Spring security blocking access to GWT servicesWhat's the difference between @Component, @Repository & @Service annotations in Spring?Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security]Spring Security with Openid and Database IntegrationSpring Security with OpenIDAuthenticationFilter problemSpring MVC + Hibernate 4 + Spring SecuritySpring MVC: Controller RequestMapping working, but return always gives a 404GWT - Spring security url interceptingSpring security logout - add a message only when logout triggered from a logged in userIntelliJ + Spring Web MVCSpring Security - Unable to locate Spring NamespaceHandler — security
This message is flooding my syslog, how to find where it comes from?
How can I stop myself from micromanaging other PCs' actions?
Does the Intel 8086 CPU have user mode and kernel mode?
How do I generate distribution of positive numbers only with min, max and mean?
401(k) investment after being fired. Do I own it?
Explain why watch 'jobs' does not work but watch 'ps' work?
Is it normal practice to screen share with a client?
Commercial jet accompanied by small plane near Seattle
Why didn't Britain or any other European power colonise Abyssinia/Ethiopia before 1936?
Inadvertently nuked my disk permission structure - why?
Marrying a second woman behind your wife's back: is it wrong and can Quran/Hadith prove this?
Weed in Massachusetts: underground roots, skunky smell when bruised
Can the 2019 UA Artificer's Returning Weapon and Radiant Weapon infusions stack on the same weapon?
Is dd if=/dev/urandom of=/dev/mem safe?
How can I create a pattern of parallel lines that are increasing in distance in Photoshop / Illustrator?
Trying to build a function to compute divided difference for arbitrary list of points
Word for showing a small part of something briefly to hint to its existence or beauty without fully uncovering it
High income, sudden windfall
How acidic does a mixture have to be for milk to curdle?
Why are so many countries still in the Commonwealth?
Is there a reason why I should not use the HaveIBeenPwned API to warn users about exposed passwords?
USA: Can a witness take the 5th to avoid perjury?
Why isn't there a serious attempt at creating a third mass-appeal party in the US?
How important is a good quality camera for good photography?
Spring security blocking access to GWT services
What's the difference between @Component, @Repository & @Service annotations in Spring?Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security]Spring Security with Openid and Database IntegrationSpring Security with OpenIDAuthenticationFilter problemSpring MVC + Hibernate 4 + Spring SecuritySpring MVC: Controller RequestMapping working, but return always gives a 404GWT - Spring security url interceptingSpring security logout - add a message only when logout triggered from a logged in userIntelliJ + Spring Web MVCSpring Security - Unable to locate Spring NamespaceHandler — security
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I am a Spring security newbie am am having an issue when I am pairing it up with GWT. Namely, my calls to the services in GWT are marked as 403 forbidden.
POST http://127.0.0.1:8888/grapl/adminService 403 (Forbidden)
Here is my spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- This is where we configure Spring-Security -->
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:intercept-url pattern="/grapl/auth/**" access="isAuthenticated()"/>
<security:intercept-url pattern="/grapl/adminService/**" access="isAuthenticated()"/>
</security:http>
<b:bean id="graplAuthentication" class="com.lilly.rim.security.GraplAuthentication"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="graplAuthentication" />
</security:authentication-manager>
</b:beans>
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-security.xml, /WEB-INF/applicationContext.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Servlets -->
<servlet>
<servlet-name>AdminServiceServlet</servlet-name>
<servlet-class>com.foo.rim.server.AdminServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>LoaderServiceServlet</servlet-name>
<servlet-class>com.foo.rim.server.LoaderServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>authServlet</servlet-name>
<servlet-class>com.foo.rim.server.AuthServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>authServlet</servlet-name>
<url-pattern>/grapl/auth</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AdminServiceServlet</servlet-name>
<url-pattern>/grapl/adminService</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoaderServiceServlet</servlet-name>
<url-pattern>/grapl/loaderService</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>grapl.html</welcome-file>
</welcome-file-list>
</web-app>
Login and authentication is fine. I am redirected to my gwt frontend. My backend for the Spring authentication is a custom provider. All the configuration is done in the spring-security.xml.
Do the GWT servlets need a Spring annotation? Any example I have seen seems like it should all work via the configuration.
spring gwt spring-security
add a comment |
I am a Spring security newbie am am having an issue when I am pairing it up with GWT. Namely, my calls to the services in GWT are marked as 403 forbidden.
POST http://127.0.0.1:8888/grapl/adminService 403 (Forbidden)
Here is my spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- This is where we configure Spring-Security -->
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:intercept-url pattern="/grapl/auth/**" access="isAuthenticated()"/>
<security:intercept-url pattern="/grapl/adminService/**" access="isAuthenticated()"/>
</security:http>
<b:bean id="graplAuthentication" class="com.lilly.rim.security.GraplAuthentication"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="graplAuthentication" />
</security:authentication-manager>
</b:beans>
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-security.xml, /WEB-INF/applicationContext.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Servlets -->
<servlet>
<servlet-name>AdminServiceServlet</servlet-name>
<servlet-class>com.foo.rim.server.AdminServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>LoaderServiceServlet</servlet-name>
<servlet-class>com.foo.rim.server.LoaderServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>authServlet</servlet-name>
<servlet-class>com.foo.rim.server.AuthServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>authServlet</servlet-name>
<url-pattern>/grapl/auth</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AdminServiceServlet</servlet-name>
<url-pattern>/grapl/adminService</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoaderServiceServlet</servlet-name>
<url-pattern>/grapl/loaderService</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>grapl.html</welcome-file>
</welcome-file-list>
</web-app>
Login and authentication is fine. I am redirected to my gwt frontend. My backend for the Spring authentication is a custom provider. All the configuration is done in the spring-security.xml.
Do the GWT servlets need a Spring annotation? Any example I have seen seems like it should all work via the configuration.
spring gwt spring-security
add a comment |
I am a Spring security newbie am am having an issue when I am pairing it up with GWT. Namely, my calls to the services in GWT are marked as 403 forbidden.
POST http://127.0.0.1:8888/grapl/adminService 403 (Forbidden)
Here is my spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- This is where we configure Spring-Security -->
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:intercept-url pattern="/grapl/auth/**" access="isAuthenticated()"/>
<security:intercept-url pattern="/grapl/adminService/**" access="isAuthenticated()"/>
</security:http>
<b:bean id="graplAuthentication" class="com.lilly.rim.security.GraplAuthentication"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="graplAuthentication" />
</security:authentication-manager>
</b:beans>
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-security.xml, /WEB-INF/applicationContext.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Servlets -->
<servlet>
<servlet-name>AdminServiceServlet</servlet-name>
<servlet-class>com.foo.rim.server.AdminServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>LoaderServiceServlet</servlet-name>
<servlet-class>com.foo.rim.server.LoaderServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>authServlet</servlet-name>
<servlet-class>com.foo.rim.server.AuthServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>authServlet</servlet-name>
<url-pattern>/grapl/auth</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AdminServiceServlet</servlet-name>
<url-pattern>/grapl/adminService</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoaderServiceServlet</servlet-name>
<url-pattern>/grapl/loaderService</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>grapl.html</welcome-file>
</welcome-file-list>
</web-app>
Login and authentication is fine. I am redirected to my gwt frontend. My backend for the Spring authentication is a custom provider. All the configuration is done in the spring-security.xml.
Do the GWT servlets need a Spring annotation? Any example I have seen seems like it should all work via the configuration.
spring gwt spring-security
I am a Spring security newbie am am having an issue when I am pairing it up with GWT. Namely, my calls to the services in GWT are marked as 403 forbidden.
POST http://127.0.0.1:8888/grapl/adminService 403 (Forbidden)
Here is my spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- This is where we configure Spring-Security -->
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:intercept-url pattern="/grapl/auth/**" access="isAuthenticated()"/>
<security:intercept-url pattern="/grapl/adminService/**" access="isAuthenticated()"/>
</security:http>
<b:bean id="graplAuthentication" class="com.lilly.rim.security.GraplAuthentication"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="graplAuthentication" />
</security:authentication-manager>
</b:beans>
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-security.xml, /WEB-INF/applicationContext.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Servlets -->
<servlet>
<servlet-name>AdminServiceServlet</servlet-name>
<servlet-class>com.foo.rim.server.AdminServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>LoaderServiceServlet</servlet-name>
<servlet-class>com.foo.rim.server.LoaderServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>authServlet</servlet-name>
<servlet-class>com.foo.rim.server.AuthServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>authServlet</servlet-name>
<url-pattern>/grapl/auth</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AdminServiceServlet</servlet-name>
<url-pattern>/grapl/adminService</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoaderServiceServlet</servlet-name>
<url-pattern>/grapl/loaderService</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>grapl.html</welcome-file>
</welcome-file-list>
</web-app>
Login and authentication is fine. I am redirected to my gwt frontend. My backend for the Spring authentication is a custom provider. All the configuration is done in the spring-security.xml.
Do the GWT servlets need a Spring annotation? Any example I have seen seems like it should all work via the configuration.
spring gwt spring-security
spring gwt spring-security
asked Mar 26 at 17:30
jebrickjebrick
722 silver badges9 bronze badges
722 silver badges9 bronze badges
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I needed to disable the csrf check.
<security:http ...
<security:csrf disabled="true" />
</security:http>
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55363061%2fspring-security-blocking-access-to-gwt-services%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I needed to disable the csrf check.
<security:http ...
<security:csrf disabled="true" />
</security:http>
add a comment |
I needed to disable the csrf check.
<security:http ...
<security:csrf disabled="true" />
</security:http>
add a comment |
I needed to disable the csrf check.
<security:http ...
<security:csrf disabled="true" />
</security:http>
I needed to disable the csrf check.
<security:http ...
<security:csrf disabled="true" />
</security:http>
answered Mar 26 at 18:43
jebrickjebrick
722 silver badges9 bronze badges
722 silver badges9 bronze badges
add a comment |
add a comment |
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55363061%2fspring-security-blocking-access-to-gwt-services%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown