This week's book giveaway is in the Programmer Certification forum.
We're giving away four copies of OCP Oracle Certified Professional Java SE 11 Programmer I Study Guide: Exam 1Z0-815 and have Jeanne Boyarsky & Scott Selikoff on-line!
See this thread for details.
Win a copy of OCP Oracle Certified Professional Java SE 11 Programmer I Study Guide: Exam 1Z0-815 this week in the Programmer Certification forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Paweł Baczyński
  • Piet Souris
  • Vijitha Kumara

Can't use spring security authorize

 
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We've just impelmented spring security (with spring 2.5) in our web app where I'm struggling with some things.
I'm trying to do a redirect (from within a loginsuccess.jsp) according to the role of a user.
I've put the following in the jsp (this is from spring security tutorial) to test out:


Somehow I never pass this test even if the user has granted authority of ROLE_SOC

If I retrieve the sessionScope in this jsp, I can see the role:
{javax.servlet.jsp.jstl.fmt.request.charset=ISO-8859-1, SPRING_SECURITY_LAST_USERNAME=user@somemail.com, SPRING_SECURITY_CONTEXT=org.springframework.security.context.SecurityContextImpl@a9a3fb41: Authentication: org.springframework.security.providers.UsernamePasswordAuthenticationToken@a9a3fb41: Principal: org.springframework.security.userdetails.User@0: Username: user@somemail.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SOC; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 1128102A01AC8D176926A91795BF2B7A; Granted Authorities: ROLE_SOC}

Am I missing something here?
 
ranger
Posts: 17344
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What happens if you, just for testing purposes. Not have the loginsuccess.jsp page redirect. First try forwarding to see what happens. Then as the last test, just put a link on that loginsuccess.jsp page that sends you to the last page to see if the security works.

As far as using the tag library in your page, it is correct.

Mark
 
Mark Spritzler
ranger
Posts: 17344
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just out of curiosity. That last page URL, is it in your intercept-url as being intercepted for security?

Mark
 
Ergin Er
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think I've found the problem. It's indeed the intercept-url configuration that caused the problem.


Without any filtering there was no security activity inside the loginsuccess.jsp
After I added the access parameter for my roles:

I was able to use the security inside the screen. Thanks for your pointer ;-)
 
Mark Spritzler
ranger
Posts: 17344
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Cool beans. er Cool Spring Beans.

Mark
 
Here. Have a potato. I grew it in my armpit. And from my other armpit, this tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!