 9, 2012, 5:00 am
$
0
0
Hi,

I have spring security set up to use the ActiveDirectoryLdapAuthenticationProvider to authenticate users.

While testing I stops the AD server and tried to log into my web app. The web app shows a HTTP 500 page with the following exception

Code:
javax.naming.CommunicationException: via.net:389 [Root exception is java.net.ConnectException: Connection refused]
How do I make the SimpleMappingExceptionResolver catch this exception and show my custom error page?

Authenticating with Spring Security

December 9, 2012, 12:19 pm
$
0
0
I am trying my first demo using Spring Security via connecting to LDAP.

Sping version I use is:
<spring.version>3.1.0.RELEASE</spring.version>

Here is my security-integration.xml:

Code:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"
      xmlns:security="http://www.springframework.org/schema/security"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.1.xsd">

  <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
    <property name="locations">
      <list>
        <value>classpath:com/demo/spring/security.properties</value>
      </list>
    </property>  </bean>

  <security:http auto-config='false' access-denied-page="/accessDenied" use-expressions="true">


    <!--I've removed login."htm"?error=true-->
    <security:form-login
      login-page="/login"
      authentication-failure-url="/login?error=true"
      login-processing-url="/loginProcess"
      default-target-url="/home"/>

    <!--<security:logout-->
      <!--invalidate-session="true"-->
      <!--logout-success-url="/login"-->
      <!--logout-url="/logout"/>-->

  </security:http>

  <bean id="contextSource"
        class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <constructor-arg value="${securityContextSource.url}"/>
    <property name="userDn" value="${securityContextSource.userDn}"/>
    <property name="password" value="${securityContextSource.password}"/>  </bean>

  <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
    <constructor-arg index="0" value="${filterBasedLdapUserSearch.searchBase}"/>
    <constructor-arg index="1" value="${filterBasedLdapUserSearch.searchFilter}"/>
    <constructor-arg index="2" ref="contextSource"/>  </bean>

  <bean id="bindAuthenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">
    <constructor-arg ref="contextSource"/>
    <property name="userSearch" ref="userSearch"/>  </bean>


    <bean id="ldapAuthProvider"
          class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
      <constructor-arg  ref="bindAuthenticator"/>
    </bean>

    <security:authentication-manager>
        <security:authentication-provider ref="ldapAuthProvider"/>
    </security:authentication-manager>

</beans>
However, I got this exception whenever I deploy my war:

HTML Code:
HTTP Status 500
javax.servlet.ServletException: Servlet.init() for servlet spring threw exception
        org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987)
        org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
        org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
        java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
        java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
        java.lang.Thread.run(Thread.java:619)
root cause

org.springframework.beans.factory.BeanDefinitionStoreException: Unexpected exception parsing XML document from class path resource [com/itworx/govacation/spring/security-integration.xml]; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.config.SecurityNamespaceHandler]: Constructor threw exception; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/config/method/InternalInterceptMethodsBeanDefinitionDecorator
        org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:412)
        org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334)
        org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302)
        org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:174)
        org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:209)
        org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:180)
        org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader.loadBeanDefinitionsFromImportedResources(ConfigurationClassBeanDefinitionReader.java:293)
        org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader.loadBeanDefinitionsForConfigurationClass(ConfigurationClassBeanDefinitionReader.java:118)
        org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader.loadBeanDefinitions(ConfigurationClassBeanDefinitionReader.java:105)
        org.springframework.context.annotation.ConfigurationClassPostProcessor.processConfigBeanDefinitions(ConfigurationClassPostProcessor.java:261)
        org.springframework.context.annotation.ConfigurationClassPostProcessor.postProcessBeanDefinitionRegistry(ConfigurationClassPostProcessor.java:178)
        org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:617)
        org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:446)
        org.springframework.web.servlet.FrameworkServlet.configureAndRefreshWebApplicationContext(FrameworkServlet.java:631)
        org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:495)
        org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449)
        org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133)
        javax.servlet.GenericServlet.init(GenericServlet.java:160)
        org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987)
        org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
        org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
        java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
        java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
        java.lang.Thread.run(Thread.java:619)
root cause

org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.config.SecurityNamespaceHandler]: Constructor threw exception; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/config/method/InternalInterceptMethodsBeanDefinitionDecorator
        org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:162)
        org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:104)
        org.springframework.beans.factory.xml.DefaultNamespaceHandlerResolver.resolve(DefaultNamespaceHandlerResolver.java:129)
        org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1414)
        org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1409)
        org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:184)
        org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.doRegisterBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:140)
        org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:111)
       
root cause

java.lang.NoClassDefFoundError: org/springframework/security/config/method/InternalInterceptMethodsBeanDefinitionDecorator
        org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator.<init>(InterceptMethodsBeanDefinitionDecorator.java:30)
        org.springframework.security.config.SecurityNamespaceHandler.<init>(SecurityNamespaceHandler.java:43)
        sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
        sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        java.lang.reflect.Constructor.newInstance(Constructor.java:513)
        org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:147)
        org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:104)
        org.springframework.beans.factory.xml.DefaultNamespaceHandlerResolver.resolve(DefaultNamespaceHandlerResolver.java:129)

Need tutorials for social login mechanism

April 6, 2013, 2:40 pm
$
0
0
I am trying to do the following:

1. Implement OAUTH 2.0 based login for my website (2.0 only, not 1) - Facebook, Google.
2. On first-time authentication, users should be created in my schema.

(I'm not interested in an OAUTH 2.0 provider. I'm building a client only).

Any links to tutorials covering these two aspects?

security for encrypting url paramter and its values

April 8, 2013, 4:02 am
Viewing all 284 articles
Browse latest View live
Search