David,
My apologies for not getting back to you. I've been thinking about the
correct answer. You describe the issue of the error being thrown if the
user does not have the proper role. In our implementation that was
considered sufficient, since it prevented the user from accessing a remote
Hello,
Indeed you don't need the 2 autowired services. I use them since I
have my own decisionManager. You can use a standard one, for example
the role based. This means no autowireds neither
onAfterRequestDeserialized. If you don't play with sessions you
don't need the workaround fix inide
Jordi,
Yes the link you provided was excellent, with that I have spring
managed beans that are RPC services.
However I'm having trouble understanding how to add Spring Security to
that. Ideally I'd love to see that example expanded to show how to
add users, assign users role(s) secure RPC
Could you also post your autowired beans setSecuredDecisionManager
setSecurityMetadataSource?
Also since I just have plain GWT app (no JSP) can I assume that I
don't need the handleRequest() method? I assume the security work is
done in onAfterRequestDeserialized()?
Thanks,
-Dave
On Jun 15,
Hi Joseph,
Thanks so much for your help. I'm having trouble getting this to
work. In my case the methods on PreAuthenticationFilter
CustomUserDetailsService are never called.
Here is my code/config:
applicationContext.xml
?xml version=1.0 encoding=UTF-8?
beans:beans
Dave,
Since it is an enterprise application, authentication is handled by a SSO
service which hands off to our application, so there is no remember me
functionality. The less work your application has to do the better, just
like using Gmail/fb auth on a website.
Here is the redacted and
I have a login JSP that uses the remember me feature.so I have my login
under Spring Security.
I have method security enabled in the RPC layer. All my RPCs extend a base
class and then I used annotations on the methods to check for the
permissions.
Here the RPC Base Servlet class:
On Wednesday, June 13, 2012 8:47:47 AM UTC+8, dhoffer wrote:
I'd like to get feedback on the best way to secure GWT apps with
Spring Security. I read several existing blogs about this online but
they are all (that I have found) quite old at this point.
Specifically what's the best way
Joseph,
How do you handle Spring's 'remember me', session management and auto
login/logout? I'm curious how you setup your use of Spring. Could
you post your configuration? I assume you don't use Spring's auto-
config, etc?
Thanks,
-Dave
On Jun 13, 3:56 pm, Joseph Lust lifeofl...@gmail.com
I'm sure other folks' examples will differ, but we did the following:
1. Entitlements set as an Enum like *enum UserEntitlement { VIEW_HOME,
VIEW_ITEM, ADD_ITEM, DELETE_ITEM }*
2. On user login, *UserEntitlement[] *fetch sent from backend to client
3. Restricted UI elements are
Thanks Joseph for sharing your experiences.
I have a question regards this, for example you have a button that is
enabled to *ADD_ITEM. *Do you extends GWT compents for show for some
'actions' or make some if statements?
Is a simple question, but is nice to know how deal with this. The extend of
Jaun,
Our application is nearly 100% custom components. We did not use many of
the default GWT widgets. We also used UiBinder for everything and thus most
screens are a bundle of widgets stitched together with UiBinder.
If there was a custom panel/button/widget, it would have a
Thanks Joseph for sharing your experiences on this!! You are really helpful
at the group
Juan
2012/6/13 Joseph Lust lifeofl...@gmail.com
Jaun,
Our application is nearly 100% custom components. We did not use many of
the default GWT widgets. We also used UiBinder for everything and thus most
I'd like to get feedback on the best way to secure GWT apps with
Spring Security. I read several existing blogs about this online but
they are all (that I have found) quite old at this point.
Specifically what's the best way with GWT 2.4 and Spring Security
3.1? Or is there a better way other
HI All. I'm trying to config roles and permissions into a GWT app. This
app has spring too, and I had thinking in Spring-security but I have
problems with the integration, do you have any easy tutorial or example to
do it?
On Thursday, November 24, 2011 6:11:00 PM UTC+1, Alfredo
I have implemented Spring Security and GWT togheter, but what I can't
figure out hw can I handle is how to logout when an RPC fails because the
user is not logged in anymore.
For example, the user logs in in my application, then he for example clean
the browser session, so he is not logged in
Hello:
A few approaches I think can be taken here. Two that come to mind ordered
by the complexity level are:
Option 1:
If you are using Spring Security and have Method Security then ensure that
the methods throw an exception when the session has expired (You should get
an AccessDeniedException
for nacho:
what if you save user information in variables/class that declared in
MainEntryPoint. Whenever user refresh the browser, that variable will
flush/reset to null, if that variable == null, show login page.
So far that's what i've been done, may be it's not the best way.
On Thursday,
Hi,
If you are new to GWT then take a look at this post:
- http://uptick.com.au/content/gwt-login-security
Cheers
Rob
On Nov 23, 6:53 am, Victor Lujan victor...@gmail.com wrote:
Great, thank you both! I already downloaded spring and will update
you later : )
On Nov 21, 9:28 pm, -sowdri-
Great, thank you both! I already downloaded spring and will update
you later : )
On Nov 21, 9:28 pm, -sowdri- sow...@gmail.com wrote:
If you are looking at Authentication and Authorization, then spring
security is the de facto standard (of course this is all for the server
side)!
--
You
Oh boy, I never get answers on this group.
I hope this one does.
So, I'm learning GWT, i need to implement a login module. I heard
spring security is kind of cool so I was going to download that,
until i realized that i had to download spring first, and then spring
security. The requirements
Hello Victor:
If your focus is to learn GWT then I wouldn't dive into Spring just yet.
For learning purposes, a simple method in your XServiceImplementation using
GWT-RPC will do.
If you are planning to build a production application, then I would
strongly suggest Spring with Spring Security in
Hi Alfredo!
Thanks for replying !
Im both learning and trying to do something very nice.
Im going to give Spring a shot then :D
All comments are still appreciated
On Nov 21, 7:49 pm, Alfredo Quiroga-Villamil laww...@gmail.com
wrote:
Hello Victor:
If your focus is to learn GWT then I
If you are looking at Authentication and Authorization, then spring
security is the de facto standard (of course this is all for the server
side)!
--
You received this message because you are subscribed to the Google Groups
Google Web Toolkit group.
To view this discussion on the web visit
Hi Kevin, thanks for your answer.
I tried to do it on the interface my server-side code uses as the
implementation contract but I was using a JSR-250 annotation @RolesAllowed,
which wasn't on my client scope.
I just tried the @PreAuthorize annotation and it seems to work on the
client-side. Do I
You'll need to have your service invoked as a Spring Bean somehow to
make the annotations take effect. It won't work as just a servlet
entry in your web.xml. DispatcherServlet is one of the easiest way to
make it do that.
On Jul 8, 7:11 am, Renato Beserra renatobese...@gmail.com wrote:
Hi
You just solved my doubt. The DispatcherServlet looks very simple with your
explanation and I will try to use it.
Thank you very much!
Best Regards,
2011/7/8 Kevin Jordan ke...@kjordan.net
You'll need to have your service invoked as a Spring Bean somehow to
make the annotations take effect.
Hi,
I am integrating a GWT application with Spring Security and I got a great
example on a previous thread -
http://groups.google.com/group/google-web-toolkit/browse_thread/thread/c8032d9a472d975b/b9634461528cd31b?lnk=gstq=renatobeserra#b9634461528cd31b.
But now I want to secure my rpc calls,
Hi Renato,
I have a service layer, so in this method I use JSR250
http://en.wikipedia.org/wiki/JSR_250annotations, Spring security can work
with this API. In client side I don't protect the invocations. In server
side, spring security throws an exception, if try to access to a protected
method,
Thanks for your answer.
I considered something like that, but every restricted rpc method
implementation has to call another method, with its own interface secured by
annotations, right?
2011/7/7 Juan Pablo Gardella gardellajuanpa...@gmail.com
Hi Renato,
I have a service layer, so in this
It's been a while since I've set mine up to do this, but when you say
you're setting them in the interface on the client side, are you
trying them on the Async interface or the interface your server-side
code implements off of? If you do it on the interface your server-
side code uses as the
Hi
You could check:
* http://code.google.com/p/net-orcades-spring/
* http://code.google.com/p/orcades-gwt-spring/ for a MVP approach.
if will at least give you some ideas.
On Mar 9, 5:23 am, j.singh.developer j.singh.develo...@gmail.com
wrote:
This may be a repeatable question. I am looking
This may be a repeatable question. I am looking for a resource
(example would be nice) that takes into consideration all security
aspects of GWT and implements it using Spring Security. Any
guidelines, pointing to resources will be really appreciated.
Thanks
--
You received this message because
Read ProWeb 2.0 Application Development with GWT. There are some guidelines.
Juan
2011/3/8 j.singh.developer j.singh.develo...@gmail.com
This may be a repeatable question. I am looking for a resource
(example would be nice) that takes into consideration all security
aspects of GWT and
Hi Travis,
Is there any way that you can provide examples of your solution?
Thanks !
On Dec 21, 8:19 am, Travis Camechis camec...@gmail.com wrote:
instead of using that I created my own custom Spring Security
SuccessHandlers and Failure Handlers that returns JSON back to the client.
I
create a SuccessAuthenticationHandler and FailureAuthenticationHandler
public class AjaxSuccessAuthenticationHandler implements
AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
I use gwt requestBuilder to query server result, if server-side spring
checked user is not authenticated, it will forward to form-login
login-page=/gwtapplication.html#!login , but gwt is not
forwarded to that page. see below
requestBuilder.setCallback(new RequestCallback() {
instead of using that I created my own custom Spring Security
SuccessHandlers and Failure Handlers that returns JSON back to the client.
I then let the client handle the place management based on
success:true/false. At this point I can also send credentials back in the
JSON as well.
On Tue, Dec
Hi all.
I'm new here. I'm currently using gwt 1.7 gwt-ext 2.0.x, spring 2.5
and spring-security 2.0.4. I met a problem that I have tried to get a
solution for two days with no answer yet. The problem is that any
unprotected gwt pages return blank with an error message Line: 2
Char: 1 Error: Syntax
Hi Jonathan,
Do you have sample code, i am looking for sample app with Gwt and spring
secturity. please help me...
thanks,
Sridhar
On Fri, Dec 11, 2009 at 6:58 PM, jonathan.hollo...@gmail.com
jonathan.hollo...@gmail.com wrote:
Awesome, I'll take a look at it...
On Dec 11, 12:41 am, olivier
-
Fra: google-web-toolkit@googlegroups.com
[mailto:google-web-tool...@googlegroups.com] På vegne av sridhar vennela
Sendt: 12. desember 2009 17:36
Til: google-web-toolkit@googlegroups.com
Emne: Re: GWT + Spring Security
Hi Jonathan,
Do you have sample code, i am looking for sample app with Gwt
: Re: GWT + Spring Security
Hi Jonathan,
Do you have sample code, i am looking for sample app with Gwt and spring
secturity. please help me...
thanks,
Sridhar
On Fri, Dec 11, 2009 at 6:58 PM, jonathan.hollo...@gmail.com
jonathan.hollo...@gmail.com wrote:
Awesome, I'll take
Hi jonathan,
Are you using maven ?
If the answer is yes:
http://groups.google.com/group/google-web-toolkit/browse_thread/thread/be6b6681192aa54a?pli=1
http://groups.google.com/group/google-web-toolkit/browse_thread/thread/be6b6681192aa54a?pli=1
On Thu, Dec 10, 2009 at 8:40 PM,
Awesome, I'll take a look at it...
On Dec 11, 12:41 am, olivier nouguier olivier.nougu...@gmail.com
wrote:
Hi jonathan,
Are you using maven ?
If the answer is
yes:http://groups.google.com/group/google-web-toolkit/browse_thread/threa...
I'm having issues with the Spring Security and GWT. Defining the
following in my Spring config file:
beans xmlns=http://www.springframework.org/schema/beans;
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
xmlns:security=http://www.springframework.org/schema/security;
anyone tried this gwt+spring security+facebook connect ?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Google Web Toolkit group.
To post to this group, send email to Google-Web-Toolkit@googlegroups.com
i am refering to
http://www.grails.org/AcegiSecurity%2BPlugin%2B-%2BCustomizing%2Bwith%2BSecurityConfig
but seem to me , the plugin only for grails. anyone can comment ?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google
47 matches
Mail list logo