Announcement Announcement Module
Collapse
No announcement yet.
security:authorize tags not working Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Problem solved, sort of

    Just tried again. I saw this problem when deploying app to springsource dm server 2.0 from springsource tool suite. However, if I ran app from command line "mvn tomcat:run", this time security is run successfully.

    However, after login, and logoff, and login again, this time app shows me blank screen (from both IE and firefox), I have to refresh the page to get app showing, but this could be roo RC3 related, not security related.

    Comment


    • #17
      Rc4

      Originally posted by bliu72 View Post
      Just tried again. I saw this problem when deploying app to springsource dm server 2.0 from springsource tool suite. However, if I ran app from command line "mvn tomcat:run", this time security is run successfully.

      However, after login, and logoff, and login again, this time app shows me blank screen (from both IE and firefox), I have to refresh the page to get app showing, but this could be roo RC3 related, not security related.


      -- When roo RC4 will be released?

      Comment


      • #18
        I think I figured out my problem. I was including the security tag library in my layouts/default.jspx page, assuming it would take effect on my views/index.jspx page. It didn't.

        So I added it to my views/index.jspx page and it worked. Below is what my index.jspx page looks like:

        <div
        xmlns:spring="http://www.springframework.org/tags"
        xmlns:security="http://www.springframework.org/security/tags"
        >
        <script type="text/javascript">dojo.require("dijit.TitlePane")</script>
        <div style="width: 100%" id="_title">
        <spring:message var="title" code="welcome.titlepane" />
        <script type="text/javascript">Spring.addDecoration(new Spring.ElementDecoration({elementId : '_title', widgetType : 'dijit.TitlePane', widgetAttrs : {title: '${title}'}})); </script>
        <h3><spring:message code="welcome.h3" /></h3>
        <p><spring:message code="welcome.text" /></p>

        <security:authorize ifAllGranted="ROLE_ADMIN">
        <hr />
        This is secure!<br />
        <hr />
        </security:authorize>

        </div>
        </div>
        It seems to be working consistently for me now.

        Comment


        • #19
          Yes the namespace needs to be declared in every file where you wish to use it. I am surprised it did not complain about the unknown security namespace before...

          Anyway, thanks for making this clear for the benefit of all!

          Cheers,
          Stefan

          Comment


          • #20
            security:authorize tags not working with UrlRewriteFilter

            Hi,

            My web app was working with spring and spring security 3.0.0. I have added UrlRewriteFilter and spring security tags are not working anymore. If I remove UrlRewriteFilter , it works again.

            My web.xml contains the following jsp-config

            Code:
            	
            	<jsp-config>
            		<jsp-property-group>
            			<url-pattern>*.jsp</url-pattern>
            			<scripting-invalid>true</scripting-invalid>
            		<include-prelude>/WEB-INF/views/includes/prelude.jspf</include-prelude>
            		</jsp-property-group>
            	</jsp-config>
            and prelude.jspf has following content.
            Code:
            <%@ taglib prefix="tiles" uri="http://tiles.apache.org/tags-tiles"%>
            <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
            <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
            <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
            <%@ taglib prefix="c" uri="http://java.sun.com/jstl/core_rt" %>
            <%@ taglib prefix="fmt" uri="http://java.sun.com/jstl/fmt_rt" %>
            <%@ taglib prefix="mytag" tagdir="/WEB-INF/tags" %>
            No matter where I put the security tag library, it doesn't work, and whenever I remove UrlRewriteFilter everything works ...

            UrlRewriteFilter
            Code:
            	
            <filter>
            		<filter-name>UrlRewriteFilter</filter-name>
            		<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
            	</filter>
            
            	<filter-mapping>
            		<filter-name>UrlRewriteFilter</filter-name>
            		<url-pattern>/*</url-pattern>
            	</filter-mapping>
            Here are the spring security tags:

            Code:
            <security:authorize access="hasAnyRole('ROLE_USER','ROLE_PARTNER', 'ROLE_ADMIN')">
            <a href="${pageContext.request.contextPath}/micro/accountSetting">Account & Settings</a> | 
                <span style="text-align: right;"> Welcome
                <security:authentication property="name" /> | <a 
            			href="${pageContext.request.contextPath}/logout.jsp" >Sign Out</a></span>
            </security:authorize> 
            
            <security:authorize  access="!hasAnyRole('ROLE_USER','ROLE_PARTNER', 'ROLE_ADMIN')">
            <span> Hello, Guest!</span> |   <a id="signinNode2" href="${pageContext.request.contextPath}/micro/signin" onclick="">Sign in</a> 
            
            </security:authorize>


            Please help, thanks in advance.
            Last edited by asheikh; Jan 13th, 2010, 01:41 PM.

            Comment


            • #21
              Originally posted by bliu72 View Post
              Just tried again. I saw this problem when deploying app to springsource dm server 2.0 from springsource tool suite. However, if I ran app from command line "mvn tomcat:run", this time security is run successfully.

              However, after login, and logoff, and login again, this time app shows me blank screen (from both IE and firefox), I have to refresh the page to get app showing, but this could be roo RC3 related, not security related.
              I had a similar problem after deploying .war to tomcat...
              By default, Roo generates configuration of Spring Security which includes use sha-256.
              But, at packaging in war, sha-256 provider is not added.

              I have fixed this issue by adding of dependency to pom.xml
              Code:
              ...
               <repositories>
              ...
                      <repository>
                          <id>org.maven.repo1</id>
                          <name>org.maven.repo1</name>
                          <url>http://repo1.maven.org/maven2</url>
                      </repository>
              ...
               </repositories>
              ...
              <dependencies>
              ...
                        <dependency>
                          <groupId>commons-codec</groupId>
                          <artifactId>commons-codec</artifactId>
                          <version>1.4</version>
                       </dependency>
              ...
              </dependencies>
              ...
              To see the reason of magic problems, disable your error pages.
              webmvc-config.xml:

              Code:
                  <bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
                      <!--<property name="exceptionMappings">
                          ...
                      </property>-->
                  </bean>
              Exceptions are not logged, when are processed by error pages.
              So, there is ClassNotFoundException in my case.
              Last edited by dzmitry; Jan 13th, 2010, 06:12 PM.

              Comment


              • #22
                Hi,

                Always when something doesn't work it is my mistake.
                this time, I have had the following configuration in web.xml

                Code:
                	<filter>
                		<filter-name>springSecurityFilterChain</filter-name>
                		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
                	</filter>
                
                	<filter-mapping>
                		<filter-name>springSecurityFilterChain</filter-name>
                		<url-pattern>/micro*</url-pattern>
                	</filter-mapping>
                and if I access http://localhost:8080/somict/micro/partner security tag and urlrewrite both work

                but if I access the url http://localhost:8080/somict/partner security tag and urlrewrite don't work together because the security filter is not started since the url doesn't have /micro* pattern

                I know it is an obvious thing, but I hope that may help someone ;-)

                Comment


                • #23
                  Thanks for sharing. Indeed the filter security chain is almost always just *, as it internally performs filtering of paths it is interested in.

                  Comment


                  • #24
                    Hello there!

                    Could someone please post fullly working demo app with spring security and urlrewrite?

                    I can't get it working Tried for 5-6 hours.


                    Edit:

                    I've done by following way:
                    http://forum.springsource.org/showpo...34&postcount=5
                    Last edited by digz6666; Aug 23rd, 2010, 03:09 AM.

                    Comment

                    Working...
                    X