Blog Archives

Spring Security

The Spring Security Namespace configuration is made up of the following two namespaces: Web Application Security namespace (<http>) – defines protected urls Authentication Services namespace – defines beans that will be used to authenticate users Web Application Security (<http>) After

Tagged with: ,
Posted in Spring, Spring Security

Setting up SSL

SSL serves two purposes : Encryption – data is encrypted with SSL before being sent using HTTP Authentication – the Certificate Authority guarantees the certificate holder is who they say they are First Step is to create a Self Sign

Posted in Java, Maven, Spring Security

Spring Security – login / logout

Use spring_security_login to login (auto form will post to j_spring_security_check) Use j_spring_security_logout to logout Note: Don’t forget to set ‘auto-config‘ to true on <http> element for free login form.

Posted in Spring, Spring Security

Spring Security: ‘permitAll’ vs security=’none’ vs …

access=”permitAll” works but requires use-expressions=”true” to be set. This will require that every access attribute evaluates as a valid expression (see link). <http auto-config=”true” use-expressions=”true”>         <intercept-url pattern=”/user/view” access=”permitAll” />         <intercept-url pattern=”/topsecret/**” access=”hasRole(‘ROLE_ADMIN’)” />         </http>

Posted in Java, Spring, Spring Security

Spring Security

Enable Spring security (web.xml): <!– spring security –> <filter>     <filter-name>springSecurityFilterChain</filter-name>     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping>     <filter-name>springSecurityFilterChain</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping> The /* mapping ensures that every request is filtered through the Spring Security interceptor. DelegatingFilterProxy delegates to a Spring injected Filter

Posted in Spring, Spring Security