Re: GWT Spring Security
David, My apologies for not getting back to you. I've been thinking about the correct answer. You describe the issue of the error being thrown if the user does not have the proper role. In our implementation that was considered sufficient, since it prevented the user from accessing a remote method they should not. If you want to fail gracefully, you can redirect that method security exception to another page using your web.xml. !-- web.xml --error-page exception-typeorg.springframework.security.access.AccessDeniedException/exception-type locationyourMethodAccessDenied.jsp/location/error-page There are other ways in Spring to cleanly map these exceptions as detailed herehttp://stackoverflow.com/questions/8742842/how-to-handle-accessdeniedexception-in-spring-security. This would work well if you're using JSON or REST. However, if you're using GWT-RPC, then I'm not sure how to make a clean response using the same RPC serializer that the client side GWT is expecting to hear back from. You would probably need to access more of the GWT-RPC internals to achieve that. Sincerely, Joseph -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/fNw4Oc9Xs_8J. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT Spring Security
Hello, Indeed you don't need the 2 autowired services. I use them since I have my own decisionManager. You can use a standard one, for example the role based. This means no autowireds neither onAfterRequestDeserialized. If you don't play with sessions you don't need the workaround fix inide handleRequest. Nevertheless handleRequest is compulsory because is the one that bridges the HTTP GET/POST to the RPC handler. I recommend you the following article: http://blog.maxmatveev.com/2010/04/spring-managed-gwt-remote-service.html Hope it has been helpful. Jordi. On 18 Juny, 02:27, dhoffer dhoff...@gmail.com wrote: Could you also post your autowired beans setSecuredDecisionManager setSecurityMetadataSource? Also since I just have plain GWT app (no JSP) can I assume that I don't need the handleRequest() method? I assume the security work is done in onAfterRequestDeserialized()? Thanks, -Dave On Jun 15, 1:18 pm, Jordi P.S. planad...@gmail.com wrote: I have a login JSP that uses the remember me feature.so I have my login under Spring Security. I have method security enabled in the RPC layer. All my RPCs extend a base class and then I used annotations on the methods to check for the permissions. Here the RPC Base Servlet class: http://pastebin.com/Z6mj4pZi On Wednesday, June 13, 2012 2:47:47 AM UTC+2, dhoffer wrote: I'd like to get feedback on the best way to secure GWT apps with Spring Security. I read several existing blogs about this online but they are all (that I have found) quite old at this point. Specifically what's the best way with GWT 2.4 and Spring Security 3.1? Or is there a better way other than Spring Security? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT Spring Security
Jordi, Yes the link you provided was excellent, with that I have spring managed beans that are RPC services. However I'm having trouble understanding how to add Spring Security to that. Ideally I'd love to see that example expanded to show how to add users, assign users role(s) secure RPC methods. For instance with your RemoteServiceImpl class I have been adding the methods you had in your BaseRemoteRPCService class you put in pastebin...but methods like onAfterRequestDeserialized(RPCRequest) never get called. However if I add @Secured({ROLE_USER}) to your TestServiceImpl service method it does fail because of authentication (as expected)...but I don't know where that failure is coming from and how to manage it. I think I'm close but not quite understanding how to get the security part to work properly. -Dave On Jun 22, 4:09 am, Jordi Planadecursach planad...@gmail.com wrote: Hello, Indeed you don't need the 2 autowired services. I use them since I have my own decisionManager. You can use a standard one, for example the role based. This means no autowireds neither onAfterRequestDeserialized. If you don't play with sessions you don't need the workaround fix inide handleRequest. Nevertheless handleRequest is compulsory because is the one that bridges the HTTP GET/POST to the RPC handler. I recommend you the following article:http://blog.maxmatveev.com/2010/04/spring-managed-gwt-remote-service Hope it has been helpful. Jordi. On 18 Juny, 02:27, dhoffer dhoff...@gmail.com wrote: Could you also post your autowired beans setSecuredDecisionManager setSecurityMetadataSource? Also since I just have plain GWT app (no JSP) can I assume that I don't need the handleRequest() method? I assume the security work is done in onAfterRequestDeserialized()? Thanks, -Dave On Jun 15, 1:18 pm, Jordi P.S. planad...@gmail.com wrote: I have a login JSP that uses the remember me feature.so I have my login under Spring Security. I have method security enabled in the RPC layer. All my RPCs extend a base class and then I used annotations on the methods to check for the permissions. Here the RPC Base Servlet class: http://pastebin.com/Z6mj4pZi On Wednesday, June 13, 2012 2:47:47 AM UTC+2, dhoffer wrote: I'd like to get feedback on the best way to secure GWT apps with Spring Security. I read several existing blogs about this online but they are all (that I have found) quite old at this point. Specifically what's the best way with GWT 2.4 and Spring Security 3.1? Or is there a better way other than Spring Security? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT Spring Security
Could you also post your autowired beans setSecuredDecisionManager setSecurityMetadataSource? Also since I just have plain GWT app (no JSP) can I assume that I don't need the handleRequest() method? I assume the security work is done in onAfterRequestDeserialized()? Thanks, -Dave On Jun 15, 1:18 pm, Jordi P.S. planad...@gmail.com wrote: I have a login JSP that uses the remember me feature.so I have my login under Spring Security. I have method security enabled in the RPC layer. All my RPCs extend a base class and then I used annotations on the methods to check for the permissions. Here the RPC Base Servlet class: http://pastebin.com/Z6mj4pZi On Wednesday, June 13, 2012 2:47:47 AM UTC+2, dhoffer wrote: I'd like to get feedback on the best way to secure GWT apps with Spring Security. I read several existing blogs about this online but they are all (that I have found) quite old at this point. Specifically what's the best way with GWT 2.4 and Spring Security 3.1? Or is there a better way other than Spring Security? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT Spring Security
Hi Joseph, Thanks so much for your help. I'm having trouble getting this to work. In my case the methods on PreAuthenticationFilter CustomUserDetailsService are never called. Here is my code/config: applicationContext.xml ?xml version=1.0 encoding=UTF-8? beans:beans xmlns=http://www.springframework.org/schema/security; xmlns:beans=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://www.springframework.org/schema/ beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd; !-- Setup Spring Security -- http auto-config=false entry-point-ref=entryPoint access- denied-page=/unprotected/sso_Error.jsp intercept-url pattern=/** access=IS_AUTHENTICATED_FULLY/ !-- These resources are protected -- custom-filter position=PRE_AUTH_FILTER ref=preAuthProcessingFilter/ /http !-- Users get this on auth failure -- beans:bean id=entryPoint class=org.springframework.security.web.authentication.Http403ForbiddenEntryPoint/ !-- Authorization filter does user authorization -- beans:bean id=preAuthProcessingFilter class=com.qsd.callcenterquestionnaire.server.security.auth.PreAuthenticationFilter beans:property name=authenticationManager ref=authenticationManager/ /beans:bean authentication-manager alias=authenticationManager authentication-provider ref=preAuthAuthProvider/ /authentication-manager !-- Custom preAuthAuthProvider -- beans:bean id=preAuthAuthProvider class=org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider beans:property name=preAuthenticatedUserDetailsService beans:bean id=preAuthenticationUserDetailsService class=com.qsd.callcenterquestionnaire.server.security.auth.CustomUserDetailsService/ /beans:property /beans:bean global-method-security secured-annotations=enabled/ /beans:beans public class CustomUserDetailsService implements AuthenticationUserDetailsServicePreAuthenticatedAuthenticationToken { public CustomUserDetailsService() { } @Override public UserDetails loadUserDetails(final PreAuthenticatedAuthenticationToken username) throws UsernameNotFoundException { return new UserDetails() { @Override public Collection? extends GrantedAuthority getAuthorities() { final ArrayListGrantedAuthority grantedAuthorities = new ArrayListGrantedAuthority(); grantedAuthorities.add(new SimpleGrantedAuthority(ROLE_USER)); return grantedAuthorities; } @Override public String getPassword() { return (String)username.getCredentials(); } @Override public String getUsername() { return (String)username.getPrincipal(); } @Override public boolean isAccountNonExpired() { return true; } @Override public boolean isAccountNonLocked() { return true; } @Override public boolean isCredentialsNonExpired() { return true; } @Override public boolean isEnabled() { return true; } }; } } public class PreAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter { public PreAuthenticationFilter() { } @Override protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) { return dave; } @Override protected Object getPreAuthenticatedCredentials(HttpServletRequest request) { return password; } } I assume then that RPC methods are secured via @Secured({ROLE_USER,ROLE_ADMIN})? Also I assume these have to be Spring managed beans, I've not used Spring with GWT before, how do you tell GWT to use Spring to create these services? Any help is greatly appreciated. Thanks, -Dave On Jun 16, 12:18 pm, Joseph Lust lifeofl...@gmail.com wrote: Dave, Since it is an enterprise application, authentication is handled by a SSO service which hands off to our application, so there is no remember me functionality. The less work your application has to do the better, just like using Gmail/fb auth on a website. Here is the redacted and comment Spring Security config: Note that this is just a standard Spring Security config, but that the custom preauthoization filter is where the magic happens. That is where you'd do the lookup of your users to get entitlements and then store those in their session. These are what the Spring Method level security will check against. Checkout the famously verbose Spring
Re: GWT Spring Security
Dave, Since it is an enterprise application, authentication is handled by a SSO service which hands off to our application, so there is no remember me functionality. The less work your application has to do the better, just like using Gmail/fb auth on a website. Here is the redacted and comment Spring Security config: Note that this is just a standard Spring Security config, but that the custom preauthoization filter is where the magic happens. That is where you'd do the lookup of your users to get entitlements and then store those in their session. These are what the Spring Method level security will check against. Checkout the famously verbose Spring Documentation on thishttp://static.springsource.org/spring-security/site/docs/3.0.x/reference/preauth.html. Basically you just extend some of their interfaces and classes per the instructions and you should be off to the races. Sincerely, Joseph ?xml version=1.0 encoding=UTF-8?beans:beans xmlns=http://www.springframework.org/schema/security; xmlns:beans=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:p=http://www.springframework.org/schema/p; xsi:schemaLocation= http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd; !-- Setup Spring Security -- http auto-config=false entry-point-ref=entryPoint access-denied-page=/unprotected/sso_Error.jsp intercept-url pattern=/** access=IS_AUTHENTICATED_FULLY/ !-- These resources are protected -- custom-filter position=PRE_AUTH_FILTER ref=preAuthProcessingFilter/ /http !-- Users get this on auth failure -- beans:bean id=entryPoint class=org.springframework.security.web.authentication.Http403ForbiddenEntryPoint/ !-- Authorization filter does user authorization -- beans:bean id=preAuthProcessingFilter class=com.foo.custom.PreAuthenticationFilter beans:property name=authenticationManager ref=authenticationManager/ /beans:bean authentication-manager alias=authenticationManager authentication-provider ref=preAuthAuthProvider/ /authentication-manager !-- Custom preAuthAuthProvider -- beans:bean id=preAuthAuthProvider class=org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider beans:property name=preAuthenticatedUserDetailsService beans:bean id=preAuthenticationUserDetailsService class=com.foo.custom.UserDetailsService / /beans:property /beans:bean -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/5NPP8dahTdcJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT Spring Security
I have a login JSP that uses the remember me feature.so I have my login under Spring Security. I have method security enabled in the RPC layer. All my RPCs extend a base class and then I used annotations on the methods to check for the permissions. Here the RPC Base Servlet class: http://pastebin.com/Z6mj4pZi On Wednesday, June 13, 2012 2:47:47 AM UTC+2, dhoffer wrote: I'd like to get feedback on the best way to secure GWT apps with Spring Security. I read several existing blogs about this online but they are all (that I have found) quite old at this point. Specifically what's the best way with GWT 2.4 and Spring Security 3.1? Or is there a better way other than Spring Security? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/zuzUmMKxwMoJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT Spring Security
On Wednesday, June 13, 2012 8:47:47 AM UTC+8, dhoffer wrote: I'd like to get feedback on the best way to secure GWT apps with Spring Security. I read several existing blogs about this online but they are all (that I have found) quite old at this point. Specifically what's the best way with GWT 2.4 and Spring Security 3.1? Or is there a better way other than Spring Security? I will setup a login page using jsp and authenticate with Spring Security. Then redirect to the GWT app when successful. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/9lX6nTgw_LoJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT Spring Security
Joseph, How do you handle Spring's 'remember me', session management and auto login/logout? I'm curious how you setup your use of Spring. Could you post your configuration? I assume you don't use Spring's auto- config, etc? Thanks, -Dave On Jun 13, 3:56 pm, Joseph Lust lifeofl...@gmail.com wrote: Jaun, Our application is nearly 100% custom components. We did not use many of the default GWT widgets. We also used UiBinder for everything and thus most screens are a bundle of widgets stitched together with UiBinder. If there was a custom panel/button/widget, it would have a setUserEntitlement() method. Then in the .ui.xml you can have someNameSpace: myCustomWidget userEntitlement = {ADD_ITEM} / Now those components will check for their entitlement on load from a globally available *UserEntitlements[] *that was loaded at application startup and enable themselves if authorized. A nice thing about this is all the entitlements are just enums in the UiBinder so you get compile time checking of that too, and no entitlements hardcoded in Java files. Of course users can hack the UI, so there is also a backend method level check for RPC's. Sincerely, Joseph -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT Spring Security
I'm sure other folks' examples will differ, but we did the following: 1. Entitlements set as an Enum like *enum UserEntitlement { VIEW_HOME, VIEW_ITEM, ADD_ITEM, DELETE_ITEM }* 2. On user login, *UserEntitlement[] *fetch sent from backend to client 3. Restricted UI elements are enabled based on the entitlements found in (2) 4. When RPC's are done, Spring Method level security used to confirm that the user has the proper entitlement to run that method Basically the nice part is just using the annotations to secure remote methods and the concomitant alteration of the UI based on the user entitlements. I did not mention using Spring to restrict access to files since GWT pushes the entire compiled application to the client first. Because of this, there really are not pages to protect, just RPC's with method level security, in case someone spoofs their entitlements on the client side. Sincerely, Joseph -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/PZHZgoV_A84J. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT Spring Security
Thanks Joseph for sharing your experiences. I have a question regards this, for example you have a button that is enabled to *ADD_ITEM. *Do you extends GWT compents for show for some 'actions' or make some if statements? Is a simple question, but is nice to know how deal with this. The extend of component is more concise but we need to customize N components for example and the other way make the code complex to mantain. Thanks 2012/6/13 Joseph Lust lifeofl...@gmail.com I'm sure other folks' examples will differ, but we did the following: 1. Entitlements set as an Enum like *enum UserEntitlement { VIEW_HOME, VIEW_ITEM, ADD_ITEM, DELETE_ITEM }* 2. On user login, *UserEntitlement[] *fetch sent from backend to client 3. Restricted UI elements are enabled based on the entitlements found in (2) 4. When RPC's are done, Spring Method level security used to confirm that the user has the proper entitlement to run that method Basically the nice part is just using the annotations to secure remote methods and the concomitant alteration of the UI based on the user entitlements. I did not mention using Spring to restrict access to files since GWT pushes the entire compiled application to the client first. Because of this, there really are not pages to protect, just RPC's with method level security, in case someone spoofs their entitlements on the client side. Sincerely, Joseph -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/PZHZgoV_A84J. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT Spring Security
Jaun, Our application is nearly 100% custom components. We did not use many of the default GWT widgets. We also used UiBinder for everything and thus most screens are a bundle of widgets stitched together with UiBinder. If there was a custom panel/button/widget, it would have a setUserEntitlement() method. Then in the .ui.xml you can have someNameSpace: myCustomWidget userEntitlement = {ADD_ITEM} / Now those components will check for their entitlement on load from a globally available *UserEntitlements[] *that was loaded at application startup and enable themselves if authorized. A nice thing about this is all the entitlements are just enums in the UiBinder so you get compile time checking of that too, and no entitlements hardcoded in Java files. Of course users can hack the UI, so there is also a backend method level check for RPC's. Sincerely, Joseph -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/Q3sj4dgUmzkJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT Spring Security
Thanks Joseph for sharing your experiences on this!! You are really helpful at the group Juan 2012/6/13 Joseph Lust lifeofl...@gmail.com Jaun, Our application is nearly 100% custom components. We did not use many of the default GWT widgets. We also used UiBinder for everything and thus most screens are a bundle of widgets stitched together with UiBinder. If there was a custom panel/button/widget, it would have a setUserEntitlement() method. Then in the .ui.xml you can have someNameSpace: myCustomWidget userEntitlement = {ADD_ITEM} / Now those components will check for their entitlement on load from a globally available *UserEntitlements[] *that was loaded at application startup and enable themselves if authorized. A nice thing about this is all the entitlements are just enums in the UiBinder so you get compile time checking of that too, and no entitlements hardcoded in Java files. Of course users can hack the UI, so there is also a backend method level check for RPC's. Sincerely, Joseph -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/Q3sj4dgUmzkJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
GWT Spring Security
I'd like to get feedback on the best way to secure GWT apps with Spring Security. I read several existing blogs about this online but they are all (that I have found) quite old at this point. Specifically what's the best way with GWT 2.4 and Spring Security 3.1? Or is there a better way other than Spring Security? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT - Spring Security
HI All. I'm trying to config roles and permissions into a GWT app. This app has spring too, and I had thinking in Spring-security but I have problems with the integration, do you have any easy tutorial or example to do it? On Thursday, November 24, 2011 6:11:00 PM UTC+1, Alfredo Quiroga-Villamil wrote: Hello: A few approaches I think can be taken here. Two that come to mind ordered by the complexity level are: Option 1: If you are using Spring Security and have Method Security then ensure that the methods throw an exception when the session has expired (You should get an AccessDeniedException from Spring if my memory serves me right). Propagate that exception (GWT-RPC) in your case all the way to the client and let the client know that he has to logout/login. You can get more specific and create perhaps a Custom AccessDeniedException that's serializable all the way to the client side allowing you to know exactly why the exception took place based on the type of Exception received in the UI and at that point simply reload the user's UI for example instead of showing the message. The choice of prompting the user Vs reloading the UI is really up to how you think the implementation makes more sense based on your use case. Option 2: On the server side, create a class that implements something along the lines of HttpSessionListener. Integrate it with Spring (there are some tutorials online regarding this) and there you can know exactly when the session is destroyed or expired. You then face the dilemma of having to notify the user (client). For which you'll need a Server Push implementation (Look at Continuations using Jetty for example or how to implement it based on the servlet container you have). Using Server Push you can then right when it takes place notify the user that his/her session has expired or reload the client and force the user to re-login. I am sure there are other options that you can try, but those are the ones that come to mind right now. Happy Thanks Giving! Alfredo On Thu, Nov 24, 2011 at 8:24 AM, nacho vela.igna...@gmail.com wrote: I have implemented Spring Security and GWT togheter, but what I can't figure out hw can I handle is how to logout when an RPC fails because the user is not logged in anymore. For example, the user logs in in my application, then he for example clean the browser session, so he is not logged in anymore. And now he want's to perform some action that call's an RPC, obviusly this call fails beacause the user need to be logued in to call /rpc/* I would like that if the user logs out by any reason, and calls an RPC that fails (beacause he's logued out) redirect the user to the login again. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/zT2RLl-1ClgJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- Alfredo Quiroga-Villamil AOL/Yahoo/Gmail/MSN IM: lawwton On Thursday, November 24, 2011 6:11:00 PM UTC+1, Alfredo Quiroga-Villamil wrote: Hello: A few approaches I think can be taken here. Two that come to mind ordered by the complexity level are: Option 1: If you are using Spring Security and have Method Security then ensure that the methods throw an exception when the session has expired (You should get an AccessDeniedException from Spring if my memory serves me right). Propagate that exception (GWT-RPC) in your case all the way to the client and let the client know that he has to logout/login. You can get more specific and create perhaps a Custom AccessDeniedException that's serializable all the way to the client side allowing you to know exactly why the exception took place based on the type of Exception received in the UI and at that point simply reload the user's UI for example instead of showing the message. The choice of prompting the user Vs reloading the UI is really up to how you think the implementation makes more sense based on your use case. Option 2: On the server side, create a class that implements something along the lines of HttpSessionListener. Integrate it with Spring (there are some tutorials online regarding this) and there you can know exactly when the session is destroyed or expired. You then face the dilemma of having to notify the user (client). For which you'll need a Server Push implementation (Look at Continuations using Jetty for example or how to implement it based on the servlet container you have). Using Server Push you can then right when it takes place notify the user that his/her session has expired or
Re: GWT - Spring Security
I have implemented Spring Security and GWT togheter, but what I can't figure out hw can I handle is how to logout when an RPC fails because the user is not logged in anymore. For example, the user logs in in my application, then he for example clean the browser session, so he is not logged in anymore. And now he want's to perform some action that call's an RPC, obviusly this call fails beacause the user need to be logued in to call /rpc/* I would like that if the user logs out by any reason, and calls an RPC that fails (beacause he's logued out) redirect the user to the login again. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/zT2RLl-1ClgJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT - Spring Security
Hello: A few approaches I think can be taken here. Two that come to mind ordered by the complexity level are: Option 1: If you are using Spring Security and have Method Security then ensure that the methods throw an exception when the session has expired (You should get an AccessDeniedException from Spring if my memory serves me right). Propagate that exception (GWT-RPC) in your case all the way to the client and let the client know that he has to logout/login. You can get more specific and create perhaps a Custom AccessDeniedException that's serializable all the way to the client side allowing you to know exactly why the exception took place based on the type of Exception received in the UI and at that point simply reload the user's UI for example instead of showing the message. The choice of prompting the user Vs reloading the UI is really up to how you think the implementation makes more sense based on your use case. Option 2: On the server side, create a class that implements something along the lines of HttpSessionListener. Integrate it with Spring (there are some tutorials online regarding this) and there you can know exactly when the session is destroyed or expired. You then face the dilemma of having to notify the user (client). For which you'll need a Server Push implementation (Look at Continuations using Jetty for example or how to implement it based on the servlet container you have). Using Server Push you can then right when it takes place notify the user that his/her session has expired or reload the client and force the user to re-login. I am sure there are other options that you can try, but those are the ones that come to mind right now. Happy Thanks Giving! Alfredo On Thu, Nov 24, 2011 at 8:24 AM, nacho vela.igna...@gmail.com wrote: I have implemented Spring Security and GWT togheter, but what I can't figure out hw can I handle is how to logout when an RPC fails because the user is not logged in anymore. For example, the user logs in in my application, then he for example clean the browser session, so he is not logged in anymore. And now he want's to perform some action that call's an RPC, obviusly this call fails beacause the user need to be logued in to call /rpc/* I would like that if the user logs out by any reason, and calls an RPC that fails (beacause he's logued out) redirect the user to the login again. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/zT2RLl-1ClgJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- Alfredo Quiroga-Villamil AOL/Yahoo/Gmail/MSN IM: lawwton -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT - Spring Security
for nacho: what if you save user information in variables/class that declared in MainEntryPoint. Whenever user refresh the browser, that variable will flush/reset to null, if that variable == null, show login page. So far that's what i've been done, may be it's not the best way. On Thursday, November 24, 2011, nacho wrote: I have implemented Spring Security and GWT togheter, but what I can't figure out hw can I handle is how to logout when an RPC fails because the user is not logged in anymore. For example, the user logs in in my application, then he for example clean the browser session, so he is not logged in anymore. And now he want's to perform some action that call's an RPC, obviusly this call fails beacause the user need to be logued in to call /rpc/* I would like that if the user logs out by any reason, and calls an RPC that fails (beacause he's logued out) redirect the user to the login again. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/zT2RLl-1ClgJ. To post to this group, send email to google-web-toolkit@googlegroups.comjavascript:_e({}, 'cvml', 'google-web-toolkit@googlegroups.com'); . To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com javascript:_e({}, 'cvml', 'google-web-toolkit%2bunsubscr...@googlegroups.com');. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- Regards, -- *Jusran Mawardi* -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT - Spring Security
Hi, If you are new to GWT then take a look at this post: - http://uptick.com.au/content/gwt-login-security Cheers Rob On Nov 23, 6:53 am, Victor Lujan victor...@gmail.com wrote: Great, thank you both! I already downloaded spring and will update you later : ) On Nov 21, 9:28 pm, -sowdri- sow...@gmail.com wrote: If you are looking at Authentication and Authorization, then spring security is the de facto standard (of course this is all for the server side)! -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT - Spring Security
Great, thank you both! I already downloaded spring and will update you later : ) On Nov 21, 9:28 pm, -sowdri- sow...@gmail.com wrote: If you are looking at Authentication and Authorization, then spring security is the de facto standard (of course this is all for the server side)! -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
GWT - Spring Security
Oh boy, I never get answers on this group. I hope this one does. So, I'm learning GWT, i need to implement a login module. I heard spring security is kind of cool so I was going to download that, until i realized that i had to download spring first, and then spring security. The requirements are not precisely insignificant, i was wondering if it's worthy downloading and installing all that, against using some other google recommendation to do this. What would i be missing without spring security? do you think its worthy? does anyone also thinks the requirements are a killer? Thanks -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT - Spring Security
Hello Victor: If your focus is to learn GWT then I wouldn't dive into Spring just yet. For learning purposes, a simple method in your XServiceImplementation using GWT-RPC will do. If you are planning to build a production application, then I would strongly suggest Spring with Spring Security in the backend. Regards, Alfredo On Mon, Nov 21, 2011 at 9:25 PM, Victor Lujan victor...@gmail.com wrote: Oh boy, I never get answers on this group. I hope this one does. So, I'm learning GWT, i need to implement a login module. I heard spring security is kind of cool so I was going to download that, until i realized that i had to download spring first, and then spring security. The requirements are not precisely insignificant, i was wondering if it's worthy downloading and installing all that, against using some other google recommendation to do this. What would i be missing without spring security? do you think its worthy? does anyone also thinks the requirements are a killer? Thanks -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- Alfredo Quiroga-Villamil AOL/Yahoo/Gmail/MSN IM: lawwton -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT - Spring Security
Hi Alfredo! Thanks for replying ! Im both learning and trying to do something very nice. Im going to give Spring a shot then :D All comments are still appreciated On Nov 21, 7:49 pm, Alfredo Quiroga-Villamil laww...@gmail.com wrote: Hello Victor: If your focus is to learn GWT then I wouldn't dive into Spring just yet. For learning purposes, a simple method in your XServiceImplementation using GWT-RPC will do. If you are planning to build a production application, then I would strongly suggest Spring with Spring Security in the backend. Regards, Alfredo On Mon, Nov 21, 2011 at 9:25 PM, Victor Lujan victor...@gmail.com wrote: Oh boy, I never get answers on this group. I hope this one does. So, I'm learning GWT, i need to implement a login module. I heard spring security is kind of cool so I was going to download that, until i realized that i had to download spring first, and then spring security. The requirements are not precisely insignificant, i was wondering if it's worthy downloading and installing all that, against using some other google recommendation to do this. What would i be missing without spring security? do you think its worthy? does anyone also thinks the requirements are a killer? Thanks -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- Alfredo Quiroga-Villamil AOL/Yahoo/Gmail/MSN IM: lawwton -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT - Spring Security
If you are looking at Authentication and Authorization, then spring security is the de facto standard (of course this is all for the server side)! -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/teJdV44QuekJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT + Spring Security
Hi Kevin, thanks for your answer. I tried to do it on the interface my server-side code uses as the implementation contract but I was using a JSR-250 annotation @RolesAllowed, which wasn't on my client scope. I just tried the @PreAuthorize annotation and it seems to work on the client-side. Do I need the DispatcherServlet in order to make the annotation works? 2011/7/7 Kevin Jordan ke...@kjordan.net It's been a while since I've set mine up to do this, but when you say you're setting them in the interface on the client side, are you trying them on the Async interface or the interface your server-side code implements off of? If you do it on the interface your server- side code uses as the implementation contract, it will automatically get those for spring security to check on the server-side and if you set them up with spring doing the intercepting of the URL with something such as org.springframework.web.servlet.DispatcherServlet and in its myservletnamefromwebxml-servlets.xml, do something like ?xml version=1.0 encoding=UTF-8? beans xmlns=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:util=http://www.springframework.org/schema/util; xsi:schemaLocation= http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd; bean id=urlMapping class=org.gwtwidgets.server.spring.GWTHandler property name=mappings map entry key=/myService.rpc value-ref=MyRPCService / /map /property /bean /beans Note that I'm using the GWTHandler bean from gwt-sl (http:// sourceforge.net/projects/gwt-widget/files/GWT%20Server%20Library/) to do the URL mapping since it does better integration with GWT than spring's built-in handlers do. You may also want to look into gwtsecurity to send better exceptions to your client: http://code.google.com/p/gwtsecurity/ On Jul 7, 1:02 pm, Renato Beserra renatobese...@gmail.com wrote: Thanks for your answer. I considered something like that, but every restricted rpc method implementation has to call another method, with its own interface secured by annotations, right? 2011/7/7 Juan Pablo Gardella gardellajuanpa...@gmail.com Hi Renato, I have a service layer, so in this method I use JSR250 http://en.wikipedia.org/wiki/JSR_250annotations, Spring security can work with this API. In client side I don't protect the invocations. In server side, spring security throws an exception, if try to access to a protected method, and travel to the client. I wrap it in a class and show an alert to the user. Juan 2011/7/7 Renato Beserra renatobese...@gmail.com Hi, I am integrating a GWT application with Spring Security and I got a great example on a previous thread - http://groups.google.com/group/google-web-toolkit/browse_thread/threa But now I want to secure my rpc calls, but i have a problem: Spring Security provides some annotations that i should use on the method declaration. But in GWT RPC the interface should be defined on client side, so the annotation is not valid. Is there a simpler solution other than making my rpc implementation to call a secured method on the server-side? Thanks in advance. -- Renato Beserra Sousa -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- Renato Beserra Sousa -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- Renato Beserra Sousa -- You
Re: GWT + Spring Security
You'll need to have your service invoked as a Spring Bean somehow to make the annotations take effect. It won't work as just a servlet entry in your web.xml. DispatcherServlet is one of the easiest way to make it do that. On Jul 8, 7:11 am, Renato Beserra renatobese...@gmail.com wrote: Hi Kevin, thanks for your answer. I tried to do it on the interface my server-side code uses as the implementation contract but I was using a JSR-250 annotation @RolesAllowed, which wasn't on my client scope. I just tried the @PreAuthorize annotation and it seems to work on the client-side. Do I need the DispatcherServlet in order to make the annotation works? 2011/7/7 Kevin Jordan ke...@kjordan.net It's been a while since I've set mine up to do this, but when you say you're setting them in the interface on the client side, are you trying them on the Async interface or the interface your server-side code implements off of? If you do it on the interface your server- side code uses as the implementation contract, it will automatically get those for spring security to check on the server-side and if you set them up with spring doing the intercepting of the URL with something such as org.springframework.web.servlet.DispatcherServlet and in its myservletnamefromwebxml-servlets.xml, do something like ?xml version=1.0 encoding=UTF-8? beans xmlns=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:util=http://www.springframework.org/schema/util; xsi:schemaLocation= http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd; bean id=urlMapping class=org.gwtwidgets.server.spring.GWTHandler property name=mappings map entry key=/myService.rpc value-ref=MyRPCService / /map /property /bean /beans Note that I'm using the GWTHandler bean from gwt-sl (http:// sourceforge.net/projects/gwt-widget/files/GWT%20Server%20Library/) to do the URL mapping since it does better integration with GWT than spring's built-in handlers do. You may also want to look into gwtsecurity to send better exceptions to your client:http://code.google.com/p/gwtsecurity/ On Jul 7, 1:02 pm, Renato Beserra renatobese...@gmail.com wrote: Thanks for your answer. I considered something like that, but every restricted rpc method implementation has to call another method, with its own interface secured by annotations, right? 2011/7/7 Juan Pablo Gardella gardellajuanpa...@gmail.com Hi Renato, I have a service layer, so in this method I use JSR250 http://en.wikipedia.org/wiki/JSR_250annotations, Spring security can work with this API. In client side I don't protect the invocations. In server side, spring security throws an exception, if try to access to a protected method, and travel to the client. I wrap it in a class and show an alert to the user. Juan 2011/7/7 Renato Beserra renatobese...@gmail.com Hi, I am integrating a GWT application with Spring Security and I got a great example on a previous thread - http://groups.google.com/group/google-web-toolkit/browse_thread/threa But now I want to secure my rpc calls, but i have a problem: Spring Security provides some annotations that i should use on the method declaration. But in GWT RPC the interface should be defined on client side, so the annotation is not valid. Is there a simpler solution other than making my rpc implementation to call a secured method on the server-side? Thanks in advance. -- Renato Beserra Sousa -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- Renato Beserra Sousa -- You received this message because you are subscribed to
Re: GWT + Spring Security
You just solved my doubt. The DispatcherServlet looks very simple with your explanation and I will try to use it. Thank you very much! Best Regards, 2011/7/8 Kevin Jordan ke...@kjordan.net You'll need to have your service invoked as a Spring Bean somehow to make the annotations take effect. It won't work as just a servlet entry in your web.xml. DispatcherServlet is one of the easiest way to make it do that. On Jul 8, 7:11 am, Renato Beserra renatobese...@gmail.com wrote: Hi Kevin, thanks for your answer. I tried to do it on the interface my server-side code uses as the implementation contract but I was using a JSR-250 annotation @RolesAllowed, which wasn't on my client scope. I just tried the @PreAuthorize annotation and it seems to work on the client-side. Do I need the DispatcherServlet in order to make the annotation works? 2011/7/7 Kevin Jordan ke...@kjordan.net It's been a while since I've set mine up to do this, but when you say you're setting them in the interface on the client side, are you trying them on the Async interface or the interface your server-side code implements off of? If you do it on the interface your server- side code uses as the implementation contract, it will automatically get those for spring security to check on the server-side and if you set them up with spring doing the intercepting of the URL with something such as org.springframework.web.servlet.DispatcherServlet and in its myservletnamefromwebxml-servlets.xml, do something like ?xml version=1.0 encoding=UTF-8? beans xmlns=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:util=http://www.springframework.org/schema/util; xsi:schemaLocation= http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd; bean id=urlMapping class=org.gwtwidgets.server.spring.GWTHandler property name=mappings map entry key=/myService.rpc value-ref=MyRPCService / /map /property /bean /beans Note that I'm using the GWTHandler bean from gwt-sl (http:// sourceforge.net/projects/gwt-widget/files/GWT%20Server%20Library/) to do the URL mapping since it does better integration with GWT than spring's built-in handlers do. You may also want to look into gwtsecurity to send better exceptions to your client:http://code.google.com/p/gwtsecurity/ On Jul 7, 1:02 pm, Renato Beserra renatobese...@gmail.com wrote: Thanks for your answer. I considered something like that, but every restricted rpc method implementation has to call another method, with its own interface secured by annotations, right? 2011/7/7 Juan Pablo Gardella gardellajuanpa...@gmail.com Hi Renato, I have a service layer, so in this method I use JSR250 http://en.wikipedia.org/wiki/JSR_250annotations, Spring security can work with this API. In client side I don't protect the invocations. In server side, spring security throws an exception, if try to access to a protected method, and travel to the client. I wrap it in a class and show an alert to the user. Juan 2011/7/7 Renato Beserra renatobese...@gmail.com Hi, I am integrating a GWT application with Spring Security and I got a great example on a previous thread - http://groups.google.com/group/google-web-toolkit/browse_thread/threa.. .. But now I want to secure my rpc calls, but i have a problem: Spring Security provides some annotations that i should use on the method declaration. But in GWT RPC the interface should be defined on client side, so the annotation is not valid. Is there a simpler solution other than making my rpc implementation to call a secured method on the server-side? Thanks in advance. -- Renato Beserra Sousa -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to
GWT + Spring Security
Hi, I am integrating a GWT application with Spring Security and I got a great example on a previous thread - http://groups.google.com/group/google-web-toolkit/browse_thread/thread/c8032d9a472d975b/b9634461528cd31b?lnk=gstq=renatobeserra#b9634461528cd31b. But now I want to secure my rpc calls, but i have a problem: Spring Security provides some annotations that i should use on the method declaration. But in GWT RPC the interface should be defined on client side, so the annotation is not valid. Is there a simpler solution other than making my rpc implementation to call a secured method on the server-side? Thanks in advance. -- Renato Beserra Sousa -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT + Spring Security
Hi Renato, I have a service layer, so in this method I use JSR250 http://en.wikipedia.org/wiki/JSR_250annotations, Spring security can work with this API. In client side I don't protect the invocations. In server side, spring security throws an exception, if try to access to a protected method, and travel to the client. I wrap it in a class and show an alert to the user. Juan 2011/7/7 Renato Beserra renatobese...@gmail.com Hi, I am integrating a GWT application with Spring Security and I got a great example on a previous thread - http://groups.google.com/group/google-web-toolkit/browse_thread/thread/c8032d9a472d975b/b9634461528cd31b?lnk=gstq=renatobeserra#b9634461528cd31b. But now I want to secure my rpc calls, but i have a problem: Spring Security provides some annotations that i should use on the method declaration. But in GWT RPC the interface should be defined on client side, so the annotation is not valid. Is there a simpler solution other than making my rpc implementation to call a secured method on the server-side? Thanks in advance. -- Renato Beserra Sousa -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT + Spring Security
Thanks for your answer. I considered something like that, but every restricted rpc method implementation has to call another method, with its own interface secured by annotations, right? 2011/7/7 Juan Pablo Gardella gardellajuanpa...@gmail.com Hi Renato, I have a service layer, so in this method I use JSR250 http://en.wikipedia.org/wiki/JSR_250annotations, Spring security can work with this API. In client side I don't protect the invocations. In server side, spring security throws an exception, if try to access to a protected method, and travel to the client. I wrap it in a class and show an alert to the user. Juan 2011/7/7 Renato Beserra renatobese...@gmail.com Hi, I am integrating a GWT application with Spring Security and I got a great example on a previous thread - http://groups.google.com/group/google-web-toolkit/browse_thread/thread/c8032d9a472d975b/b9634461528cd31b?lnk=gstq=renatobeserra#b9634461528cd31b. But now I want to secure my rpc calls, but i have a problem: Spring Security provides some annotations that i should use on the method declaration. But in GWT RPC the interface should be defined on client side, so the annotation is not valid. Is there a simpler solution other than making my rpc implementation to call a secured method on the server-side? Thanks in advance. -- Renato Beserra Sousa -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- Renato Beserra Sousa -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT + Spring Security
It's been a while since I've set mine up to do this, but when you say you're setting them in the interface on the client side, are you trying them on the Async interface or the interface your server-side code implements off of? If you do it on the interface your server- side code uses as the implementation contract, it will automatically get those for spring security to check on the server-side and if you set them up with spring doing the intercepting of the URL with something such as org.springframework.web.servlet.DispatcherServlet and in its myservletnamefromwebxml-servlets.xml, do something like ?xml version=1.0 encoding=UTF-8? beans xmlns=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:util=http://www.springframework.org/schema/util; xsi:schemaLocation= http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd; bean id=urlMapping class=org.gwtwidgets.server.spring.GWTHandler property name=mappings map entry key=/myService.rpc value-ref=MyRPCService / /map /property /bean /beans Note that I'm using the GWTHandler bean from gwt-sl (http:// sourceforge.net/projects/gwt-widget/files/GWT%20Server%20Library/) to do the URL mapping since it does better integration with GWT than spring's built-in handlers do. You may also want to look into gwtsecurity to send better exceptions to your client: http://code.google.com/p/gwtsecurity/ On Jul 7, 1:02 pm, Renato Beserra renatobese...@gmail.com wrote: Thanks for your answer. I considered something like that, but every restricted rpc method implementation has to call another method, with its own interface secured by annotations, right? 2011/7/7 Juan Pablo Gardella gardellajuanpa...@gmail.com Hi Renato, I have a service layer, so in this method I use JSR250 http://en.wikipedia.org/wiki/JSR_250annotations, Spring security can work with this API. In client side I don't protect the invocations. In server side, spring security throws an exception, if try to access to a protected method, and travel to the client. I wrap it in a class and show an alert to the user. Juan 2011/7/7 Renato Beserra renatobese...@gmail.com Hi, I am integrating a GWT application with Spring Security and I got a great example on a previous thread - http://groups.google.com/group/google-web-toolkit/browse_thread/threa But now I want to secure my rpc calls, but i have a problem: Spring Security provides some annotations that i should use on the method declaration. But in GWT RPC the interface should be defined on client side, so the annotation is not valid. Is there a simpler solution other than making my rpc implementation to call a secured method on the server-side? Thanks in advance. -- Renato Beserra Sousa -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- Renato Beserra Sousa -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT + Spring Security
Hi You could check: * http://code.google.com/p/net-orcades-spring/ * http://code.google.com/p/orcades-gwt-spring/ for a MVP approach. if will at least give you some ideas. On Mar 9, 5:23 am, j.singh.developer j.singh.develo...@gmail.com wrote: This may be a repeatable question. I am looking for a resource (example would be nice) that takes into consideration all security aspects of GWT and implements it using Spring Security. Any guidelines, pointing to resources will be really appreciated. Thanks -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
GWT + Spring Security
This may be a repeatable question. I am looking for a resource (example would be nice) that takes into consideration all security aspects of GWT and implements it using Spring Security. Any guidelines, pointing to resources will be really appreciated. Thanks -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT + Spring Security
Read ProWeb 2.0 Application Development with GWT. There are some guidelines. Juan 2011/3/8 j.singh.developer j.singh.develo...@gmail.com This may be a repeatable question. I am looking for a resource (example would be nice) that takes into consideration all security aspects of GWT and implements it using Spring Security. Any guidelines, pointing to resources will be really appreciated. Thanks -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: gwt + spring security
Hi Travis, Is there any way that you can provide examples of your solution? Thanks ! On Dec 21, 8:19 am, Travis Camechis camec...@gmail.com wrote: instead of using that I created my own custom Spring Security SuccessHandlers and Failure Handlers that returns JSON back to the client. I then let the client handle the place management based on success:true/false. At this point I can also send credentials back in the JSON as well. On Tue, Dec 21, 2010 at 9:15 AM, asianCoolz second.co...@gmail.com wrote: I use gwt requestBuilder to query server result, if server-side spring checked user is not authenticated, it will forward to form-login login-page=/gwtapplication.html#!login , but gwt is not forwarded to that page. see below requestBuilder.setCallback(new RequestCallback() { �...@override public void onError(final Request request, final Throwable exception) { resultCallback.onFailure(exception); } �...@override public void onResponseReceived(final Request request, final Response response) { if(response.getHeader(Content- Type).toLowerCase().equals(text/html.toLowerCase())) { //response.getText() is /** Expires Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie JSESSIONID=1emk892yva1e9;Path=/ Locationhttp://127.0.0.1:/gwtapplication.html#!login Content-Length 0 Server Jetty(6.1.x) **/ } } }); -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2Bunsubs cr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: gwt + spring security
create a SuccessAuthenticationHandler and FailureAuthenticationHandler public class AjaxSuccessAuthenticationHandler implements AuthenticationSuccessHandler { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper( response); Writer out = responseWrapper.getWriter(); MapString, Object authResponse = new HashMapString, Object(); authResponse.put(success, true); authResponse.put(user, SecurityContextHolder.getContext() .getAuthentication().getName()); ListString authorities = new ArrayListString(); for (GrantedAuthority auth : SecurityContextHolder.getContext() .getAuthentication().getAuthorities()) { authorities.add(auth.getAuthority()); } authResponse.put(authorities, authorities); ObjectMapper mapper = new ObjectMapper(); mapper.writeValue(out, authResponse); out.close(); } } public class AjaxAuthenticationFailureHandler implements AuthenticationFailureHandler { @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper(response); Writer out = responseWrapper.getWriter(); out.write({ success: false, errors:{reason: 'Login failed. Try again.'}} ); out.close(); } } And your spring Security Context File beans:bean class=org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter id=usernamePasswordAuthenticationFilter beans:property name=authenticationManager ref=authenticationManager / beans:property name=filterProcessesUrl value=/j_spring_security_check / beans:property name=authenticationSuccessHandler ref=successHandler / beans:property name=authenticationFailureHandler ref=failureHandler / /beans:bean beans:bean id=successHandler class=mil.jtcoic.tb.epik.bender.server.security.AjaxSuccessAuthenticationHandler / beans:bean id=failureHandler class=mil.jtcoic.tb.epik.bender.server.security.AjaxAuthenticationFailureHandler / On Wed, Dec 22, 2010 at 12:20 PM, Alberto albya...@gmail.com wrote: Hi Travis, Is there any way that you can provide examples of your solution? Thanks ! On Dec 21, 8:19 am, Travis Camechis camec...@gmail.com wrote: instead of using that I created my own custom Spring Security SuccessHandlers and Failure Handlers that returns JSON back to the client. I then let the client handle the place management based on success:true/false. At this point I can also send credentials back in the JSON as well. On Tue, Dec 21, 2010 at 9:15 AM, asianCoolz second.co...@gmail.com wrote: I use gwt requestBuilder to query server result, if server-side spring checked user is not authenticated, it will forward to form-login login-page=/gwtapplication.html#!login , but gwt is not forwarded to that page. see below requestBuilder.setCallback(new RequestCallback() { @Override public void onError(final Request request, final Throwable exception) { resultCallback.onFailure(exception); } @Override public void onResponseReceived(final Request request, final Response response) { if(response.getHeader(Content- Type).toLowerCase().equals(text/html.toLowerCase())) { //response.getText() is /** Expires Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie JSESSIONID=1emk892yva1e9;Path=/ Locationhttp:// 127.0.0.1:/gwtapplication.html#!login Content-Length 0 Server Jetty(6.1.x) **/ } } }); -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.comgoogle-web-toolkit%2Bunsubs cr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the
gwt + spring security
I use gwt requestBuilder to query server result, if server-side spring checked user is not authenticated, it will forward to form-login login-page=/gwtapplication.html#!login , but gwt is not forwarded to that page. see below requestBuilder.setCallback(new RequestCallback() { @Override public void onError(final Request request, final Throwable exception) { resultCallback.onFailure(exception); } @Override public void onResponseReceived(final Request request, final Response response) { if(response.getHeader(Content- Type).toLowerCase().equals(text/html.toLowerCase())) { //response.getText() is /** Expires Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie JSESSIONID=1emk892yva1e9;Path=/ Location http://127.0.0.1:/gwtapplication.html#!login Content-Length 0 Server Jetty(6.1.x) **/ } } }); -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: gwt + spring security
instead of using that I created my own custom Spring Security SuccessHandlers and Failure Handlers that returns JSON back to the client. I then let the client handle the place management based on success:true/false. At this point I can also send credentials back in the JSON as well. On Tue, Dec 21, 2010 at 9:15 AM, asianCoolz second.co...@gmail.com wrote: I use gwt requestBuilder to query server result, if server-side spring checked user is not authenticated, it will forward to form-login login-page=/gwtapplication.html#!login , but gwt is not forwarded to that page. see below requestBuilder.setCallback(new RequestCallback() { @Override public void onError(final Request request, final Throwable exception) { resultCallback.onFailure(exception); } @Override public void onResponseReceived(final Request request, final Response response) { if(response.getHeader(Content- Type).toLowerCase().equals(text/html.toLowerCase())) { //response.getText() is /** Expires Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie JSESSIONID=1emk892yva1e9;Path=/ Location http://127.0.0.1:/gwtapplication.html#!login Content-Length 0 Server Jetty(6.1.x) **/ } } }); -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
GWT + SPRING SECURITY
Hi all. I'm new here. I'm currently using gwt 1.7 gwt-ext 2.0.x, spring 2.5 and spring-security 2.0.4. I met a problem that I have tried to get a solution for two days with no answer yet. The problem is that any unprotected gwt pages return blank with an error message Line: 2 Char: 1 Error: Syntax error Code:0. But if user was authenticated and redirect to those pages they return fine. I know this is because of spring-security added on. What I did is trying to create a gwt login form to replace my old JSP login page. But this gwt login page is returned with above error. I changed my security configuration settings in many ways but none of them work. Here is my configuration: ?xml version=1.0 encoding=UTF-8? beans:beans xmlns=http://www.springframework.org/schema/ security xmlns:beans=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd; global-method-security secured-annotations=enabled jsr250- annotations=enabled/ authentication-manager alias=authenticationManager/ beans:bean id=accessDecisionManager class=org.springframework.security.vote.AffirmativeBased beans:property name=allowIfAllAbstainDecisions value=false/ beans:property name=decisionVoters beans:list beans:bean class=org.springframework.security.vote.RoleVoter/ beans:bean class=org.springframework.security.vote.AuthenticatedVoter/ /beans:list /beans:property /beans:bean http auto-config=true intercept-url pattern=/Login_test.html filters=none/ intercept-url pattern=/Index.html access=ROLE_USER,ROLE_TELLER/ !-- intercept-url pattern=/*.rpc access=ROLE_USER / -- intercept-url pattern=/** access=ROLE_USER,ROLE_TELLER/ form-login / !-- http-basic / form-login login-page='/Login_new.html' default-target-url=/ Index.html always-use-default-target=true/ -- logout logout-success-url=/Login_test.html/ concurrent-session-control max-sessions=1 exception-if- maximum-exceeded=true / /http beans:bean id=loggerListener class=org.springframework.security.event.authentication.LoggerListener/ .. I even just put a Hello word in my Login page it still doesn't work. Please if anyone has the experience of this let me know. Thanks -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT + Spring Security
Hi Jonathan, Do you have sample code, i am looking for sample app with Gwt and spring secturity. please help me... thanks, Sridhar On Fri, Dec 11, 2009 at 6:58 PM, jonathan.hollo...@gmail.com jonathan.hollo...@gmail.com wrote: Awesome, I'll take a look at it... On Dec 11, 12:41 am, olivier nouguier olivier.nougu...@gmail.com wrote: Hi jonathan, Are you using maven ? If the answer is yes: http://groups.google.com/group/google-web-toolkit/browse_thread/threa... http://groups.google.com/group/google-web-toolkit/browse_thread/threa.. . On Thu, Dec 10, 2009 at 8:40 PM, jonathan.hollo...@gmail.com jonathan.hollo...@gmail.com wrote: I'm having issues with the Spring Security and GWT. Defining the following in my Spring config file: beans xmlns=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:security=http://www.springframework.org/schema/security; xsi:schemaLocation=http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd; and referencing spring security elements as follows: security:http entry-point-ref=samlEntryPoint security:intercept-url pattern=/** access=IS_AUTHENTICATED_FULLY/ security:intercept-url pattern=/logout.jsp filters=none/ security:intercept-url pattern=/login.jsp filters=none/ security:intercept-url pattern=/favicon.ico filters=none/ /security:http results in: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security] Offending resource: class path resource [server-config.xml] at org.springframework.beans.factory.parsing.FailFastProblemReporter.error (FailFastProblemReporter.java:68) at org.springframework.beans.factory.parsing.ReaderContext.error (ReaderContext.java:85) at org.springframework.beans.factory.parsing.ReaderContext.error (ReaderContext.java:80) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error (BeanDefinitionParserDelegate.java:281) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement (BeanDefinitionParserDelegate.java:1294) Has anybody come across/solved this issue at all? It's definitely a GWT issue as I'm able to load the config up normally in a standard Java application. Many thanks... -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.com google-web-toolkit%2bunsubscr...@googlegroups.comgoogle-web-toolkit%252bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- A coward is incapable of exhibiting love; it is the prerogative of the brave. -- Mohandas Gandhi -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
SV: GWT + Spring Security
Hi You don't have to worry about the security on the client (GWT) side. This is all handled on the server side. Any sample involving Acegi (Struts security) will suffice. But anyway, heres a sample: http://code.google.com/p/gwt-ent/wiki/IntegrationGWTWithAcegi Hermod -Opprinnelig melding- Fra: google-web-toolkit@googlegroups.com [mailto:google-web-tool...@googlegroups.com] På vegne av sridhar vennela Sendt: 12. desember 2009 17:36 Til: google-web-toolkit@googlegroups.com Emne: Re: GWT + Spring Security Hi Jonathan, Do you have sample code, i am looking for sample app with Gwt and spring secturity. please help me... thanks, Sridhar On Fri, Dec 11, 2009 at 6:58 PM, jonathan.hollo...@gmail.com jonathan.hollo...@gmail.com wrote: Awesome, I'll take a look at it... On Dec 11, 12:41 am, olivier nouguier olivier.nougu...@gmail.com wrote: Hi jonathan, Are you using maven ? If the answer is yes:http://groups.google.com/group/google-web-toolkit/browse_thread/threa... http://groups.google.com/group/google-web-toolkit/browse_thread/threa... On Thu, Dec 10, 2009 at 8:40 PM, jonathan.hollo...@gmail.com jonathan.hollo...@gmail.com wrote: I'm having issues with the Spring Security and GWT. Defining the following in my Spring config file: beans xmlns=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:security=http://www.springframework.org/schema/security; xsi:schemaLocation=http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd; and referencing spring security elements as follows: security:http entry-point-ref=samlEntryPoint security:intercept-url pattern=/** access=IS_AUTHENTICATED_FULLY/ security:intercept-url pattern=/logout.jsp filters=none/ security:intercept-url pattern=/login.jsp filters=none/ security:intercept-url pattern=/favicon.ico filters=none/ /security:http results in: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security] Offending resource: class path resource [server-config.xml] at org.springframework.beans.factory.parsing.FailFastProblemReporter.error (FailFastProblemReporter.java:68) at org.springframework.beans.factory.parsing.ReaderContext.error (ReaderContext.java:85) at org.springframework.beans.factory.parsing.ReaderContext.error (ReaderContext.java:80) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error (BeanDefinitionParserDelegate.java:281) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCust omElement (BeanDefinitionParserDelegate.java:1294) Has anybody come across/solved this issue at all? It's definitely a GWT issue as I'm able to load the config up normally in a standard Java application. Many thanks... -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com mailto:google-web-toolkit%2bunsubscr...@googlegroups.com google-web-toolkit%2bunsubscr...@googlegroups.com mailto:google-web-toolkit%252bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- A coward is incapable of exhibiting love; it is the prerogative of the brave. -- Mohandas Gandhi -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com mailto:google-web-toolkit%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-web-toolkit
Re: GWT + Spring Security
thanks On Sat, Dec 12, 2009 at 9:52 AM, Hermod Opstvedt hermod.opstv...@gmail.comwrote: Hi You don't have to worry about the security on the client (GWT) side. This is all handled on the server side. Any sample involving Acegi (Struts security) will suffice. But anyway, heres a sample: http://code.google.com/p/gwt-ent/wiki/IntegrationGWTWithAcegi Hermod -Opprinnelig melding- Fra: google-web-toolkit@googlegroups.com [mailto:google-web-tool...@googlegroups.com] På vegne av sridhar vennela Sendt: 12. desember 2009 17:36 Til: google-web-toolkit@googlegroups.com Emne: Re: GWT + Spring Security Hi Jonathan, Do you have sample code, i am looking for sample app with Gwt and spring secturity. please help me... thanks, Sridhar On Fri, Dec 11, 2009 at 6:58 PM, jonathan.hollo...@gmail.com jonathan.hollo...@gmail.com wrote: Awesome, I'll take a look at it... On Dec 11, 12:41 am, olivier nouguier olivier.nougu...@gmail.com wrote: Hi jonathan, Are you using maven ? If the answer is yes:http://groups.google.com/group/google-web-toolkit/browse_thread/threa. .. http://groups.google.com/group/google-web-toolkit/browse_thread/threa... On Thu, Dec 10, 2009 at 8:40 PM, jonathan.hollo...@gmail.com jonathan.hollo...@gmail.com wrote: I'm having issues with the Spring Security and GWT. Defining the following in my Spring config file: beans xmlns=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:security=http://www.springframework.org/schema/security; xsi:schemaLocation=http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd and referencing spring security elements as follows: security:http entry-point-ref=samlEntryPoint security:intercept-url pattern=/** access=IS_AUTHENTICATED_FULLY/ security:intercept-url pattern=/logout.jsp filters=none/ security:intercept-url pattern=/login.jsp filters=none/ security:intercept-url pattern=/favicon.ico filters=none/ /security:http results in: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security] Offending resource: class path resource [server-config.xml] at org.springframework.beans.factory.parsing.FailFastProblemReporter.error (FailFastProblemReporter.java:68) at org.springframework.beans.factory.parsing.ReaderContext.error (ReaderContext.java:85) at org.springframework.beans.factory.parsing.ReaderContext.error (ReaderContext.java:80) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error (BeanDefinitionParserDelegate.java:281) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCust omElement (BeanDefinitionParserDelegate.java:1294) Has anybody come across/solved this issue at all? It's definitely a GWT issue as I'm able to load the config up normally in a standard Java application. Many thanks... -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.com mailto:google-web-toolkit%2bunsubscr...@googlegroups.comgoogle-web-toolkit%252bunsubscr...@googlegroups.com google-web-toolkit%2bunsubscr...@googlegroups.comgoogle-web-toolkit%252bunsubscr...@googlegroups.com mailto:google-web-toolkit%252bunsubscr...@googlegroups.comgoogle-web-toolkit%25252bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- A coward is incapable of exhibiting love; it is the prerogative of the brave. -- Mohandas Gandhi -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google
Re: GWT + Spring Security
Hi jonathan, Are you using maven ? If the answer is yes: http://groups.google.com/group/google-web-toolkit/browse_thread/thread/be6b6681192aa54a?pli=1 http://groups.google.com/group/google-web-toolkit/browse_thread/thread/be6b6681192aa54a?pli=1 On Thu, Dec 10, 2009 at 8:40 PM, jonathan.hollo...@gmail.com jonathan.hollo...@gmail.com wrote: I'm having issues with the Spring Security and GWT. Defining the following in my Spring config file: beans xmlns=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:security=http://www.springframework.org/schema/security; xsi:schemaLocation=http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd; and referencing spring security elements as follows: security:http entry-point-ref=samlEntryPoint security:intercept-url pattern=/** access=IS_AUTHENTICATED_FULLY/ security:intercept-url pattern=/logout.jsp filters=none/ security:intercept-url pattern=/login.jsp filters=none/ security:intercept-url pattern=/favicon.ico filters=none/ /security:http results in: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security] Offending resource: class path resource [server-config.xml] at org.springframework.beans.factory.parsing.FailFastProblemReporter.error (FailFastProblemReporter.java:68) at org.springframework.beans.factory.parsing.ReaderContext.error (ReaderContext.java:85) at org.springframework.beans.factory.parsing.ReaderContext.error (ReaderContext.java:80) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error (BeanDefinitionParserDelegate.java:281) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement (BeanDefinitionParserDelegate.java:1294) Has anybody come across/solved this issue at all? It's definitely a GWT issue as I'm able to load the config up normally in a standard Java application. Many thanks... -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- A coward is incapable of exhibiting love; it is the prerogative of the brave. -- Mohandas Gandhi -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: GWT + Spring Security
Awesome, I'll take a look at it... On Dec 11, 12:41 am, olivier nouguier olivier.nougu...@gmail.com wrote: Hi jonathan, Are you using maven ? If the answer is yes:http://groups.google.com/group/google-web-toolkit/browse_thread/threa... http://groups.google.com/group/google-web-toolkit/browse_thread/threa... On Thu, Dec 10, 2009 at 8:40 PM, jonathan.hollo...@gmail.com jonathan.hollo...@gmail.com wrote: I'm having issues with the Spring Security and GWT. Defining the following in my Spring config file: beans xmlns=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:security=http://www.springframework.org/schema/security; xsi:schemaLocation=http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd; and referencing spring security elements as follows: security:http entry-point-ref=samlEntryPoint security:intercept-url pattern=/** access=IS_AUTHENTICATED_FULLY/ security:intercept-url pattern=/logout.jsp filters=none/ security:intercept-url pattern=/login.jsp filters=none/ security:intercept-url pattern=/favicon.ico filters=none/ /security:http results in: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security] Offending resource: class path resource [server-config.xml] at org.springframework.beans.factory.parsing.FailFastProblemReporter.error (FailFastProblemReporter.java:68) at org.springframework.beans.factory.parsing.ReaderContext.error (ReaderContext.java:85) at org.springframework.beans.factory.parsing.ReaderContext.error (ReaderContext.java:80) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error (BeanDefinitionParserDelegate.java:281) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement (BeanDefinitionParserDelegate.java:1294) Has anybody come across/solved this issue at all? It's definitely a GWT issue as I'm able to load the config up normally in a standard Java application. Many thanks... -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- A coward is incapable of exhibiting love; it is the prerogative of the brave. -- Mohandas Gandhi -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
GWT + Spring Security
I'm having issues with the Spring Security and GWT. Defining the following in my Spring config file: beans xmlns=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:security=http://www.springframework.org/schema/security; xsi:schemaLocation=http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd; and referencing spring security elements as follows: security:http entry-point-ref=samlEntryPoint security:intercept-url pattern=/** access=IS_AUTHENTICATED_FULLY/ security:intercept-url pattern=/logout.jsp filters=none/ security:intercept-url pattern=/login.jsp filters=none/ security:intercept-url pattern=/favicon.ico filters=none/ /security:http results in: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security] Offending resource: class path resource [server-config.xml] at org.springframework.beans.factory.parsing.FailFastProblemReporter.error (FailFastProblemReporter.java:68) at org.springframework.beans.factory.parsing.ReaderContext.error (ReaderContext.java:85) at org.springframework.beans.factory.parsing.ReaderContext.error (ReaderContext.java:80) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error (BeanDefinitionParserDelegate.java:281) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement (BeanDefinitionParserDelegate.java:1294) Has anybody come across/solved this issue at all? It's definitely a GWT issue as I'm able to load the config up normally in a standard Java application. Many thanks... -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
gwt+spring security+facebook connect
anyone tried this gwt+spring security+facebook connect ? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: gwt+spring security+facebook connect
i am refering to http://www.grails.org/AcegiSecurity%2BPlugin%2B-%2BCustomizing%2Bwith%2BSecurityConfig but seem to me , the plugin only for grails. anyone can comment ? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---