Announcement Announcement Module
Collapse
No announcement yet.
How to setup Spring Security 3 and Flex Integration 1.5 with multiple entry points ? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to setup Spring Security 3 and Flex Integration 1.5 with multiple entry points ?

    Hello all,

    First of all thanks to anyone answering. Right now I'm working on an application with a Flex based user frontend and a Web based Admin frontend, both have their own log in/authentication forms. Basically what I'm trying to achieve is to have them both use the same authentication mechanism. The problem I'm facing is that I get an exception when I configure both to run at the same time, what I understand from the exception is that the <security:form-login> element automatically generates its own SessionFixationProtectionStrategy so when I add the entry point for Flex I get a colision. I've been trying to find information as to how to get this 2 entry points working together but so far the search has been fruitless, It'd be great if anyone could shed some light on this issue.

    Edit: I forgot to add that the admin web interface and the user flash interface are configured usin 2 different servlets. ie: my web.xml has 2 servlet elements.

    Thanks in advance.
    Last edited by Cybrid; Sep 20th, 2011, 04:50 AM.

  • #2
    Here my security config:

    Code:
    <security:global-method-security secured-annotations="enabled" jsr250-annotations="enabled"/>
        
        
        <security:http pattern="/messagebroker/**" entry-point-ref="flexEntryPoint">
        	<security:anonymous enabled="false"/>
        	<security:session-management>
                <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
            </security:session-management>
        </security:http>
        
        <bean id="flexEntryPoint" class="org.springframework.flex.security3.FlexAuthenticationEntryPoint"/>
       
        <!--  -->
        <security:http pattern="/favicon.ico" security="none"/>
        <security:http pattern="/login*" security="none"/>
        <security:http pattern="/logoutSuccess*" security="none"/>
        <security:http pattern="/apollo/css/**" security="none"/>
        <security:http pattern="/apollo/js/**" security="none"/>
        <security:http pattern="/apollo/img/**" security="none"/>
        <security:http pattern="/common/css/**" security="none"/>
        <security:http pattern="/common/js/**" security="none"/>
        <security:http pattern="/common/img/**" security="none"/>
        <security:http pattern="/MoneyManager.swf" security="none"/>
        <security:http pattern="/assets/**" security="none"/>
        <security:http pattern="/index.jsp" security="none"/>
        
        <security:http servlet-api-provision="true" >
    
            <security:intercept-url pattern="/cms/*" access="ROLE_ADMIN"/>
            <security:intercept-url pattern="/cms/users/*" access="ROLE_ADMIN,ROLE_USER_MANAGER"/>
            <security:intercept-url pattern="/cms/content/*" access="ROLE_ADMIN,ROLE_CONTENT_MANAGER"/>        
            <security:intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN" />
    
            <security:form-login  login-page="/login.html" default-target-url="/home.html" 
            					always-use-default-target="false" authentication-failure-url="/login.html"/>
            					
            <security:remember-me/>
            <security:logout logout-success-url="/login.html" />
    		
        </security:http>
       
        
        <!-- LISTENERS TO UPDATE USERS ON SUCCESSFUL AND FAILED LOGIN ATTEMPTS -->
        <bean id="successfulLogInListener" class="uk.co.ecube.web.security.SuccessfulLogInListener"/>
        <bean id="failedLogInListener" class="uk.co.ecube.web.security.FailedLogInListener"/>
      	
      	<security:authentication-manager>
        	<security:authentication-provider user-service-ref='userService'>
        		<security:password-encoder ref="passwordEncoder">
        			<security:salt-source ref="saltSource" />
        		</security:password-encoder>
        	</security:authentication-provider>
      	</security:authentication-manager>
    
        <bean id="saltSource" class="uk.co.ecube.core.security.CustomSaltSource" />
        <bean id="passwordEncoder" class="uk.co.ecube.core.security.CustomPasswordEncoder" />
    </beans>

    Comment


    • #3
      Here the exception:
      Code:
      2011-09-20 09:45:03,859 INFO [org.springframework.beans.factory.support.DefaultListableBeanFactory] - <Destroying singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@115d277: defining beans [_messageBrokerHandlerAdapter,_messageBrokerDefaultHandlerMapping,_jsonConfigMapEditorConfigurer,_messageBrokerMessagingProcessor,_messageBrokerRemotingProcessor,_flexRemotingAnnotationPostProcessor,_hibernateSerializationConfigPostProcessor,org.springframework.flex.core.ExceptionTranslationAdvice#0,org.springframework.flex.core.EndpointServiceMessagePointcutAdvisor#0,_loginCommandPostProcessor,_messageBrokerLoginCommand,org.springframework.flex.core.LoginCommandConfigProcessor#0,org.springframework.flex.security3.SecurityExceptionTranslator#0,org.springframework.flex.security3.PerClientAuthenticationInterceptor#0,org.springframework.flex.security3.LoginMessageInterceptor#0,org.springframework.flex.core.MessageInterceptionAdvice#0,org.springframework.flex.core.EndpointServiceMessagePointcutAdvisor#1,_messageBrokerEndpointProcessor,_messageBroker,org.springframework.flex.remoting.RemotingDestinationExporter#0,org.springframework.flex.remoting.RemotingDestinationExporter#1,org.springframework.flex.remoting.RemotingDestinationExporter#2,org.springframework.flex.remoting.RemotingDestinationExporter#3,org.springframework.flex.remoting.RemotingDestinationExporter#4,org.springframework.flex.core.io.JpaHibernateConfigProcessor#0]; parent: org.springframework.beans.factory.support.DefaultListableBeanFactory@1c5ddd3>
      2011-09-20 09:45:03,859 ERROR [org.springframework.web.servlet.DispatcherServlet] - <Context initialization failed>
      org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name '_loginCommandPostProcessor': Unsatisfied dependency expressed through bean property 'sessionAuthenticationStrategy': : No unique bean of type [org.springframework.security.web.authentication.session.SessionAuthenticationStrategy] is defined: expected single matching bean but found 2: [org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy#0, org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy#0]; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No unique bean of type [org.springframework.security.web.authentication.session.SessionAuthenticationStrategy] is defined: expected single matching bean but found 2: [org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy#0, org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy#0]
      	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireByType(AbstractAutowireCapableBeanFactory.java:1167)
      	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1059)
      	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
      	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
      	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:295)
      	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
      	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:292)
      	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:198)
      	at org.springframework.context.support.AbstractApplicationContext.registerBeanPostProcessors(AbstractApplicationContext.java:727)
      	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:440)
      	at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:442)
      	at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:458)
      	at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:339)
      	at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:306)
      	at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133)
      	at javax.servlet.GenericServlet.init(GenericServlet.java:212)
      	at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1173)
      	at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993)
      	at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4421)
      	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4734)
      	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)
      	at org.apache.catalina.core.StandardHost.start(StandardHost.java:840)
      	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)
      	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)
      	at org.apache.catalina.core.StandardService.start(StandardService.java:525)
      	at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
      	at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      	at java.lang.reflect.Method.invoke(Method.java:597)
      	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
      	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
      Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No unique bean of type [org.springframework.security.web.authentication.session.SessionAuthenticationStrategy] is defined: expected single matching bean but found 2: [org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy#0, org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy#0]
      	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:796)
      	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:703)
      	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireByType(AbstractAutowireCapableBeanFactory.java:1152)
      	... 32 more
      e.ContainerBase.start(ContainerBase.java:1057)
      	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)
      	at org.apache.catalina.core.StandardService.start(StandardService.java:525)
      	at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
      	at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      	at java.lang.reflect.Method.invoke(Method.java:597)
      	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
      	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

      Comment


      • #4
        No takers on this one?

        Comment


        • #5
          Did you solve this issue

          Comment


          • #6
            You should declare explicitly the session authentication strategy. For example :

            Code:
                <http entry-point-ref="entryPoint" pattern="/messagebroker/**">
                    <session-management session-authentication-strategy-ref="sas"/>
                    <anonymous enabled="false"/>
                </http>
                
                <beans:bean id="entryPoint" 
                    class="org.springframework.flex.security3.FlexAuthenticationEntryPoint"/>
                
                <http entry-point-ref="restAuthenticationEntryPoint" pattern="/rest/**">
                    <session-management session-authentication-strategy-ref="sas"/>
                    <anonymous enabled="false"/>
                    <http-basic/>
                </http>
            
                <beans:bean id="sas"
                  class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy"/>

            Comment

            Working...
            X