Re: GWT Spring Security

[Joseph Lust]

David,

My apologies for not getting back to you. I've been thinking about the 
correct answer. You describe the issue of the error being thrown if the 
user does not have the proper role. In our implementation that was 
considered sufficient, since it prevented the user from accessing a remote 
method they should not.

If you want to fail gracefully, you can redirect that method security 
exception to another page using your web.xml.

!-- web.xml --error-page

exception-typeorg.springframework.security.access.AccessDeniedException/exception-type
locationyourMethodAccessDenied.jsp/location/error-page


There are other ways in Spring to cleanly map these exceptions as detailed 
herehttp://stackoverflow.com/questions/8742842/how-to-handle-accessdeniedexception-in-spring-security.
 
This would work well if you're using JSON or REST.

However, if you're using GWT-RPC, then I'm not sure how to make a clean 
response using the same RPC serializer that the client side GWT is 
expecting to hear back from. You would probably need to access more of the 
GWT-RPC internals to achieve that.


Sincerely,
Joseph

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/fNw4Oc9Xs_8J.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Spring Security

[Jordi Planadecursach]

Hello,

Indeed you don't need the 2 autowired services. I use them since I
have my own decisionManager. You can use a standard one, for example
the role based. This means no autowireds neither
onAfterRequestDeserialized. If you don't play with sessions you
don't need the workaround fix inide handleRequest. Nevertheless
handleRequest is compulsory because is the one that bridges the HTTP
GET/POST to the RPC handler.

I recommend you the following article:
http://blog.maxmatveev.com/2010/04/spring-managed-gwt-remote-service.html

Hope it has been helpful.

Jordi.

On 18 Juny, 02:27, dhoffer dhoff...@gmail.com wrote:
 Could you also post your autowired beans setSecuredDecisionManager 
 setSecurityMetadataSource?

 Also since I just have plain GWT app (no JSP) can I assume that I
 don't need the handleRequest() method?  I assume the security work is
 done in onAfterRequestDeserialized()?

 Thanks,
 -Dave

 On Jun 15, 1:18 pm, Jordi P.S. planad...@gmail.com wrote:







  I have a login JSP that uses the remember me feature.so I have my login
  under Spring Security.

  I have method security enabled in the RPC layer. All my RPCs extend a base
  class and then I used annotations on the methods to check for the
  permissions.

  Here the RPC Base Servlet class:  http://pastebin.com/Z6mj4pZi

  On Wednesday, June 13, 2012 2:47:47 AM UTC+2, dhoffer wrote:

   I'd like to get feedback on the best way to secure GWT apps with
   Spring Security.  I read several existing blogs about this online but
   they are all (that I have found) quite old at this point.
   Specifically what's the best way with GWT 2.4 and Spring Security
   3.1?  Or is there a better way other than Spring Security?

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Spring Security

[dhoffer]

Jordi,

Yes the link you provided was excellent, with that I have spring
managed beans that are RPC services.

However I'm having trouble understanding how to add Spring Security to
that.  Ideally I'd love to see that example expanded to show how to
add users, assign users role(s)  secure RPC methods.

For instance with your RemoteServiceImpl class I have been adding the
methods you had in your BaseRemoteRPCService class you put in
pastebin...but methods like onAfterRequestDeserialized(RPCRequest)
never get called.  However if I add @Secured({ROLE_USER}) to your
TestServiceImpl service method it does fail because of authentication
(as expected)...but I don't know where that failure is coming from and
how to manage it.

I think I'm close but not quite understanding how to get the security
part to work properly.

-Dave

On Jun 22, 4:09 am, Jordi Planadecursach planad...@gmail.com wrote:
 Hello,

 Indeed you don't need the 2 autowired services. I use them since I
 have my own decisionManager. You can use a standard one, for example
 the role based. This means no autowireds neither
 onAfterRequestDeserialized. If you don't play with sessions you
 don't need the workaround fix inide handleRequest. Nevertheless
 handleRequest is compulsory because is the one that bridges the HTTP
 GET/POST to the RPC handler.

 I recommend you the following 
 article:http://blog.maxmatveev.com/2010/04/spring-managed-gwt-remote-service

 Hope it has been helpful.

 Jordi.

 On 18 Juny, 02:27, dhoffer dhoff...@gmail.com wrote:







  Could you also post your autowired beans setSecuredDecisionManager 
  setSecurityMetadataSource?

  Also since I just have plain GWT app (no JSP) can I assume that I
  don't need the handleRequest() method?  I assume the security work is
  done in onAfterRequestDeserialized()?

  Thanks,
  -Dave

  On Jun 15, 1:18 pm, Jordi P.S. planad...@gmail.com wrote:

   I have a login JSP that uses the remember me feature.so I have my login
   under Spring Security.

   I have method security enabled in the RPC layer. All my RPCs extend a base
   class and then I used annotations on the methods to check for the
   permissions.

   Here the RPC Base Servlet class:  http://pastebin.com/Z6mj4pZi

   On Wednesday, June 13, 2012 2:47:47 AM UTC+2, dhoffer wrote:

I'd like to get feedback on the best way to secure GWT apps with
Spring Security.  I read several existing blogs about this online but
they are all (that I have found) quite old at this point.
Specifically what's the best way with GWT 2.4 and Spring Security
3.1?  Or is there a better way other than Spring Security?

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Spring Security

[dhoffer]

Could you also post your autowired beans setSecuredDecisionManager 
setSecurityMetadataSource?

Also since I just have plain GWT app (no JSP) can I assume that I
don't need the handleRequest() method?  I assume the security work is
done in onAfterRequestDeserialized()?

Thanks,
-Dave

On Jun 15, 1:18 pm, Jordi P.S. planad...@gmail.com wrote:
 I have a login JSP that uses the remember me feature.so I have my login
 under Spring Security.

 I have method security enabled in the RPC layer. All my RPCs extend a base
 class and then I used annotations on the methods to check for the
 permissions.

 Here the RPC Base Servlet class:  http://pastebin.com/Z6mj4pZi







 On Wednesday, June 13, 2012 2:47:47 AM UTC+2, dhoffer wrote:

  I'd like to get feedback on the best way to secure GWT apps with
  Spring Security.  I read several existing blogs about this online but
  they are all (that I have found) quite old at this point.
  Specifically what's the best way with GWT 2.4 and Spring Security
  3.1?  Or is there a better way other than Spring Security?

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Spring Security

[dhoffer]

Hi Joseph,

Thanks so much for your help.  I'm having trouble getting this to
work.  In my case the methods on PreAuthenticationFilter 
CustomUserDetailsService are never called.

Here is my code/config:
applicationContext.xml
?xml version=1.0 encoding=UTF-8?
beans:beans xmlns=http://www.springframework.org/schema/security;
 xmlns:beans=http://www.springframework.org/schema/beans;
 xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
 xsi:schemaLocation=http://www.springframework.org/schema/
beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd;

!-- Setup Spring Security --
http auto-config=false entry-point-ref=entryPoint access-
denied-page=/unprotected/sso_Error.jsp
intercept-url pattern=/** access=IS_AUTHENTICATED_FULLY/
!-- These resources are protected --
custom-filter position=PRE_AUTH_FILTER
ref=preAuthProcessingFilter/
/http

!-- Users get this on auth failure --
beans:bean id=entryPoint
 
class=org.springframework.security.web.authentication.Http403ForbiddenEntryPoint/


!-- Authorization filter does user authorization --
beans:bean id=preAuthProcessingFilter
 
class=com.qsd.callcenterquestionnaire.server.security.auth.PreAuthenticationFilter
beans:property name=authenticationManager
ref=authenticationManager/
/beans:bean
authentication-manager alias=authenticationManager
authentication-provider ref=preAuthAuthProvider/
/authentication-manager

!-- Custom preAuthAuthProvider --
beans:bean id=preAuthAuthProvider
 
class=org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
beans:property name=preAuthenticatedUserDetailsService
beans:bean id=preAuthenticationUserDetailsService
 
class=com.qsd.callcenterquestionnaire.server.security.auth.CustomUserDetailsService/

/beans:property
/beans:bean

global-method-security secured-annotations=enabled/
/beans:beans

public class CustomUserDetailsService implements
AuthenticationUserDetailsServicePreAuthenticatedAuthenticationToken
{
public CustomUserDetailsService() {
}

@Override
public UserDetails loadUserDetails(final
PreAuthenticatedAuthenticationToken username) throws
UsernameNotFoundException {
return new UserDetails() {
@Override
public Collection? extends GrantedAuthority
getAuthorities() {
final ArrayListGrantedAuthority grantedAuthorities =
new ArrayListGrantedAuthority();
grantedAuthorities.add(new
SimpleGrantedAuthority(ROLE_USER));
return grantedAuthorities;
}

@Override
public String getPassword() {
return (String)username.getCredentials();
}

@Override
public String getUsername() {
return (String)username.getPrincipal();
}

@Override
public boolean isAccountNonExpired() {
return true;
}

@Override
public boolean isAccountNonLocked() {
return true;
}

@Override
public boolean isCredentialsNonExpired() {
return true;
}

@Override
public boolean isEnabled() {
return true;
}
};
}
}


public class PreAuthenticationFilter extends
AbstractPreAuthenticatedProcessingFilter {
public PreAuthenticationFilter() {
}

@Override
protected Object getPreAuthenticatedPrincipal(HttpServletRequest
request) {
return dave;
}

@Override
protected Object getPreAuthenticatedCredentials(HttpServletRequest
request) {
return password;
}
}

I assume then that RPC methods are secured via
@Secured({ROLE_USER,ROLE_ADMIN})?  Also I assume these have to be
Spring managed beans, I've not used Spring with GWT before, how do you
tell GWT to use Spring to create these services?

Any help is greatly appreciated.

Thanks,
-Dave

On Jun 16, 12:18 pm, Joseph Lust lifeofl...@gmail.com wrote:
 Dave,

 Since it is an enterprise application, authentication is handled by a SSO
 service which hands off to our application, so there is no remember me
 functionality. The less work your application has to do the better, just
 like using Gmail/fb auth on a website.

 Here is the redacted and comment Spring Security config:

 Note that this is just a standard Spring Security config, but that the
 custom preauthoization filter is where the magic happens. That is where
 you'd do the lookup of your users to get entitlements and then store those
 in their session. These are what the Spring Method level security will
 check against. Checkout the famously verbose Spring 

Re: GWT Spring Security

[Joseph Lust]

Dave,

Since it is an enterprise application, authentication is handled by a SSO 
service which hands off to our application, so there is no remember me 
functionality. The less work your application has to do the better, just 
like using Gmail/fb auth on a website.

Here is the redacted and comment Spring Security config:

Note that this is just a standard Spring Security config, but that the 
custom preauthoization filter is where the magic happens. That is where 
you'd do the lookup of your users to get entitlements and then store those 
in their session. These are what the Spring Method level security will 
check against. Checkout the famously verbose Spring Documentation on 
thishttp://static.springsource.org/spring-security/site/docs/3.0.x/reference/preauth.html.
 Basically you 
just extend some of their interfaces and classes per the instructions and 
you should be off to the races.

Sincerely,
Joseph

?xml version=1.0 encoding=UTF-8?beans:beans 
xmlns=http://www.springframework.org/schema/security;
 xmlns:beans=http://www.springframework.org/schema/beans;
 xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
 xmlns:p=http://www.springframework.org/schema/p;
 xsi:schemaLocation=
 http://www.springframework.org/schema/beans   
   http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
 http://www.springframework.org/schema/security 
 http://www.springframework.org/schema/security/spring-security-3.0.xsd;

!-- Setup Spring Security --
http auto-config=false entry-point-ref=entryPoint 
access-denied-page=/unprotected/sso_Error.jsp
intercept-url pattern=/** access=IS_AUTHENTICATED_FULLY/ !-- 
These resources are protected --
custom-filter position=PRE_AUTH_FILTER 
ref=preAuthProcessingFilter/
/http

!-- Users get this on auth failure --
beans:bean id=entryPoint

class=org.springframework.security.web.authentication.Http403ForbiddenEntryPoint/

!-- Authorization filter does user authorization --
beans:bean id=preAuthProcessingFilter
class=com.foo.custom.PreAuthenticationFilter
beans:property name=authenticationManager 
ref=authenticationManager/
/beans:bean

authentication-manager alias=authenticationManager
authentication-provider ref=preAuthAuthProvider/
/authentication-manager

!-- Custom preAuthAuthProvider --
beans:bean id=preAuthAuthProvider

class=org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
beans:property name=preAuthenticatedUserDetailsService 
beans:bean id=preAuthenticationUserDetailsService
class=com.foo.custom.UserDetailsService /
/beans:property
/beans:bean

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/5NPP8dahTdcJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Spring Security

[Jordi P.S.]

I have a login JSP that uses the remember me feature.so I have my login 
under Spring Security.

I have method security enabled in the RPC layer. All my RPCs extend a base 
class and then I used annotations on the methods to check for the 
permissions.

Here the RPC Base Servlet class:  http://pastebin.com/Z6mj4pZi 

On Wednesday, June 13, 2012 2:47:47 AM UTC+2, dhoffer wrote:

 I'd like to get feedback on the best way to secure GWT apps with 
 Spring Security.  I read several existing blogs about this online but 
 they are all (that I have found) quite old at this point. 
 Specifically what's the best way with GWT 2.4 and Spring Security 
 3.1?  Or is there a better way other than Spring Security?

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/zuzUmMKxwMoJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Spring Security

[khk]

On Wednesday, June 13, 2012 8:47:47 AM UTC+8, dhoffer wrote:

 I'd like to get feedback on the best way to secure GWT apps with 
 Spring Security.  I read several existing blogs about this online but 
 they are all (that I have found) quite old at this point. 
 Specifically what's the best way with GWT 2.4 and Spring Security 
 3.1?  Or is there a better way other than Spring Security?


I will setup a login page using jsp and authenticate with Spring Security. 
Then redirect to the GWT app when successful. 

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/9lX6nTgw_LoJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Spring Security

[dhoffer]

Joseph,

How do you handle Spring's 'remember me', session management and auto
login/logout?  I'm curious how you setup your use of Spring.  Could
you post your configuration?  I assume you don't use Spring's auto-
config, etc?

Thanks,
-Dave

On Jun 13, 3:56 pm, Joseph Lust lifeofl...@gmail.com wrote:
 Jaun,

 Our application is nearly 100% custom components. We did not use many of
 the default GWT widgets. We also used UiBinder for everything and thus most
 screens are a bundle of widgets stitched together with UiBinder.

 If there was a custom panel/button/widget, it would have a
 setUserEntitlement() method. Then in the .ui.xml you can have
 someNameSpace: myCustomWidget  userEntitlement = {ADD_ITEM} /

 Now those components will check for their entitlement on load from a
 globally available *UserEntitlements[] *that was loaded at application
 startup and enable themselves if authorized. A nice thing about this is all
 the entitlements are just enums in the UiBinder so you get compile time
 checking of that too, and no entitlements hardcoded in Java files.

 Of course users can hack the UI, so there is also a backend method level
 check for RPC's.

 Sincerely,
 Joseph

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Spring Security

[Joseph Lust]

I'm sure other folks' examples will differ, but we did the following:


   1. Entitlements set as an Enum like *enum UserEntitlement { VIEW_HOME, 
   VIEW_ITEM, ADD_ITEM, DELETE_ITEM }*
   2. On user login,  *UserEntitlement[] *fetch sent from backend to client
   3. Restricted UI elements are enabled based on the entitlements found in 
   (2)
   4. When RPC's are done, Spring Method level security used to confirm 
   that the user has the proper entitlement to run that method


Basically the nice part is just using the annotations to secure remote 
methods and the concomitant alteration of the UI based on the user 
entitlements.

I did not mention using Spring to restrict access to files since GWT pushes 
the entire compiled application to the client first. Because of this, there 
really are not pages to protect, just RPC's with method level security, in 
case someone spoofs their entitlements on the client side.


Sincerely,
Joseph

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/PZHZgoV_A84J.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Spring Security

[Juan Pablo Gardella]

Thanks Joseph for sharing your experiences.

I have a question regards this, for example you have a button that is
enabled to *ADD_ITEM. *Do you extends GWT compents for show for some
'actions' or make some if statements?

Is a simple question, but is nice to know how deal with this. The extend of
component is more concise but we need to customize N components for example
and the other way make the code complex to mantain.

Thanks

2012/6/13 Joseph Lust lifeofl...@gmail.com

 I'm sure other folks' examples will differ, but we did the following:


1. Entitlements set as an Enum like *enum UserEntitlement { VIEW_HOME,
VIEW_ITEM, ADD_ITEM, DELETE_ITEM }*
2. On user login,  *UserEntitlement[] *fetch sent from backend to
client
3. Restricted UI elements are enabled based on the entitlements found
in (2)
4. When RPC's are done, Spring Method level security used to confirm
that the user has the proper entitlement to run that method


 Basically the nice part is just using the annotations to secure remote
 methods and the concomitant alteration of the UI based on the user
 entitlements.

 I did not mention using Spring to restrict access to files since GWT
 pushes the entire compiled application to the client first. Because of
 this, there really are not pages to protect, just RPC's with method level
 security, in case someone spoofs their entitlements on the client side.


 Sincerely,
 Joseph

 --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/google-web-toolkit/-/PZHZgoV_A84J.
 To post to this group, send email to google-web-toolkit@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Spring Security

[Joseph Lust]

Jaun,

Our application is nearly 100% custom components. We did not use many of 
the default GWT widgets. We also used UiBinder for everything and thus most 
screens are a bundle of widgets stitched together with UiBinder.

If there was a custom panel/button/widget, it would have a 
setUserEntitlement() method. Then in the .ui.xml you can have
someNameSpace: myCustomWidget  userEntitlement = {ADD_ITEM} /

Now those components will check for their entitlement on load from a 
globally available *UserEntitlements[] *that was loaded at application 
startup and enable themselves if authorized. A nice thing about this is all 
the entitlements are just enums in the UiBinder so you get compile time 
checking of that too, and no entitlements hardcoded in Java files.

Of course users can hack the UI, so there is also a backend method level 
check for RPC's.


Sincerely,
Joseph

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/Q3sj4dgUmzkJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Spring Security

[Juan Pablo Gardella]

Thanks Joseph for sharing your experiences on this!! You are really helpful
at the group

Juan

2012/6/13 Joseph Lust lifeofl...@gmail.com

 Jaun,

 Our application is nearly 100% custom components. We did not use many of
 the default GWT widgets. We also used UiBinder for everything and thus most
 screens are a bundle of widgets stitched together with UiBinder.

 If there was a custom panel/button/widget, it would have a
 setUserEntitlement() method. Then in the .ui.xml you can have
 someNameSpace: myCustomWidget  userEntitlement = {ADD_ITEM} /

 Now those components will check for their entitlement on load from a
 globally available *UserEntitlements[] *that was loaded at application
 startup and enable themselves if authorized. A nice thing about this is all
 the entitlements are just enums in the UiBinder so you get compile time
 checking of that too, and no entitlements hardcoded in Java files.

 Of course users can hack the UI, so there is also a backend method level
 check for RPC's.


 Sincerely,
 Joseph

 --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/google-web-toolkit/-/Q3sj4dgUmzkJ.

 To post to this group, send email to google-web-toolkit@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

GWT Spring Security

[dhoffer]

I'd like to get feedback on the best way to secure GWT apps with
Spring Security.  I read several existing blogs about this online but
they are all (that I have found) quite old at this point.
Specifically what's the best way with GWT 2.4 and Spring Security
3.1?  Or is there a better way other than Spring Security?

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT - Spring Security

[Saulo]

HI All. I'm trying to config roles and permissions into  a GWT app. This 
app has spring too, and I had thinking in Spring-security but I have 
problems with the integration, do you have any easy tutorial or example to 
do it?

On Thursday, November 24, 2011 6:11:00 PM UTC+1, Alfredo Quiroga-Villamil 
wrote:

 Hello:

 A few approaches I think can be taken here. Two that come to mind ordered 
 by the complexity level are:

 Option 1:

 If you are using Spring Security and have Method Security then ensure that 
 the methods throw an exception when the session has expired (You should get 
 an AccessDeniedException from Spring if my memory serves me right). 
 Propagate that exception (GWT-RPC) in your case all the way to the client 
 and let the client know that he has to logout/login. You can get more 
 specific and create perhaps a Custom AccessDeniedException that's 
 serializable all the way to the client side allowing you to know exactly 
 why the exception took place based on the type of Exception received in the 
 UI and at that point simply reload the user's UI for example instead of 
 showing the message. The choice of prompting the user Vs reloading the UI 
 is really up to how you think the implementation makes more sense based on 
 your use case.

 Option 2:

 On the server side, create a class that implements something along the 
 lines of HttpSessionListener. Integrate it with Spring (there are some 
 tutorials online regarding this) and there you can know exactly when the 
 session is destroyed or expired. You then face the dilemma of having to 
 notify the user (client). For which you'll need a Server Push 
 implementation (Look at Continuations using Jetty for example or how to 
 implement it based on the servlet container you have). Using Server Push 
 you can then right when it takes place notify the user that his/her session 
 has expired or reload the client and force the user to re-login.

 I am sure there are other options that you can try, but those are the ones 
 that come to mind right now.

 Happy Thanks Giving!

 Alfredo
  

 On Thu, Nov 24, 2011 at 8:24 AM, nacho vela.igna...@gmail.com wrote:

 I have implemented Spring Security and GWT togheter, but what I can't 
 figure out hw can I handle is how to logout when an RPC fails because the 
 user is not logged in anymore.

 For example, the user logs in in my application, then he for example 
 clean the browser session, so he is not logged in anymore. And now he 
 want's to perform some action that call's an RPC, obviusly this call fails 
 beacause the user need to be logued in to call /rpc/* 

 I would like that if the user logs out by any reason, and calls an RPC 
 that fails (beacause he's logued out) redirect the user to the login again. 

 -- 
 You received this message because you are subscribed to the Google Groups 
 Google Web Toolkit group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/google-web-toolkit/-/zT2RLl-1ClgJ.

 To post to this group, send email to google-web-toolkit@googlegroups.com.
 To unsubscribe from this group, send email to 
 google-web-toolkit+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/google-web-toolkit?hl=en.




 -- 
 Alfredo Quiroga-Villamil

 AOL/Yahoo/Gmail/MSN IM:  lawwton


  
On Thursday, November 24, 2011 6:11:00 PM UTC+1, Alfredo Quiroga-Villamil 
wrote:

 Hello:

 A few approaches I think can be taken here. Two that come to mind ordered 
 by the complexity level are:

 Option 1:

 If you are using Spring Security and have Method Security then ensure that 
 the methods throw an exception when the session has expired (You should get 
 an AccessDeniedException from Spring if my memory serves me right). 
 Propagate that exception (GWT-RPC) in your case all the way to the client 
 and let the client know that he has to logout/login. You can get more 
 specific and create perhaps a Custom AccessDeniedException that's 
 serializable all the way to the client side allowing you to know exactly 
 why the exception took place based on the type of Exception received in the 
 UI and at that point simply reload the user's UI for example instead of 
 showing the message. The choice of prompting the user Vs reloading the UI 
 is really up to how you think the implementation makes more sense based on 
 your use case.

 Option 2:

 On the server side, create a class that implements something along the 
 lines of HttpSessionListener. Integrate it with Spring (there are some 
 tutorials online regarding this) and there you can know exactly when the 
 session is destroyed or expired. You then face the dilemma of having to 
 notify the user (client). For which you'll need a Server Push 
 implementation (Look at Continuations using Jetty for example or how to 
 implement it based on the servlet container you have). Using Server Push 
 you can then right when it takes place notify the user that his/her session 
 has expired or 

Re: GWT - Spring Security

[nacho]

I have implemented Spring Security and GWT togheter, but what I can't 
figure out hw can I handle is how to logout when an RPC fails because the 
user is not logged in anymore.

For example, the user logs in in my application, then he for example clean 
the browser session, so he is not logged in anymore. And now he want's to 
perform some action that call's an RPC, obviusly this call fails beacause 
the user need to be logued in to call /rpc/* 

I would like that if the user logs out by any reason, and calls an RPC that 
fails (beacause he's logued out) redirect the user to the login again. 

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/zT2RLl-1ClgJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT - Spring Security

[Alfredo Quiroga-Villamil]

Hello:

A few approaches I think can be taken here. Two that come to mind ordered
by the complexity level are:

Option 1:

If you are using Spring Security and have Method Security then ensure that
the methods throw an exception when the session has expired (You should get
an AccessDeniedException from Spring if my memory serves me right).
Propagate that exception (GWT-RPC) in your case all the way to the client
and let the client know that he has to logout/login. You can get more
specific and create perhaps a Custom AccessDeniedException that's
serializable all the way to the client side allowing you to know exactly
why the exception took place based on the type of Exception received in the
UI and at that point simply reload the user's UI for example instead of
showing the message. The choice of prompting the user Vs reloading the UI
is really up to how you think the implementation makes more sense based on
your use case.

Option 2:

On the server side, create a class that implements something along the
lines of HttpSessionListener. Integrate it with Spring (there are some
tutorials online regarding this) and there you can know exactly when the
session is destroyed or expired. You then face the dilemma of having to
notify the user (client). For which you'll need a Server Push
implementation (Look at Continuations using Jetty for example or how to
implement it based on the servlet container you have). Using Server Push
you can then right when it takes place notify the user that his/her session
has expired or reload the client and force the user to re-login.

I am sure there are other options that you can try, but those are the ones
that come to mind right now.

Happy Thanks Giving!

Alfredo


On Thu, Nov 24, 2011 at 8:24 AM, nacho vela.igna...@gmail.com wrote:

 I have implemented Spring Security and GWT togheter, but what I can't
 figure out hw can I handle is how to logout when an RPC fails because the
 user is not logged in anymore.

 For example, the user logs in in my application, then he for example clean
 the browser session, so he is not logged in anymore. And now he want's to
 perform some action that call's an RPC, obviusly this call fails beacause
 the user need to be logued in to call /rpc/*

 I would like that if the user logs out by any reason, and calls an RPC
 that fails (beacause he's logued out) redirect the user to the login again.

 --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/google-web-toolkit/-/zT2RLl-1ClgJ.

 To post to this group, send email to google-web-toolkit@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.




-- 
Alfredo Quiroga-Villamil

AOL/Yahoo/Gmail/MSN IM:  lawwton

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT - Spring Security

[jusran mawardi]

for nacho:
what if you save user information in variables/class that declared in
MainEntryPoint. Whenever user refresh the browser, that variable will
flush/reset to null, if that variable == null, show login page.

So far that's what i've been done, may be it's not the best way.

On Thursday, November 24, 2011, nacho wrote:

 I have implemented Spring Security and GWT togheter, but what I can't
 figure out hw can I handle is how to logout when an RPC fails because the
 user is not logged in anymore.

 For example, the user logs in in my application, then he for example clean
 the browser session, so he is not logged in anymore. And now he want's to
 perform some action that call's an RPC, obviusly this call fails beacause
 the user need to be logued in to call /rpc/*

 I would like that if the user logs out by any reason, and calls an RPC
 that fails (beacause he's logued out) redirect the user to the login again.

 --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/google-web-toolkit/-/zT2RLl-1ClgJ.
 To post to this group, send email to 
 google-web-toolkit@googlegroups.comjavascript:_e({}, 'cvml', 
 'google-web-toolkit@googlegroups.com');
 .
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.com javascript:_e({},
 'cvml', 'google-web-toolkit%2bunsubscr...@googlegroups.com');.
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.



-- 
Regards,
--
*Jusran Mawardi*

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT - Spring Security

[Rob]

Hi,

If you are new to GWT then take a look at this post:

- http://uptick.com.au/content/gwt-login-security

Cheers
Rob


On Nov 23, 6:53 am, Victor Lujan victor...@gmail.com wrote:
 Great,  thank you both! I already downloaded spring and will update
 you later : )

 On Nov 21, 9:28 pm, -sowdri- sow...@gmail.com wrote:







  If you are looking at Authentication and Authorization, then spring
  security is the de facto standard (of course this is all for the server
  side)!

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT - Spring Security

[Victor Lujan]

Great,  thank you both! I already downloaded spring and will update
you later : )

On Nov 21, 9:28 pm, -sowdri- sow...@gmail.com wrote:
 If you are looking at Authentication and Authorization, then spring
 security is the de facto standard (of course this is all for the server
 side)!

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

GWT - Spring Security

[Victor Lujan]

Oh boy, I never get answers on this group.

I hope this one does.

So, I'm learning GWT, i need to implement a login module. I heard
spring security is kind of cool so I was going to download that,
until i realized that i had to download spring first, and then spring
security.  The requirements are  not precisely insignificant,
i was wondering if it's worthy downloading and installing all that,
against using some other google recommendation to do this.

What would i be missing without spring security?
do you think its worthy?
does anyone also thinks the  requirements are a killer?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT - Spring Security

[Alfredo Quiroga-Villamil]

Hello Victor:

If your focus is to learn GWT then I wouldn't dive into Spring just yet.
For learning purposes, a simple method in your XServiceImplementation using
GWT-RPC will do.

If you are planning to build a production application, then I would
strongly suggest Spring with Spring Security in the backend.

Regards,

Alfredo

On Mon, Nov 21, 2011 at 9:25 PM, Victor Lujan victor...@gmail.com wrote:

 Oh boy, I never get answers on this group.

 I hope this one does.

 So, I'm learning GWT, i need to implement a login module. I heard
 spring security is kind of cool so I was going to download that,
 until i realized that i had to download spring first, and then spring
 security.  The requirements are  not precisely insignificant,
 i was wondering if it's worthy downloading and installing all that,
 against using some other google recommendation to do this.

 What would i be missing without spring security?
 do you think its worthy?
 does anyone also thinks the  requirements are a killer?

 Thanks

 --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To post to this group, send email to google-web-toolkit@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.




-- 
Alfredo Quiroga-Villamil

AOL/Yahoo/Gmail/MSN IM:  lawwton

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT - Spring Security

[Victor Lujan]

Hi Alfredo!

Thanks for replying !

Im both learning and trying to do something very nice.

Im going to give Spring a shot then :D

All comments are still appreciated

On Nov 21, 7:49 pm, Alfredo Quiroga-Villamil laww...@gmail.com
wrote:
 Hello Victor:

 If your focus is to learn GWT then I wouldn't dive into Spring just yet.
 For learning purposes, a simple method in your XServiceImplementation using
 GWT-RPC will do.

 If you are planning to build a production application, then I would
 strongly suggest Spring with Spring Security in the backend.

 Regards,

 Alfredo









 On Mon, Nov 21, 2011 at 9:25 PM, Victor Lujan victor...@gmail.com wrote:
  Oh boy, I never get answers on this group.

  I hope this one does.

  So, I'm learning GWT, i need to implement a login module. I heard
  spring security is kind of cool so I was going to download that,
  until i realized that i had to download spring first, and then spring
  security.  The requirements are  not precisely insignificant,
  i was wondering if it's worthy downloading and installing all that,
  against using some other google recommendation to do this.

  What would i be missing without spring security?
  do you think its worthy?
  does anyone also thinks the  requirements are a killer?

  Thanks

  --
  You received this message because you are subscribed to the Google Groups
  Google Web Toolkit group.
  To post to this group, send email to google-web-toolkit@googlegroups.com.
  To unsubscribe from this group, send email to
  google-web-toolkit+unsubscr...@googlegroups.com.
  For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.

 --
 Alfredo Quiroga-Villamil

 AOL/Yahoo/Gmail/MSN IM:  lawwton

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT - Spring Security

[-sowdri-]

If you are looking at Authentication and Authorization, then spring 
security is the de facto standard (of course this is all for the server 
side)!

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/teJdV44QuekJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT + Spring Security

[Renato Beserra]

Hi Kevin, thanks for your answer.

I tried to do it on the interface my server-side code uses as the
implementation contract but I was using a JSR-250 annotation @RolesAllowed,
which wasn't on my client scope.

I just tried the @PreAuthorize annotation and it seems to work on the
client-side. Do I need the DispatcherServlet in order to make the annotation
works?





2011/7/7 Kevin Jordan ke...@kjordan.net

 It's been a while since I've set mine up to do this, but when you say
 you're setting them in the interface on the client side, are you
 trying them on the Async interface or the interface your server-side
 code implements off of?  If you do it on the interface your server-
 side code uses as the implementation contract, it will automatically
 get those for spring security to check on the server-side and if you
 set them up with spring doing the intercepting of the URL with
 something such as org.springframework.web.servlet.DispatcherServlet
 and in its myservletnamefromwebxml-servlets.xml, do something like
 ?xml version=1.0 encoding=UTF-8?
 beans xmlns=http://www.springframework.org/schema/beans;
   xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
   xmlns:util=http://www.springframework.org/schema/util;
   xsi:schemaLocation=
   http://www.springframework.org/schema/beans
   http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
   http://www.springframework.org/schema/security

 http://www.springframework.org/schema/security/spring-security-3.0.xsd
   http://www.springframework.org/schema/util
 http://www.springframework.org/schema/util/spring-util-3.0.xsd;

bean id=urlMapping
 class=org.gwtwidgets.server.spring.GWTHandler
property name=mappings
map
entry key=/myService.rpc
 value-ref=MyRPCService /
/map
/property
   /bean
 /beans

 Note that I'm using the GWTHandler bean from gwt-sl (http://
 sourceforge.net/projects/gwt-widget/files/GWT%20Server%20Library/) to
 do the URL mapping since it does better integration with GWT than
 spring's built-in handlers do.

 You may also want to look into gwtsecurity to send better exceptions
 to your client: http://code.google.com/p/gwtsecurity/

 On Jul 7, 1:02 pm, Renato Beserra renatobese...@gmail.com wrote:
  Thanks for your answer.
 
  I considered something like that, but every restricted rpc method
  implementation has to call another method, with its own interface secured
 by
  annotations, right?
 
  2011/7/7 Juan Pablo Gardella gardellajuanpa...@gmail.com
 
 
 
 
 
 
 
 
 
   Hi Renato,
 
   I have a service layer, so in this method I use JSR250
   http://en.wikipedia.org/wiki/JSR_250annotations, Spring security can
   work with this API. In client side I don't protect the invocations. In
   server side, spring security throws an exception, if try to access to a
   protected method, and travel to the client. I wrap it in a class and
 show an
   alert to the user.
 
   Juan
 
   2011/7/7 Renato Beserra renatobese...@gmail.com
 
   Hi,
 
   I am integrating a GWT application with Spring Security and I got a
 great
   example on a previous thread -
  
 http://groups.google.com/group/google-web-toolkit/browse_thread/threa
 
   But now I want to secure my rpc calls, but i have a problem: Spring
   Security provides some annotations that i should use on the method
   declaration. But in GWT RPC the interface should be defined on client
 side,
   so the annotation is not valid.
 
   Is there a simpler solution other than making my rpc implementation to
   call a secured method on the server-side?
 
   Thanks in advance.
 
   --
   Renato Beserra Sousa
 
   --
   You received this message because you are subscribed to the Google
 Groups
   Google Web Toolkit group.
   To post to this group, send email to
 google-web-toolkit@googlegroups.com.
   To unsubscribe from this group, send email to
   google-web-toolkit+unsubscr...@googlegroups.com.
   For more options, visit this group at
  http://groups.google.com/group/google-web-toolkit?hl=en.
 
--
   You received this message because you are subscribed to the Google
 Groups
   Google Web Toolkit group.
   To post to this group, send email to
 google-web-toolkit@googlegroups.com.
   To unsubscribe from this group, send email to
   google-web-toolkit+unsubscr...@googlegroups.com.
   For more options, visit this group at
  http://groups.google.com/group/google-web-toolkit?hl=en.
 
  --
  Renato Beserra Sousa

 --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To post to this group, send email to google-web-toolkit@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.




-- 
Renato Beserra Sousa

-- 
You 

Re: GWT + Spring Security

[Kevin Jordan]

You'll need to have your service invoked as a Spring Bean somehow to
make the annotations take effect.  It won't work as just a servlet
entry in your web.xml.  DispatcherServlet is one of the easiest way to
make it do that.

On Jul 8, 7:11 am, Renato Beserra renatobese...@gmail.com wrote:
 Hi Kevin, thanks for your answer.

 I tried to do it on the interface my server-side code uses as the
 implementation contract but I was using a JSR-250 annotation @RolesAllowed,
 which wasn't on my client scope.

 I just tried the @PreAuthorize annotation and it seems to work on the
 client-side. Do I need the DispatcherServlet in order to make the annotation
 works?

 2011/7/7 Kevin Jordan ke...@kjordan.net









  It's been a while since I've set mine up to do this, but when you say
  you're setting them in the interface on the client side, are you
  trying them on the Async interface or the interface your server-side
  code implements off of?  If you do it on the interface your server-
  side code uses as the implementation contract, it will automatically
  get those for spring security to check on the server-side and if you
  set them up with spring doing the intercepting of the URL with
  something such as org.springframework.web.servlet.DispatcherServlet
  and in its myservletnamefromwebxml-servlets.xml, do something like
  ?xml version=1.0 encoding=UTF-8?
  beans xmlns=http://www.springframework.org/schema/beans;
            xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
            xmlns:util=http://www.springframework.org/schema/util;
            xsi:schemaLocation=
           http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security

 http://www.springframework.org/schema/security/spring-security-3.0.xsd
           http://www.springframework.org/schema/util
 http://www.springframework.org/schema/util/spring-util-3.0.xsd;

         bean id=urlMapping
  class=org.gwtwidgets.server.spring.GWTHandler
                 property name=mappings
                         map
                                 entry key=/myService.rpc
  value-ref=MyRPCService /
                         /map
                 /property
        /bean
  /beans

  Note that I'm using the GWTHandler bean from gwt-sl (http://
  sourceforge.net/projects/gwt-widget/files/GWT%20Server%20Library/) to
  do the URL mapping since it does better integration with GWT than
  spring's built-in handlers do.

  You may also want to look into gwtsecurity to send better exceptions
  to your client:http://code.google.com/p/gwtsecurity/

  On Jul 7, 1:02 pm, Renato Beserra renatobese...@gmail.com wrote:
   Thanks for your answer.

   I considered something like that, but every restricted rpc method
   implementation has to call another method, with its own interface secured
  by
   annotations, right?

   2011/7/7 Juan Pablo Gardella gardellajuanpa...@gmail.com

Hi Renato,

I have a service layer, so in this method I use JSR250
http://en.wikipedia.org/wiki/JSR_250annotations, Spring security can
work with this API. In client side I don't protect the invocations. In
server side, spring security throws an exception, if try to access to a
protected method, and travel to the client. I wrap it in a class and
  show an
alert to the user.

Juan

2011/7/7 Renato Beserra renatobese...@gmail.com

Hi,

I am integrating a GWT application with Spring Security and I got a
  great
example on a previous thread -

 http://groups.google.com/group/google-web-toolkit/browse_thread/threa

But now I want to secure my rpc calls, but i have a problem: Spring
Security provides some annotations that i should use on the method
declaration. But in GWT RPC the interface should be defined on client
  side,
so the annotation is not valid.

Is there a simpler solution other than making my rpc implementation to
call a secured method on the server-side?

Thanks in advance.

--
Renato Beserra Sousa

--
You received this message because you are subscribed to the Google
  Groups
Google Web Toolkit group.
To post to this group, send email to
  google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at
   http://groups.google.com/group/google-web-toolkit?hl=en.

 --
You received this message because you are subscribed to the Google
  Groups
Google Web Toolkit group.
To post to this group, send email to
  google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at
   http://groups.google.com/group/google-web-toolkit?hl=en.

   --
   Renato Beserra Sousa

  --
  You received this message because you are subscribed to 

Re: GWT + Spring Security

[Renato Beserra]

You just solved my doubt. The DispatcherServlet looks very simple with your
explanation and I will try to use it.

Thank you very much!

Best Regards,

2011/7/8 Kevin Jordan ke...@kjordan.net

 You'll need to have your service invoked as a Spring Bean somehow to
 make the annotations take effect.  It won't work as just a servlet
 entry in your web.xml.  DispatcherServlet is one of the easiest way to
 make it do that.

 On Jul 8, 7:11 am, Renato Beserra renatobese...@gmail.com wrote:
  Hi Kevin, thanks for your answer.
 
  I tried to do it on the interface my server-side code uses as the
  implementation contract but I was using a JSR-250 annotation
 @RolesAllowed,
  which wasn't on my client scope.
 
  I just tried the @PreAuthorize annotation and it seems to work on the
  client-side. Do I need the DispatcherServlet in order to make the
 annotation
  works?
 
  2011/7/7 Kevin Jordan ke...@kjordan.net
 
 
 
 
 
 
 
 
 
   It's been a while since I've set mine up to do this, but when you say
   you're setting them in the interface on the client side, are you
   trying them on the Async interface or the interface your server-side
   code implements off of?  If you do it on the interface your server-
   side code uses as the implementation contract, it will automatically
   get those for spring security to check on the server-side and if you
   set them up with spring doing the intercepting of the URL with
   something such as org.springframework.web.servlet.DispatcherServlet
   and in its myservletnamefromwebxml-servlets.xml, do something like
   ?xml version=1.0 encoding=UTF-8?
   beans xmlns=http://www.springframework.org/schema/beans;
 xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
 xmlns:util=http://www.springframework.org/schema/util;
 xsi:schemaLocation=
http://www.springframework.org/schema/beans
  
 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
 
  http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://www.springframework.org/schema/util
  http://www.springframework.org/schema/util/spring-util-3.0.xsd;
 
  bean id=urlMapping
   class=org.gwtwidgets.server.spring.GWTHandler
  property name=mappings
  map
  entry key=/myService.rpc
   value-ref=MyRPCService /
  /map
  /property
 /bean
   /beans
 
   Note that I'm using the GWTHandler bean from gwt-sl (http://
   sourceforge.net/projects/gwt-widget/files/GWT%20Server%20Library/) to
   do the URL mapping since it does better integration with GWT than
   spring's built-in handlers do.
 
   You may also want to look into gwtsecurity to send better exceptions
   to your client:http://code.google.com/p/gwtsecurity/
 
   On Jul 7, 1:02 pm, Renato Beserra renatobese...@gmail.com wrote:
Thanks for your answer.
 
I considered something like that, but every restricted rpc method
implementation has to call another method, with its own interface
 secured
   by
annotations, right?
 
2011/7/7 Juan Pablo Gardella gardellajuanpa...@gmail.com
 
 Hi Renato,
 
 I have a service layer, so in this method I use JSR250
 http://en.wikipedia.org/wiki/JSR_250annotations, Spring security
 can
 work with this API. In client side I don't protect the invocations.
 In
 server side, spring security throws an exception, if try to access
 to a
 protected method, and travel to the client. I wrap it in a class
 and
   show an
 alert to the user.
 
 Juan
 
 2011/7/7 Renato Beserra renatobese...@gmail.com
 
 Hi,
 
 I am integrating a GWT application with Spring Security and I got
 a
   great
 example on a previous thread -
 
  http://groups.google.com/group/google-web-toolkit/browse_thread/threa..
 ..
 
 But now I want to secure my rpc calls, but i have a problem:
 Spring
 Security provides some annotations that i should use on the method
 declaration. But in GWT RPC the interface should be defined on
 client
   side,
 so the annotation is not valid.
 
 Is there a simpler solution other than making my rpc
 implementation to
 call a secured method on the server-side?
 
 Thanks in advance.
 
 --
 Renato Beserra Sousa
 
 --
 You received this message because you are subscribed to the Google
   Groups
 Google Web Toolkit group.
 To post to this group, send email to
   google-web-toolkit@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.com.
 For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
 
  --
 You received this message because you are subscribed to the Google
   Groups
 Google Web Toolkit group.
 To post to this group, send email to
   

GWT + Spring Security

[Renato Beserra]

Hi,

I am integrating a GWT application with Spring Security and I got a great
example on a previous thread -
http://groups.google.com/group/google-web-toolkit/browse_thread/thread/c8032d9a472d975b/b9634461528cd31b?lnk=gstq=renatobeserra#b9634461528cd31b.


But now I want to secure my rpc calls, but i have a problem: Spring Security
provides some annotations that i should use on the method declaration. But
in GWT RPC the interface should be defined on client side, so the annotation
is not valid.

Is there a simpler solution other than making my rpc implementation to call
a secured method on the server-side?

Thanks in advance.



-- 
Renato Beserra Sousa

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT + Spring Security

[Juan Pablo Gardella]

Hi Renato,

I have a service layer, so in this method I use JSR250
http://en.wikipedia.org/wiki/JSR_250annotations, Spring security can work
with this API. In client side I don't protect the invocations. In server
side, spring security throws an exception, if try to access to a protected
method, and travel to the client. I wrap it in a class and show an alert to
the user.

Juan

2011/7/7 Renato Beserra renatobese...@gmail.com

 Hi,

 I am integrating a GWT application with Spring Security and I got a great
 example on a previous thread -
 http://groups.google.com/group/google-web-toolkit/browse_thread/thread/c8032d9a472d975b/b9634461528cd31b?lnk=gstq=renatobeserra#b9634461528cd31b.


 But now I want to secure my rpc calls, but i have a problem: Spring
 Security provides some annotations that i should use on the method
 declaration. But in GWT RPC the interface should be defined on client side,
 so the annotation is not valid.

 Is there a simpler solution other than making my rpc implementation to call
 a secured method on the server-side?

 Thanks in advance.



 --
 Renato Beserra Sousa

 --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To post to this group, send email to google-web-toolkit@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT + Spring Security

[Renato Beserra]

Thanks for your answer.

I considered something like that, but every restricted rpc method
implementation has to call another method, with its own interface secured by
annotations, right?

2011/7/7 Juan Pablo Gardella gardellajuanpa...@gmail.com

 Hi Renato,

 I have a service layer, so in this method I use JSR250
 http://en.wikipedia.org/wiki/JSR_250annotations, Spring security can
 work with this API. In client side I don't protect the invocations. In
 server side, spring security throws an exception, if try to access to a
 protected method, and travel to the client. I wrap it in a class and show an
 alert to the user.

 Juan

 2011/7/7 Renato Beserra renatobese...@gmail.com

 Hi,

 I am integrating a GWT application with Spring Security and I got a great
 example on a previous thread -
 http://groups.google.com/group/google-web-toolkit/browse_thread/thread/c8032d9a472d975b/b9634461528cd31b?lnk=gstq=renatobeserra#b9634461528cd31b.


 But now I want to secure my rpc calls, but i have a problem: Spring
 Security provides some annotations that i should use on the method
 declaration. But in GWT RPC the interface should be defined on client side,
 so the annotation is not valid.

 Is there a simpler solution other than making my rpc implementation to
 call a secured method on the server-side?

 Thanks in advance.



 --
 Renato Beserra Sousa

 --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To post to this group, send email to google-web-toolkit@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.


  --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To post to this group, send email to google-web-toolkit@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.




-- 
Renato Beserra Sousa

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT + Spring Security

[Kevin Jordan]

It's been a while since I've set mine up to do this, but when you say
you're setting them in the interface on the client side, are you
trying them on the Async interface or the interface your server-side
code implements off of?  If you do it on the interface your server-
side code uses as the implementation contract, it will automatically
get those for spring security to check on the server-side and if you
set them up with spring doing the intercepting of the URL with
something such as org.springframework.web.servlet.DispatcherServlet
and in its myservletnamefromwebxml-servlets.xml, do something like
?xml version=1.0 encoding=UTF-8?
beans xmlns=http://www.springframework.org/schema/beans;
   xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
   xmlns:util=http://www.springframework.org/schema/util;
   xsi:schemaLocation=
   http://www.springframework.org/schema/beans
   http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
   http://www.springframework.org/schema/security
   
http://www.springframework.org/schema/security/spring-security-3.0.xsd
   http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.0.xsd;

bean id=urlMapping
class=org.gwtwidgets.server.spring.GWTHandler
property name=mappings
map
entry key=/myService.rpc 
value-ref=MyRPCService /
/map
/property
   /bean
/beans

Note that I'm using the GWTHandler bean from gwt-sl (http://
sourceforge.net/projects/gwt-widget/files/GWT%20Server%20Library/) to
do the URL mapping since it does better integration with GWT than
spring's built-in handlers do.

You may also want to look into gwtsecurity to send better exceptions
to your client: http://code.google.com/p/gwtsecurity/

On Jul 7, 1:02 pm, Renato Beserra renatobese...@gmail.com wrote:
 Thanks for your answer.

 I considered something like that, but every restricted rpc method
 implementation has to call another method, with its own interface secured by
 annotations, right?

 2011/7/7 Juan Pablo Gardella gardellajuanpa...@gmail.com









  Hi Renato,

  I have a service layer, so in this method I use JSR250
  http://en.wikipedia.org/wiki/JSR_250annotations, Spring security can
  work with this API. In client side I don't protect the invocations. In
  server side, spring security throws an exception, if try to access to a
  protected method, and travel to the client. I wrap it in a class and show an
  alert to the user.

  Juan

  2011/7/7 Renato Beserra renatobese...@gmail.com

  Hi,

  I am integrating a GWT application with Spring Security and I got a great
  example on a previous thread -
 http://groups.google.com/group/google-web-toolkit/browse_thread/threa

  But now I want to secure my rpc calls, but i have a problem: Spring
  Security provides some annotations that i should use on the method
  declaration. But in GWT RPC the interface should be defined on client side,
  so the annotation is not valid.

  Is there a simpler solution other than making my rpc implementation to
  call a secured method on the server-side?

  Thanks in advance.

  --
  Renato Beserra Sousa

  --
  You received this message because you are subscribed to the Google Groups
  Google Web Toolkit group.
  To post to this group, send email to google-web-toolkit@googlegroups.com.
  To unsubscribe from this group, send email to
  google-web-toolkit+unsubscr...@googlegroups.com.
  For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.

   --
  You received this message because you are subscribed to the Google Groups
  Google Web Toolkit group.
  To post to this group, send email to google-web-toolkit@googlegroups.com.
  To unsubscribe from this group, send email to
  google-web-toolkit+unsubscr...@googlegroups.com.
  For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.

 --
 Renato Beserra Sousa

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT + Spring Security

[cheleb]

Hi
  You could check:
* http://code.google.com/p/net-orcades-spring/
* http://code.google.com/p/orcades-gwt-spring/ for a MVP approach.
 if will at least give you some ideas.


On Mar 9, 5:23 am, j.singh.developer j.singh.develo...@gmail.com
wrote:
 This may be a repeatable question. I am looking for a resource
 (example would be nice) that takes into consideration all security
 aspects of GWT and implements it using Spring Security. Any
 guidelines, pointing to resources will be really appreciated.

 Thanks

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

GWT + Spring Security

[j.singh.developer]

This may be a repeatable question. I am looking for a resource
(example would be nice) that takes into consideration all security
aspects of GWT and implements it using Spring Security. Any
guidelines, pointing to resources will be really appreciated.

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT + Spring Security

[Juan Pablo Gardella]

Read ProWeb 2.0 Application Development with GWT. There are some guidelines.

Juan

2011/3/8 j.singh.developer j.singh.develo...@gmail.com

 This may be a repeatable question. I am looking for a resource
 (example would be nice) that takes into consideration all security
 aspects of GWT and implements it using Spring Security. Any
 guidelines, pointing to resources will be really appreciated.

 Thanks

 --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To post to this group, send email to google-web-toolkit@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: gwt + spring security

[Alberto]

Hi Travis,

  Is there any way that you can provide examples of your solution?

Thanks !

On Dec 21, 8:19 am, Travis Camechis camec...@gmail.com wrote:
 instead of using that I created my own custom Spring Security
 SuccessHandlers and Failure Handlers that returns JSON back to the client.
  I then let the client handle the place management based on
 success:true/false.  At this point I can also send credentials back in the
 JSON as well.







 On Tue, Dec 21, 2010 at 9:15 AM, asianCoolz second.co...@gmail.com wrote:
  I use gwt requestBuilder to query server result, if server-side spring
  checked user is not authenticated, it will forward to form-login
  login-page=/gwtapplication.html#!login       , but gwt is not
  forwarded to that page.  see below

  requestBuilder.setCallback(new RequestCallback() {

            �...@override
             public void onError(final Request request, final Throwable
  exception) {
                 resultCallback.onFailure(exception);
             }

            �...@override
             public void onResponseReceived(final Request request,
                     final Response response) {

                 if(response.getHeader(Content-
  Type).toLowerCase().equals(text/html.toLowerCase()))
                 {

                 //response.getText() is
                 /**
                   Expires Thu, 01 Jan 1970 00:00:00 GMT
                   Set-Cookie JSESSIONID=1emk892yva1e9;Path=/
                   Locationhttp://127.0.0.1:/gwtapplication.html#!login
                  Content-Length 0
                  Server Jetty(6.1.x)

                **/

                 }

             }
         });

  --
  You received this message because you are subscribed to the Google Groups
  Google Web Toolkit group.
  To post to this group, send email to google-web-tool...@googlegroups.com.
  To unsubscribe from this group, send email to
  google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2Bunsubs 
  cr...@googlegroups.com
  .
  For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: gwt + spring security

[Travis Camechis]

create a SuccessAuthenticationHandler and FailureAuthenticationHandler

public class AjaxSuccessAuthenticationHandler implements
AuthenticationSuccessHandler {

@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper(
response);

Writer out = responseWrapper.getWriter();
MapString, Object authResponse = new HashMapString, Object();
authResponse.put(success, true);
authResponse.put(user, SecurityContextHolder.getContext()
.getAuthentication().getName());
ListString authorities = new ArrayListString();
for (GrantedAuthority auth : SecurityContextHolder.getContext()
.getAuthentication().getAuthorities()) {
authorities.add(auth.getAuthority());
}
authResponse.put(authorities, authorities);
ObjectMapper mapper = new ObjectMapper();
mapper.writeValue(out, authResponse);
out.close();

}

}


public class AjaxAuthenticationFailureHandler implements
AuthenticationFailureHandler {

@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
HttpServletResponseWrapper responseWrapper = new
HttpServletResponseWrapper(response);
Writer out = responseWrapper.getWriter();
out.write({ success: false, errors:{reason: 'Login failed. Try
again.'}} );
out.close();
}

}

And your spring Security Context File

beans:bean
class=org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
id=usernamePasswordAuthenticationFilter
beans:property name=authenticationManager ref=authenticationManager /
beans:property name=filterProcessesUrl value=/j_spring_security_check
/
beans:property name=authenticationSuccessHandler
ref=successHandler /
beans:property name=authenticationFailureHandler
ref=failureHandler /
/beans:bean

beans:bean id=successHandler
class=mil.jtcoic.tb.epik.bender.server.security.AjaxSuccessAuthenticationHandler
/

beans:bean id=failureHandler
class=mil.jtcoic.tb.epik.bender.server.security.AjaxAuthenticationFailureHandler
/
On Wed, Dec 22, 2010 at 12:20 PM, Alberto albya...@gmail.com wrote:

 Hi Travis,

  Is there any way that you can provide examples of your solution?

 Thanks !

 On Dec 21, 8:19 am, Travis Camechis camec...@gmail.com wrote:
  instead of using that I created my own custom Spring Security
  SuccessHandlers and Failure Handlers that returns JSON back to the
 client.
   I then let the client handle the place management based on
  success:true/false.  At this point I can also send credentials back in
 the
  JSON as well.
 
 
 
 
 
 
 
  On Tue, Dec 21, 2010 at 9:15 AM, asianCoolz second.co...@gmail.com
 wrote:
   I use gwt requestBuilder to query server result, if server-side spring
   checked user is not authenticated, it will forward to form-login
   login-page=/gwtapplication.html#!login   , but gwt is not
   forwarded to that page.  see below
 
   requestBuilder.setCallback(new RequestCallback() {
 
  @Override
  public void onError(final Request request, final Throwable
   exception) {
  resultCallback.onFailure(exception);
  }
 
  @Override
  public void onResponseReceived(final Request request,
  final Response response) {
 
  if(response.getHeader(Content-
   Type).toLowerCase().equals(text/html.toLowerCase()))
  {
 
  //response.getText() is
  /**
Expires Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie JSESSIONID=1emk892yva1e9;Path=/
Locationhttp://
 127.0.0.1:/gwtapplication.html#!login
   Content-Length 0
   Server Jetty(6.1.x)
 
 **/
 
  }
 
  }
  });
 
   --
   You received this message because you are subscribed to the Google
 Groups
   Google Web Toolkit group.
   To post to this group, send email to
 google-web-tool...@googlegroups.com.
   To unsubscribe from this group, send email to
   google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.comgoogle-web-toolkit%2Bunsubs
 cr...@googlegroups.com
   .
   For more options, visit this group at
  http://groups.google.com/group/google-web-toolkit?hl=en.

 --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To post to this group, send email to google-web-tool...@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.com
 .
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.



-- 
You received this message because you are subscribed to the 

gwt + spring security

[asianCoolz]

I use gwt requestBuilder to query server result, if server-side spring
checked user is not authenticated, it will forward to form-login
login-page=/gwtapplication.html#!login   , but gwt is not
forwarded to that page.  see below


requestBuilder.setCallback(new RequestCallback() {

@Override
public void onError(final Request request, final Throwable
exception) {
resultCallback.onFailure(exception);
}

@Override
public void onResponseReceived(final Request request,
final Response response) {


if(response.getHeader(Content-
Type).toLowerCase().equals(text/html.toLowerCase()))
{


//response.getText() is
/**
  Expires Thu, 01 Jan 1970 00:00:00 GMT
  Set-Cookie JSESSIONID=1emk892yva1e9;Path=/
  Location http://127.0.0.1:/gwtapplication.html#!login
 Content-Length 0
 Server Jetty(6.1.x)

   **/


}


}
});

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: gwt + spring security

[Travis Camechis]

instead of using that I created my own custom Spring Security
SuccessHandlers and Failure Handlers that returns JSON back to the client.
 I then let the client handle the place management based on
success:true/false.  At this point I can also send credentials back in the
JSON as well.

On Tue, Dec 21, 2010 at 9:15 AM, asianCoolz second.co...@gmail.com wrote:

 I use gwt requestBuilder to query server result, if server-side spring
 checked user is not authenticated, it will forward to form-login
 login-page=/gwtapplication.html#!login   , but gwt is not
 forwarded to that page.  see below


 requestBuilder.setCallback(new RequestCallback() {

@Override
public void onError(final Request request, final Throwable
 exception) {
resultCallback.onFailure(exception);
}

@Override
public void onResponseReceived(final Request request,
final Response response) {


if(response.getHeader(Content-
 Type).toLowerCase().equals(text/html.toLowerCase()))
{


//response.getText() is
/**
  Expires Thu, 01 Jan 1970 00:00:00 GMT
  Set-Cookie JSESSIONID=1emk892yva1e9;Path=/
  Location http://127.0.0.1:/gwtapplication.html#!login
 Content-Length 0
 Server Jetty(6.1.x)

   **/


}


}
});

 --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To post to this group, send email to google-web-tool...@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.com
 .
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

GWT + SPRING SECURITY

[larry]

Hi all.
I'm new here. I'm currently using gwt 1.7 gwt-ext 2.0.x, spring 2.5
and spring-security 2.0.4. I met a problem that I have tried to get a
solution for two days with no answer yet. The problem is that any
unprotected gwt pages return blank with an error message Line: 2
Char: 1 Error: Syntax error Code:0. But if user was authenticated and
redirect to those pages they return fine.
I know this is because of spring-security added on. What I did is
trying to create a gwt login form to replace my old JSP login page.
But this gwt login page is returned with above error. I changed my
security configuration settings in many ways but none of them work.
Here is my configuration:
?xml version=1.0 encoding=UTF-8?
beans:beans xmlns=http://www.springframework.org/schema/
security
xmlns:beans=http://www.springframework.org/schema/beans;
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
xsi:schemaLocation=http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
   http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd;
global-method-security secured-annotations=enabled jsr250-
annotations=enabled/
authentication-manager alias=authenticationManager/
beans:bean id=accessDecisionManager
class=org.springframework.security.vote.AffirmativeBased
  beans:property name=allowIfAllAbstainDecisions value=false/

  beans:property name=decisionVoters
 beans:list
beans:bean
class=org.springframework.security.vote.RoleVoter/
beans:bean
class=org.springframework.security.vote.AuthenticatedVoter/
 /beans:list
  /beans:property
/beans:bean
http auto-config=true 
intercept-url pattern=/Login_test.html filters=none/

intercept-url pattern=/Index.html
access=ROLE_USER,ROLE_TELLER/
!-- intercept-url pattern=/*.rpc access=ROLE_USER /  --

intercept-url pattern=/** access=ROLE_USER,ROLE_TELLER/
form-login /
!-- http-basic /
form-login login-page='/Login_new.html' default-target-url=/
Index.html
   always-use-default-target=true/  --
logout logout-success-url=/Login_test.html/
concurrent-session-control max-sessions=1 exception-if-
maximum-exceeded=true /
/http
beans:bean id=loggerListener
class=org.springframework.security.event.authentication.LoggerListener/

..

I even just put a Hello word in my Login page it still doesn't work.

Please if anyone has the experience of this let me know. Thanks

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT + Spring Security

[sridhar vennela]

Hi Jonathan,
Do you have sample code, i am looking for sample app with Gwt and spring
secturity. please help me...


thanks,
Sridhar

On Fri, Dec 11, 2009 at 6:58 PM, jonathan.hollo...@gmail.com 
jonathan.hollo...@gmail.com wrote:

 Awesome, I'll take a look at it...

 On Dec 11, 12:41 am, olivier nouguier olivier.nougu...@gmail.com
 wrote:
  Hi jonathan,
   Are you using maven ?
   If the answer is yes:
 http://groups.google.com/group/google-web-toolkit/browse_thread/threa...
  http://groups.google.com/group/google-web-toolkit/browse_thread/threa..
 .
 
  On Thu, Dec 10, 2009 at 8:40 PM, jonathan.hollo...@gmail.com 
  
 
 
  jonathan.hollo...@gmail.com wrote:
   I'm having issues with the Spring Security and GWT.  Defining  the
   following in my Spring config file:
 
   beans xmlns=http://www.springframework.org/schema/beans;
  xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
  xmlns:security=http://www.springframework.org/schema/security;
  xsi:schemaLocation=http://www.springframework.org/schema/beans
  http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
  http://www.springframework.org/schema/security
  
 http://www.springframework.org/schema/security/spring-security-2.0.4.xsd;
 
   and referencing spring security elements as follows:
 
   security:http entry-point-ref=samlEntryPoint
  security:intercept-url pattern=/**
   access=IS_AUTHENTICATED_FULLY/
  security:intercept-url pattern=/logout.jsp filters=none/
  security:intercept-url pattern=/login.jsp filters=none/
  security:intercept-url pattern=/favicon.ico filters=none/
 
  /security:http
 
   results in:
 
  
 org.springframework.beans.factory.parsing.BeanDefinitionParsingException:
   Configuration problem: Unable to locate Spring NamespaceHandler for
   XML schema namespace [http://www.springframework.org/schema/security]
   Offending resource: class path resource [server-config.xml]
 
  at
   org.springframework.beans.factory.parsing.FailFastProblemReporter.error
   (FailFastProblemReporter.java:68)
  at org.springframework.beans.factory.parsing.ReaderContext.error
   (ReaderContext.java:85)
  at org.springframework.beans.factory.parsing.ReaderContext.error
   (ReaderContext.java:80)
  at
  
 org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error
   (BeanDefinitionParserDelegate.java:281)
  at
 
  
 org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement
   (BeanDefinitionParserDelegate.java:1294)
 
   Has anybody come across/solved this issue at all?  It's definitely a
   GWT issue as I'm able to load the config up normally in a standard
   Java application.  Many thanks...
 
   --
 
   You received this message because you are subscribed to the Google
 Groups
   Google Web Toolkit group.
   To post to this group, send email to
 google-web-tool...@googlegroups.com.
   To unsubscribe from this group, send email to
   google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.com
 google-web-toolkit%2bunsubscr...@googlegroups.comgoogle-web-toolkit%252bunsubscr...@googlegroups.com
 
.
   For more options, visit this group at
  http://groups.google.com/group/google-web-toolkit?hl=en.
 
  --
  A coward is incapable of exhibiting love; it is the prerogative of the
  brave.
  --
  Mohandas Gandhi

 --

 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To post to this group, send email to google-web-tool...@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.com
 .
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.




--

You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

SV: GWT + Spring Security

[Hermod Opstvedt]

Hi

You don't have to worry about the security on the client (GWT) side. This is
all handled on the server side. Any sample involving Acegi (Struts security)
will suffice. 

But anyway, heres a sample:
http://code.google.com/p/gwt-ent/wiki/IntegrationGWTWithAcegi

Hermod

-Opprinnelig melding-
Fra: google-web-toolkit@googlegroups.com
[mailto:google-web-tool...@googlegroups.com] På vegne av sridhar vennela
Sendt: 12. desember 2009 17:36
Til: google-web-toolkit@googlegroups.com
Emne: Re: GWT + Spring Security

Hi Jonathan,
Do you have sample code, i am looking for sample app with Gwt and spring
secturity. please help me...
 
 
thanks,
Sridhar


On Fri, Dec 11, 2009 at 6:58 PM, jonathan.hollo...@gmail.com
jonathan.hollo...@gmail.com wrote:


Awesome, I'll take a look at it...

On Dec 11, 12:41 am, olivier nouguier olivier.nougu...@gmail.com
wrote:

 Hi jonathan,
  Are you using maven ?

  If the answer is
yes:http://groups.google.com/group/google-web-toolkit/browse_thread/threa...

http://groups.google.com/group/google-web-toolkit/browse_thread/threa...

 On Thu, Dec 10, 2009 at 8:40 PM, jonathan.hollo...@gmail.com 




 jonathan.hollo...@gmail.com wrote:
  I'm having issues with the Spring Security and GWT.  Defining
the
  following in my Spring config file:

  beans xmlns=http://www.springframework.org/schema/beans;
 xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
 
xmlns:security=http://www.springframework.org/schema/security;
 
xsi:schemaLocation=http://www.springframework.org/schema/beans
 http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
 
http://www.springframework.org/schema/security

http://www.springframework.org/schema/security/spring-security-2.0.4.xsd;

  and referencing spring security elements as follows:

  security:http entry-point-ref=samlEntryPoint
 security:intercept-url pattern=/**
  access=IS_AUTHENTICATED_FULLY/
 security:intercept-url pattern=/logout.jsp
filters=none/
 security:intercept-url pattern=/login.jsp
filters=none/
 security:intercept-url pattern=/favicon.ico
filters=none/

 /security:http

  results in:

 
org.springframework.beans.factory.parsing.BeanDefinitionParsingException:
  Configuration problem: Unable to locate Spring NamespaceHandler
for
  XML schema namespace
[http://www.springframework.org/schema/security]
  Offending resource: class path resource [server-config.xml]

 at
 
org.springframework.beans.factory.parsing.FailFastProblemReporter.error
  (FailFastProblemReporter.java:68)
 at
org.springframework.beans.factory.parsing.ReaderContext.error
  (ReaderContext.java:85)
 at
org.springframework.beans.factory.parsing.ReaderContext.error
  (ReaderContext.java:80)
 at
 
org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error
  (BeanDefinitionParserDelegate.java:281)
 at

 
org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCust
omElement
  (BeanDefinitionParserDelegate.java:1294)

  Has anybody come across/solved this issue at all?  It's
definitely a
  GWT issue as I'm able to load the config up normally in a
standard
  Java application.  Many thanks...

  --

  You received this message because you are subscribed to the
Google Groups
  Google Web Toolkit group.
  To post to this group, send email to
google-web-tool...@googlegroups.com.
  To unsubscribe from this group, send email to

  google-web-toolkit+unsubscr...@googlegroups.com
mailto:google-web-toolkit%2bunsubscr...@googlegroups.com
google-web-toolkit%2bunsubscr...@googlegroups.com
mailto:google-web-toolkit%252bunsubscr...@googlegroups.com 

  .
  For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.

 --
 A coward is incapable of exhibiting love; it is the prerogative of
the
 brave.
 --
 Mohandas Gandhi

--

You received this message because you are subscribed to the Google
Groups Google Web Toolkit group.
To post to this group, send email to
google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to
google-web-toolkit+unsubscr...@googlegroups.com
mailto:google-web-toolkit%2bunsubscr...@googlegroups.com .
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit

Re: GWT + Spring Security

[sridhar vennela]

thanks

On Sat, Dec 12, 2009 at 9:52 AM, Hermod Opstvedt
hermod.opstv...@gmail.comwrote:

 Hi

 You don't have to worry about the security on the client (GWT) side. This
 is
 all handled on the server side. Any sample involving Acegi (Struts
 security)
 will suffice.

 But anyway, heres a sample:
 http://code.google.com/p/gwt-ent/wiki/IntegrationGWTWithAcegi

 Hermod

 -Opprinnelig melding-
 Fra: google-web-toolkit@googlegroups.com
 [mailto:google-web-tool...@googlegroups.com] På vegne av sridhar vennela
 Sendt: 12. desember 2009 17:36
 Til: google-web-toolkit@googlegroups.com
 Emne: Re: GWT + Spring Security

 Hi Jonathan,
 Do you have sample code, i am looking for sample app with Gwt and spring
 secturity. please help me...


 thanks,
 Sridhar


 On Fri, Dec 11, 2009 at 6:58 PM, jonathan.hollo...@gmail.com
 jonathan.hollo...@gmail.com wrote:


Awesome, I'll take a look at it...

On Dec 11, 12:41 am, olivier nouguier olivier.nougu...@gmail.com
wrote:

 Hi jonathan,
  Are you using maven ?

  If the answer is
 yes:http://groups.google.com/group/google-web-toolkit/browse_thread/threa.
 ..

 http://groups.google.com/group/google-web-toolkit/browse_thread/threa...

 On Thu, Dec 10, 2009 at 8:40 PM, jonathan.hollo...@gmail.com 




 jonathan.hollo...@gmail.com wrote:
  I'm having issues with the Spring Security and GWT.  Defining
 the
  following in my Spring config file:

  beans xmlns=http://www.springframework.org/schema/beans;
 xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
 
 xmlns:security=http://www.springframework.org/schema/security;
 
 xsi:schemaLocation=http://www.springframework.org/schema/beans
 http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
 
 http://www.springframework.org/schema/security

 http://www.springframework.org/schema/security/spring-security-2.0.4.xsd
 

  and referencing spring security elements as follows:

  security:http entry-point-ref=samlEntryPoint
 security:intercept-url pattern=/**
  access=IS_AUTHENTICATED_FULLY/
 security:intercept-url pattern=/logout.jsp
 filters=none/
 security:intercept-url pattern=/login.jsp
 filters=none/
 security:intercept-url pattern=/favicon.ico
 filters=none/

 /security:http

  results in:

 
 org.springframework.beans.factory.parsing.BeanDefinitionParsingException:
  Configuration problem: Unable to locate Spring NamespaceHandler
 for
  XML schema namespace
 [http://www.springframework.org/schema/security]
  Offending resource: class path resource [server-config.xml]

 at
 
 org.springframework.beans.factory.parsing.FailFastProblemReporter.error
  (FailFastProblemReporter.java:68)
 at
 org.springframework.beans.factory.parsing.ReaderContext.error
  (ReaderContext.java:85)
 at
 org.springframework.beans.factory.parsing.ReaderContext.error
  (ReaderContext.java:80)
 at
 
 org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error
  (BeanDefinitionParserDelegate.java:281)
 at

 

 org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCust
 omElement
  (BeanDefinitionParserDelegate.java:1294)

  Has anybody come across/solved this issue at all?  It's
 definitely a
  GWT issue as I'm able to load the config up normally in a
 standard
  Java application.  Many thanks...

  --

  You received this message because you are subscribed to the
 Google Groups
  Google Web Toolkit group.
  To post to this group, send email to
 google-web-tool...@googlegroups.com.
  To unsubscribe from this group, send email to

  
 google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.com
 mailto:google-web-toolkit%2bunsubscr...@googlegroups.comgoogle-web-toolkit%252bunsubscr...@googlegroups.com
 
 google-web-toolkit%2bunsubscr...@googlegroups.comgoogle-web-toolkit%252bunsubscr...@googlegroups.com
 mailto:google-web-toolkit%252bunsubscr...@googlegroups.comgoogle-web-toolkit%25252bunsubscr...@googlegroups.com
 

  .
  For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.

 --
 A coward is incapable of exhibiting love; it is the prerogative of
 the
 brave.
 --
 Mohandas Gandhi

--

You received this message because you are subscribed to the Google
 Groups Google Web Toolkit group.
To post to this group, send email to
 google

Re: GWT + Spring Security

[olivier nouguier]

Hi jonathan,
 Are you using maven ?
 If the answer is yes:
http://groups.google.com/group/google-web-toolkit/browse_thread/thread/be6b6681192aa54a?pli=1
http://groups.google.com/group/google-web-toolkit/browse_thread/thread/be6b6681192aa54a?pli=1

On Thu, Dec 10, 2009 at 8:40 PM, jonathan.hollo...@gmail.com 
jonathan.hollo...@gmail.com wrote:

 I'm having issues with the Spring Security and GWT.  Defining  the
 following in my Spring config file:

 beans xmlns=http://www.springframework.org/schema/beans;
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
xmlns:security=http://www.springframework.org/schema/security;
xsi:schemaLocation=http://www.springframework.org/schema/beans
 http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security
 http://www.springframework.org/schema/security/spring-security-2.0.4.xsd;

 and referencing spring security elements as follows:

 security:http entry-point-ref=samlEntryPoint
security:intercept-url pattern=/**
 access=IS_AUTHENTICATED_FULLY/
security:intercept-url pattern=/logout.jsp filters=none/
security:intercept-url pattern=/login.jsp filters=none/
security:intercept-url pattern=/favicon.ico filters=none/
 
/security:http

 results in:

 org.springframework.beans.factory.parsing.BeanDefinitionParsingException:
 Configuration problem: Unable to locate Spring NamespaceHandler for
 XML schema namespace [http://www.springframework.org/schema/security]
 Offending resource: class path resource [server-config.xml]

at
 org.springframework.beans.factory.parsing.FailFastProblemReporter.error
 (FailFastProblemReporter.java:68)
at org.springframework.beans.factory.parsing.ReaderContext.error
 (ReaderContext.java:85)
at org.springframework.beans.factory.parsing.ReaderContext.error
 (ReaderContext.java:80)
at
 org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error
 (BeanDefinitionParserDelegate.java:281)
at

 org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement
 (BeanDefinitionParserDelegate.java:1294)

 Has anybody come across/solved this issue at all?  It's definitely a
 GWT issue as I'm able to load the config up normally in a standard
 Java application.  Many thanks...

 --

 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To post to this group, send email to google-web-tool...@googlegroups.com.
 To unsubscribe from this group, send email to
 google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.com
 .
 For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.





-- 
A coward is incapable of exhibiting love; it is the prerogative of the
brave.
--
Mohandas Gandhi

--

You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT + Spring Security

[jonathan.hollo...@gmail.com]

Awesome, I'll take a look at it...

On Dec 11, 12:41 am, olivier nouguier olivier.nougu...@gmail.com
wrote:
 Hi jonathan,
  Are you using maven ?
  If the answer is 
 yes:http://groups.google.com/group/google-web-toolkit/browse_thread/threa...
 http://groups.google.com/group/google-web-toolkit/browse_thread/threa...

 On Thu, Dec 10, 2009 at 8:40 PM, jonathan.hollo...@gmail.com 



 jonathan.hollo...@gmail.com wrote:
  I'm having issues with the Spring Security and GWT.  Defining  the
  following in my Spring config file:

  beans xmlns=http://www.springframework.org/schema/beans;
         xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
     xmlns:security=http://www.springframework.org/schema/security;
         xsi:schemaLocation=http://www.springframework.org/schema/beans
 http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                         http://www.springframework.org/schema/security
 http://www.springframework.org/schema/security/spring-security-2.0.4.xsd;

  and referencing spring security elements as follows:

  security:http entry-point-ref=samlEntryPoint
         security:intercept-url pattern=/**
  access=IS_AUTHENTICATED_FULLY/
         security:intercept-url pattern=/logout.jsp filters=none/
         security:intercept-url pattern=/login.jsp filters=none/
         security:intercept-url pattern=/favicon.ico filters=none/

     /security:http

  results in:

  org.springframework.beans.factory.parsing.BeanDefinitionParsingException:
  Configuration problem: Unable to locate Spring NamespaceHandler for
  XML schema namespace [http://www.springframework.org/schema/security]
  Offending resource: class path resource [server-config.xml]

         at
  org.springframework.beans.factory.parsing.FailFastProblemReporter.error
  (FailFastProblemReporter.java:68)
         at org.springframework.beans.factory.parsing.ReaderContext.error
  (ReaderContext.java:85)
         at org.springframework.beans.factory.parsing.ReaderContext.error
  (ReaderContext.java:80)
         at
  org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error
  (BeanDefinitionParserDelegate.java:281)
         at

  org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement
  (BeanDefinitionParserDelegate.java:1294)

  Has anybody come across/solved this issue at all?  It's definitely a
  GWT issue as I'm able to load the config up normally in a standard
  Java application.  Many thanks...

  --

  You received this message because you are subscribed to the Google Groups
  Google Web Toolkit group.
  To post to this group, send email to google-web-tool...@googlegroups.com.
  To unsubscribe from this group, send email to
  google-web-toolkit+unsubscr...@googlegroups.comgoogle-web-toolkit%2bunsubscr...@googlegroups.com
  .
  For more options, visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.

 --
 A coward is incapable of exhibiting love; it is the prerogative of the
 brave.
 --
 Mohandas Gandhi

--

You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

GWT + Spring Security

[jonathan.hollo...@gmail.com]

I'm having issues with the Spring Security and GWT.  Defining  the
following in my Spring config file:

beans xmlns=http://www.springframework.org/schema/beans;
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
xmlns:security=http://www.springframework.org/schema/security;
xsi:schemaLocation=http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd;

and referencing spring security elements as follows:

security:http entry-point-ref=samlEntryPoint
security:intercept-url pattern=/**
access=IS_AUTHENTICATED_FULLY/
security:intercept-url pattern=/logout.jsp filters=none/
security:intercept-url pattern=/login.jsp filters=none/
security:intercept-url pattern=/favicon.ico filters=none/

/security:http

results in:

org.springframework.beans.factory.parsing.BeanDefinitionParsingException:
Configuration problem: Unable to locate Spring NamespaceHandler for
XML schema namespace [http://www.springframework.org/schema/security]
Offending resource: class path resource [server-config.xml]

at
org.springframework.beans.factory.parsing.FailFastProblemReporter.error
(FailFastProblemReporter.java:68)
at org.springframework.beans.factory.parsing.ReaderContext.error
(ReaderContext.java:85)
at org.springframework.beans.factory.parsing.ReaderContext.error
(ReaderContext.java:80)
at
org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.error
(BeanDefinitionParserDelegate.java:281)
at
org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement
(BeanDefinitionParserDelegate.java:1294)

Has anybody come across/solved this issue at all?  It's definitely a
GWT issue as I'm able to load the config up normally in a standard
Java application.  Many thanks...

--

You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

gwt+spring security+facebook connect

[asianCoolz]

anyone tried this gwt+spring security+facebook connect ?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to Google-Web-Toolkit@googlegroups.com
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~--~~~~--~~--~--~---

Re: gwt+spring security+facebook connect

[asianCoolz]

i am refering to 
http://www.grails.org/AcegiSecurity%2BPlugin%2B-%2BCustomizing%2Bwith%2BSecurityConfig
but seem to me , the plugin only for grails.  anyone can comment ?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To post to this group, send email to Google-Web-Toolkit@googlegroups.com
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~--~~~~--~~--~--~---