Announcement Announcement Module
Collapse
No announcement yet.
Questions on Spring Security + Spring Flex Integration + dm Server Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Questions on Spring Security + Spring Flex Integration + dm Server

    Hello,

    Here is my configuration

    module-context.xml
    Code:
    	<security:authentication-provider>
    		<security:user-service>
    			<security:user name="xaos" password="xaos" authorities="ROLE_USER, ROLE_ADMIN" />
    		</security:user-service>
    	</security:authentication-provider>
    
    	<flex:message-broker>
    		<flex:secured per-client-authentication="false"/>
    	</flex:message-broker>
    
    	<bean id="nearPingSecured" class="t3.service.blazeds.util.Ping">
    		<property name="message" value="Tshhhh...."/>
    		<flex:remoting-destination/>
    		<security:intercept-methods>
    			<security:protect method="*" access="ROLE_USER"/>
    		</security:intercept-methods>
    	</bean>
    and it works...partly :
    • if I try to access to nearPingSecured from flex client I'm getting error - ok
    • if I authenticate from flex client - then I can access the service - ok
    • but if I authenticate from flex client and reload flex client - then I can not access it anymore. Still if I try to auth now as some other user I get `Cannot re-authenticate in the same session.` error. - problem

    I tried to add the following this
    Code:
     
    	<bean id="preAuthenticatedEntryPoint" class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" />
    	
    	<security:http entry-point-ref="preAuthenticatedEntryPoint"/>
    or this
    Code:
    	
    	<security:http auto-config="true"/>
    to module-context.xml - both does not change anything at all... Do I really need them? What for?

    also I tried adding
    Web-FilterMappings: springSecurityFilterChain;url-patterns:="/*"
    to MANIFEST.MF

    but after this my application stopped to deploy on dm server with some strange errors
    java.lang.IllegalStateException: ContainerBase.addChild: start: LifecycleException: start: : java.lang.NullPointerException
    at org.apache.catalina.core.ContainerBase.addChildInt ernal(ContainerBase.java:795)
    at org.apache.catalina.core.ContainerBase.addChild(Co ntainerBase.java:771)
    at org.apache.catalina.core.StandardHost.addChild(Sta ndardHost.java:525)
    at com.springsource.server.servlet.tomcat.TomcatServl etContainer.addContext(TomcatServletContainer.java :954)
    .............
    What am I doing wrong?

  • #2
    Found out the problem.

    To have the authentication working between flash application reload one need to add some kind of <security:http .../> to the context and to add Web-FilterMappings: springSecurityFilterChain;url-patterns:="/*" to the manifest file.

    Latter caused the deployment time errors because I have no dependency on org.springframework.web bundle, that was needed.

    Comment


    • #3
      Thanks for persevering, and for taking the time to report the problem.

      Unfortunately, I've tried to recreate the NPE and have not been able to do so. I've updated the JIRA that you opened with my findings, as I said in my comment it'd be great if you could provide us with an app that reproduces the NPE as we'd really like to get to the bottom of the problem and improve the diagnostics if at all possible.

      Thanks again,
      Andy

      Comment

      Working...
      X