Announcement Announcement Module
Collapse
No announcement yet.
How to setup Spring Security with GWT Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to setup Spring Security with GWT

    Hi,

    I'm currently writing a webapp using GWT 1.5.x. On the server side I want to use Spring Security (both url and method security).

    On the client side I'm planning to have to GWT modules:
    1. A login module
    2. The actual application module
    The login module I want to use as AuthenticationEntryPoint. It contains a GWT service which actually performs the authentication. What is somewhat unclear to me is how to integrate that with Spring Security.

    Does anybody have some samples, tutorials or the like I can look at as a starting point?

    Thanks in advance
    Harald

  • #2
    I used Spring Security to secure my GWT web application.

    I decided to do the login form as a stand-alone html/jsp form (instead of creating a login GWT module)... that way I can take advantage of the form-based login that Spring Security affords.

    The trick is to set up your filter chain to block any access to you GWT application (which includes RPCs) and only allow access once authenticated. If you have specific questions, I'd be happy to try and answer.

    Cheers..

    Comment


    • #3
      Hi posta07,

      thanks for your answer. That's exactly the approach I also have chosen after some trial and error.

      I have one further question:
      How do you handle exceptions from Spring Security? Are they wrapped inside an InvocationException and can be handled by the onFailure method?

      Best Regards
      Harald

      Comment


      • #4
        How do you handle exceptions from Spring Security?
        I believe you mean exceptions that are thrown because of authentication errors? When you wire up an ExceptionTranslationFilter to your filter chain you can specify what pages handle what errors or you can create your own handlers.

        Alternatively, are you referring to trying to handle Spring Security exceptions within your GWT-RPC call (onFailure()...)?

        Cheers...

        Comment


        • #5
          Originally posted by posta07 View Post
          Alternatively, are you referring to trying to handle Spring Security exceptions within your GWT-RPC call (onFailure()...)?
          That's exactly what I mean

          Comment


          • #6
            I haven't dealt with that level of exception handling yet (within the GWT modules), so I am not sure. I assume what you're trying to do is make sure that once a user is authenticated that they do not have access to certain RPC calls that they should not be making?

            I guess the way I would approach that is to secure the RPC methods with Spring AOP and then have the security logic determine whether the user is allowed to access (based on their roles, rights, etc)... then throw the appropriate exceptions which can be caught in your onFailure method.

            If you, or anyone reading this, can think of a better way to do this, I'm all ears

            Let me know how you end up doing this!

            Comment


            • #7
              handle session timeout

              Hi!

              How do you handle a session timeout? I have a gwt application with html/jsp form for login. When the session times out (or tomcat is restarted), the rpc call onFailure shows the login page as error message. So I could find out that the user must re-login in the error handler. I can then show a login-window (gwt). But how do I repeat the failed rpc call?

              Anyone solved this problem?

              regards
              Christof

              Comment


              • #8
                Try using this:

                Code:
                var invalidSession = function(){ window.location = '<%= request.getContextPath() %>/login.jsp'; };
                Ext.lib.Ajax.on('status:403', invalidSession );
                For Spring Security with GWT, you would have to code the FormPanel to perform a traditional form POST as opposed to an XHR call. The issue with doing it through an XHR call is that the return data is not in the proper format so GWT does not know what to do, or if you are stuck on using XHR, then you would have to write your own RequestCallback as a handler and parse the return information manually for the onSuccess and onFailure.

                Good luck.

                Comment


                • #9
                  Hi posta07,

                  i m new to GWT with SpringSecurity.
                  I have allready secured my application with springSecurity. It works fine for webservice calls, but i m not able to make it work with GWT. It would be really great if i could have a quick look at the security related stuff in your applicationContext.

                  Comment


                  • #10
                    Originally posted by greco View Post
                    Try using this:

                    Code:
                    var invalidSession = function(){ window.location = '<%= request.getContextPath() %>/login.jsp'; };
                    Ext.lib.Ajax.on('status:403', invalidSession );
                    For Spring Security with GWT, you would have to code the FormPanel to perform a traditional form POST as opposed to an XHR call. The issue with doing it through an XHR call is that the return data is not in the proper format so GWT does not know what to do, or if you are stuck on using XHR, then you would have to write your own RequestCallback as a handler and parse the return information manually for the onSuccess and onFailure.

                    Good luck.
                    This approach worked perfectly well for a rookie like me. The GWT Tutorial,

                    http://code.google.com/docreader/#p=...tartedTutorial

                    , introduces StockWatch application. I modified it to use Spring Security. The resulting WAR file (you can download it from http://minetats.com ) has been successfully tested with Tomcat 6.0.14 on Mac OS. To run this imperfect, but working, example of Spring Security in a GWT app, use rod/koala as userid/passwd.

                    In my first message I was not allowed to use URLs, please disregard it.

                    Comment


                    • #11
                      You should have a look at this project :
                      http://code.google.com/p/gwt-incubator-lib

                      There is a dedicated part for Spring Security integration using GWT-SL

                      Comment


                      • #12
                        gwt-incubator-lib

                        Do any one have a working sample of gwt-incubator-lib ?

                        Comment


                        • #13
                          Originally posted by springworld View Post
                          Do any one have a working sample of gwt-incubator-lib ?
                          What kind of problem did you encounter ?
                          I've already used it, successfully.

                          Comment


                          • #14
                            Hi Delirii,
                            Thanks for your reply.
                            I am trying to implement Spring security in simple Greetings RPC application. I am getting struck with the login page and how the roles is being propogated from client side.
                            Here are my questions
                            1. What configurations you do in client side, inorder to get the role propogated?
                            2. Are we going to add spring security related configuration in web.xml file?

                            WOuld be nice if you can point me to a implemented sample.

                            Thanks

                            Comment


                            • #15
                              gwt-incubator-lib does not work with GWT 1.7 it seams...

                              Comment

                              Working...
                              X