REST API Authentication with OpenID/OAuth
Has anyone got any advice on how to secure a stateless REST API with OpenID and Spring Security ? Not expecting a complete solution here, but even a few pointers would be appreciated. Problem ===== I...
View ArticleDoes sample OpenID code need CSRF protection?
Reading about the new CSRF protection in 3.2.0.RC1 [1], does CSRF protection need to be added to the sample OpenID login code? Our new site is based off the sample XML site, so to make sure we're well...
View ArticleSpring security, integrating Facebook authentication into restful basic auth
I am developing the server side for a mobile application as per below: - I'm using Spring MVC framework and I have already implemented BASIC AUTHENTICATION for restful requests (using JSON) as per code...
View ArticleHow I Create dynamically ACL spring Security
hello I want to add security for my webApp with this properties: 1.Secure url ,xhtmls and java Objects(domain and methods) 2.And possible to add users and role in Database 3.And secure object...
View ArticlesessionRegistry.getAllPrincipals() return empty
hi everybody, the problem when I integrate spring mvc3.1 with spring security3.1 is I can not get all login users by sessionRegistry.getAllPrincipals() ,because this method aways return empty. anybody...
View ArticleUsernamePasswordAuthenticationFilter sending snippet as a response
Hi Friends, I have implemented spring ldapSecuirty by using UsernamePasswordAuthenticationFilter with Extjs. I am able to authenticate successfully, but i am facing very strange problem i am not able...
View ArticleACL denying user on collection objects
I want to integrate ACL to my Spring MVC application. It is based on this tutorial, it uses a database. I use service/dao layer model and my services/dao's are based on generic service/dao class. I...
View ArticleRoled Based Access Control Model
Hi there, I'm a fresher in building security problems.Now I am developing a project based on RBAC model,and I choose Spring Security 3 to implement it. It's known that every role has its permissions in...
View ArticleHow to access Spring Security port mappings from java
I have custom http/https port mappings in my Spring Security config.xml, typically we use different ports on different environments, 8080/8443 on localhost and pretty much anything else on QA or...
View ArticleHow to change ObjectIdentity naming policy?
I want to integrate ACL to my Spring MVC application based on a database. Everything works fine but I would like to change org.springframework.security.acls.domain.ObjectIde ntityImpl policies for...
View ArticleSpring security and RSA secureID
Hello guys, I am looking for some information about how to integrate Spring security and RSA secureId. Is it currently supported? could you point me some link to the documentation? Thanks in advance
View ArticleSAML login + additional authenticate with custom authentication manager
I have a use case to login a user via SAML, then populate the authentication with an existing authentication provider (extends DaoAuthenticationProvider). Looking at ProviderManager code, it calls the...
View ArticleLogout link not found with 3.2.0.RC1
Hi guys, I just updated to Spring Security 3.2.0.RC1 and the logout link stopped working :( .. It's all working fine with 3.2.0.M2, but not with the latest RC. I am using the java configuration so I...
View ArticleRegd CSRF support.
Hi everyone, I have been using Spring MVC & Spring Security for quite some time now. For configuration of Spring Security I created beans for each individual filter and I am using it as shown...
View Articlehow to customize filters when using http namespace
I'm finding it difficult to make simple customization to default fiters when I use http namespace. For example, I simply want to set forceEagerSessionCreation to true on the...
View Article