Spring security blocking access to GWT servicesWhat's the difference between @Component, @Repository & @Service annotations in Spring?Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security]Spring Security with Openid and Database IntegrationSpring Security with OpenIDAuthenticationFilter problemSpring MVC + Hibernate 4 + Spring SecuritySpring MVC: Controller RequestMapping working, but return always gives a 404GWT - Spring security url interceptingSpring security logout - add a message only when logout triggered from a logged in userIntelliJ + Spring Web MVCSpring Security - Unable to locate Spring NamespaceHandler — security

This message is flooding my syslog, how to find where it comes from?

How can I stop myself from micromanaging other PCs' actions?

Does the Intel 8086 CPU have user mode and kernel mode?

How do I generate distribution of positive numbers only with min, max and mean?

401(k) investment after being fired. Do I own it?

Explain why watch 'jobs' does not work but watch 'ps' work?

Is it normal practice to screen share with a client?

Commercial jet accompanied by small plane near Seattle

Why didn't Britain or any other European power colonise Abyssinia/Ethiopia before 1936?

Inadvertently nuked my disk permission structure - why?

Marrying a second woman behind your wife's back: is it wrong and can Quran/Hadith prove this?

Weed in Massachusetts: underground roots, skunky smell when bruised

Can the 2019 UA Artificer's Returning Weapon and Radiant Weapon infusions stack on the same weapon?

Is dd if=/dev/urandom of=/dev/mem safe?

How can I create a pattern of parallel lines that are increasing in distance in Photoshop / Illustrator?

Trying to build a function to compute divided difference for arbitrary list of points

Word for showing a small part of something briefly to hint to its existence or beauty without fully uncovering it

High income, sudden windfall

How acidic does a mixture have to be for milk to curdle?

Why are so many countries still in the Commonwealth?

Is there a reason why I should not use the HaveIBeenPwned API to warn users about exposed passwords?

USA: Can a witness take the 5th to avoid perjury?

Why isn't there a serious attempt at creating a third mass-appeal party in the US?

How important is a good quality camera for good photography?



Spring security blocking access to GWT services


What's the difference between @Component, @Repository & @Service annotations in Spring?Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security]Spring Security with Openid and Database IntegrationSpring Security with OpenIDAuthenticationFilter problemSpring MVC + Hibernate 4 + Spring SecuritySpring MVC: Controller RequestMapping working, but return always gives a 404GWT - Spring security url interceptingSpring security logout - add a message only when logout triggered from a logged in userIntelliJ + Spring Web MVCSpring Security - Unable to locate Spring NamespaceHandler — security






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1















I am a Spring security newbie am am having an issue when I am pairing it up with GWT. Namely, my calls to the services in GWT are marked as 403 forbidden.



POST http://127.0.0.1:8888/grapl/adminService 403 (Forbidden)


Here is my spring-security.xml



<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">


<!-- This is where we configure Spring-Security -->
<security:http auto-config="true" use-expressions="true">

<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:intercept-url pattern="/grapl/auth/**" access="isAuthenticated()"/>
<security:intercept-url pattern="/grapl/adminService/**" access="isAuthenticated()"/>

</security:http>

<b:bean id="graplAuthentication" class="com.lilly.rim.security.GraplAuthentication"/>

<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="graplAuthentication" />
</security:authentication-manager>

</b:beans>


Web.xml



<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-security.xml, /WEB-INF/applicationContext.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>



<!-- Servlets -->

<servlet>
<servlet-name>AdminServiceServlet</servlet-name>
<servlet-class>com.foo.rim.server.AdminServiceImpl</servlet-class>

</servlet>

<servlet>
<servlet-name>LoaderServiceServlet</servlet-name>
<servlet-class>com.foo.rim.server.LoaderServiceImpl</servlet-class>
</servlet>

<servlet>
<servlet-name>authServlet</servlet-name>
<servlet-class>com.foo.rim.server.AuthServiceImpl</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>authServlet</servlet-name>
<url-pattern>/grapl/auth</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AdminServiceServlet</servlet-name>
<url-pattern>/grapl/adminService</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>LoaderServiceServlet</servlet-name>
<url-pattern>/grapl/loaderService</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>



<welcome-file-list>
<welcome-file>grapl.html</welcome-file>
</welcome-file-list>

</web-app>


Login and authentication is fine. I am redirected to my gwt frontend. My backend for the Spring authentication is a custom provider. All the configuration is done in the spring-security.xml.



Do the GWT servlets need a Spring annotation? Any example I have seen seems like it should all work via the configuration.










share|improve this question




























    1















    I am a Spring security newbie am am having an issue when I am pairing it up with GWT. Namely, my calls to the services in GWT are marked as 403 forbidden.



    POST http://127.0.0.1:8888/grapl/adminService 403 (Forbidden)


    Here is my spring-security.xml



    <?xml version="1.0" encoding="UTF-8"?>
    <b:beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:b="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">


    <!-- This is where we configure Spring-Security -->
    <security:http auto-config="true" use-expressions="true">

    <security:intercept-url pattern="/login" access="permitAll" />
    <security:intercept-url pattern="/**" access="isAuthenticated()" />
    <security:intercept-url pattern="/grapl/auth/**" access="isAuthenticated()"/>
    <security:intercept-url pattern="/grapl/adminService/**" access="isAuthenticated()"/>

    </security:http>

    <b:bean id="graplAuthentication" class="com.lilly.rim.security.GraplAuthentication"/>

    <security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="graplAuthentication" />
    </security:authentication-manager>

    </b:beans>


    Web.xml



    <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
    http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    version="2.5"
    xmlns="http://java.sun.com/xml/ns/javaee">
    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/spring-security.xml, /WEB-INF/applicationContext.xml</param-value>
    </context-param>
    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
    </filter>

    <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>



    <!-- Servlets -->

    <servlet>
    <servlet-name>AdminServiceServlet</servlet-name>
    <servlet-class>com.foo.rim.server.AdminServiceImpl</servlet-class>

    </servlet>

    <servlet>
    <servlet-name>LoaderServiceServlet</servlet-name>
    <servlet-class>com.foo.rim.server.LoaderServiceImpl</servlet-class>
    </servlet>

    <servlet>
    <servlet-name>authServlet</servlet-name>
    <servlet-class>com.foo.rim.server.AuthServiceImpl</servlet-class>
    </servlet>

    <servlet-mapping>
    <servlet-name>authServlet</servlet-name>
    <url-pattern>/grapl/auth</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>AdminServiceServlet</servlet-name>
    <url-pattern>/grapl/adminService</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
    <servlet-name>LoaderServiceServlet</servlet-name>
    <url-pattern>/grapl/loaderService</url-pattern>
    </servlet-mapping>
    <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>



    <welcome-file-list>
    <welcome-file>grapl.html</welcome-file>
    </welcome-file-list>

    </web-app>


    Login and authentication is fine. I am redirected to my gwt frontend. My backend for the Spring authentication is a custom provider. All the configuration is done in the spring-security.xml.



    Do the GWT servlets need a Spring annotation? Any example I have seen seems like it should all work via the configuration.










    share|improve this question
























      1












      1








      1








      I am a Spring security newbie am am having an issue when I am pairing it up with GWT. Namely, my calls to the services in GWT are marked as 403 forbidden.



      POST http://127.0.0.1:8888/grapl/adminService 403 (Forbidden)


      Here is my spring-security.xml



      <?xml version="1.0" encoding="UTF-8"?>
      <b:beans xmlns="http://www.springframework.org/schema/beans"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns:b="http://www.springframework.org/schema/beans"
      xmlns:security="http://www.springframework.org/schema/security"
      xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
      http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">


      <!-- This is where we configure Spring-Security -->
      <security:http auto-config="true" use-expressions="true">

      <security:intercept-url pattern="/login" access="permitAll" />
      <security:intercept-url pattern="/**" access="isAuthenticated()" />
      <security:intercept-url pattern="/grapl/auth/**" access="isAuthenticated()"/>
      <security:intercept-url pattern="/grapl/adminService/**" access="isAuthenticated()"/>

      </security:http>

      <b:bean id="graplAuthentication" class="com.lilly.rim.security.GraplAuthentication"/>

      <security:authentication-manager alias="authenticationManager">
      <security:authentication-provider ref="graplAuthentication" />
      </security:authentication-manager>

      </b:beans>


      Web.xml



      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
      http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
      version="2.5"
      xmlns="http://java.sun.com/xml/ns/javaee">
      <context-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>/WEB-INF/spring-security.xml, /WEB-INF/applicationContext.xml</param-value>
      </context-param>
      <filter>
      <filter-name>springSecurityFilterChain</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy
      </filter-class>
      </filter>

      <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
      </filter-mapping>



      <!-- Servlets -->

      <servlet>
      <servlet-name>AdminServiceServlet</servlet-name>
      <servlet-class>com.foo.rim.server.AdminServiceImpl</servlet-class>

      </servlet>

      <servlet>
      <servlet-name>LoaderServiceServlet</servlet-name>
      <servlet-class>com.foo.rim.server.LoaderServiceImpl</servlet-class>
      </servlet>

      <servlet>
      <servlet-name>authServlet</servlet-name>
      <servlet-class>com.foo.rim.server.AuthServiceImpl</servlet-class>
      </servlet>

      <servlet-mapping>
      <servlet-name>authServlet</servlet-name>
      <url-pattern>/grapl/auth</url-pattern>
      </servlet-mapping>
      <servlet-mapping>
      <servlet-name>AdminServiceServlet</servlet-name>
      <url-pattern>/grapl/adminService</url-pattern>
      </servlet-mapping>

      <servlet-mapping>
      <servlet-name>LoaderServiceServlet</servlet-name>
      <url-pattern>/grapl/loaderService</url-pattern>
      </servlet-mapping>
      <listener>
      <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
      </listener>



      <welcome-file-list>
      <welcome-file>grapl.html</welcome-file>
      </welcome-file-list>

      </web-app>


      Login and authentication is fine. I am redirected to my gwt frontend. My backend for the Spring authentication is a custom provider. All the configuration is done in the spring-security.xml.



      Do the GWT servlets need a Spring annotation? Any example I have seen seems like it should all work via the configuration.










      share|improve this question














      I am a Spring security newbie am am having an issue when I am pairing it up with GWT. Namely, my calls to the services in GWT are marked as 403 forbidden.



      POST http://127.0.0.1:8888/grapl/adminService 403 (Forbidden)


      Here is my spring-security.xml



      <?xml version="1.0" encoding="UTF-8"?>
      <b:beans xmlns="http://www.springframework.org/schema/beans"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns:b="http://www.springframework.org/schema/beans"
      xmlns:security="http://www.springframework.org/schema/security"
      xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
      http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">


      <!-- This is where we configure Spring-Security -->
      <security:http auto-config="true" use-expressions="true">

      <security:intercept-url pattern="/login" access="permitAll" />
      <security:intercept-url pattern="/**" access="isAuthenticated()" />
      <security:intercept-url pattern="/grapl/auth/**" access="isAuthenticated()"/>
      <security:intercept-url pattern="/grapl/adminService/**" access="isAuthenticated()"/>

      </security:http>

      <b:bean id="graplAuthentication" class="com.lilly.rim.security.GraplAuthentication"/>

      <security:authentication-manager alias="authenticationManager">
      <security:authentication-provider ref="graplAuthentication" />
      </security:authentication-manager>

      </b:beans>


      Web.xml



      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
      http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
      version="2.5"
      xmlns="http://java.sun.com/xml/ns/javaee">
      <context-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>/WEB-INF/spring-security.xml, /WEB-INF/applicationContext.xml</param-value>
      </context-param>
      <filter>
      <filter-name>springSecurityFilterChain</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy
      </filter-class>
      </filter>

      <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
      </filter-mapping>



      <!-- Servlets -->

      <servlet>
      <servlet-name>AdminServiceServlet</servlet-name>
      <servlet-class>com.foo.rim.server.AdminServiceImpl</servlet-class>

      </servlet>

      <servlet>
      <servlet-name>LoaderServiceServlet</servlet-name>
      <servlet-class>com.foo.rim.server.LoaderServiceImpl</servlet-class>
      </servlet>

      <servlet>
      <servlet-name>authServlet</servlet-name>
      <servlet-class>com.foo.rim.server.AuthServiceImpl</servlet-class>
      </servlet>

      <servlet-mapping>
      <servlet-name>authServlet</servlet-name>
      <url-pattern>/grapl/auth</url-pattern>
      </servlet-mapping>
      <servlet-mapping>
      <servlet-name>AdminServiceServlet</servlet-name>
      <url-pattern>/grapl/adminService</url-pattern>
      </servlet-mapping>

      <servlet-mapping>
      <servlet-name>LoaderServiceServlet</servlet-name>
      <url-pattern>/grapl/loaderService</url-pattern>
      </servlet-mapping>
      <listener>
      <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
      </listener>



      <welcome-file-list>
      <welcome-file>grapl.html</welcome-file>
      </welcome-file-list>

      </web-app>


      Login and authentication is fine. I am redirected to my gwt frontend. My backend for the Spring authentication is a custom provider. All the configuration is done in the spring-security.xml.



      Do the GWT servlets need a Spring annotation? Any example I have seen seems like it should all work via the configuration.







      spring gwt spring-security






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Mar 26 at 17:30









      jebrickjebrick

      722 silver badges9 bronze badges




      722 silver badges9 bronze badges






















          1 Answer
          1






          active

          oldest

          votes


















          0














          I needed to disable the csrf check.



          <security:http ...

          <security:csrf disabled="true" />
          </security:http>





          share|improve this answer






















            Your Answer






            StackExchange.ifUsing("editor", function ()
            StackExchange.using("externalEditor", function ()
            StackExchange.using("snippets", function ()
            StackExchange.snippets.init();
            );
            );
            , "code-snippets");

            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "1"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55363061%2fspring-security-blocking-access-to-gwt-services%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            I needed to disable the csrf check.



            <security:http ...

            <security:csrf disabled="true" />
            </security:http>





            share|improve this answer



























              0














              I needed to disable the csrf check.



              <security:http ...

              <security:csrf disabled="true" />
              </security:http>





              share|improve this answer

























                0












                0








                0







                I needed to disable the csrf check.



                <security:http ...

                <security:csrf disabled="true" />
                </security:http>





                share|improve this answer













                I needed to disable the csrf check.



                <security:http ...

                <security:csrf disabled="true" />
                </security:http>






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Mar 26 at 18:43









                jebrickjebrick

                722 silver badges9 bronze badges




                722 silver badges9 bronze badges


















                    Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.







                    Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.



















                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55363061%2fspring-security-blocking-access-to-gwt-services%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Kamusi Yaliyomo Aina za kamusi | Muundo wa kamusi | Faida za kamusi | Dhima ya picha katika kamusi | Marejeo | Tazama pia | Viungo vya nje | UrambazajiKuhusu kamusiGo-SwahiliWiki-KamusiKamusi ya Kiswahili na Kiingerezakuihariri na kuongeza habari

                    SQL error code 1064 with creating Laravel foreign keysForeign key constraints: When to use ON UPDATE and ON DELETEDropping column with foreign key Laravel error: General error: 1025 Error on renameLaravel SQL Can't create tableLaravel Migration foreign key errorLaravel php artisan migrate:refresh giving a syntax errorSQLSTATE[42S01]: Base table or view already exists or Base table or view already exists: 1050 Tableerror in migrating laravel file to xampp serverSyntax error or access violation: 1064:syntax to use near 'unsigned not null, modelName varchar(191) not null, title varchar(191) not nLaravel cannot create new table field in mysqlLaravel 5.7:Last migration creates table but is not registered in the migration table

                    은진 송씨 목차 역사 본관 분파 인물 조선 왕실과의 인척 관계 집성촌 항렬자 인구 같이 보기 각주 둘러보기 메뉴은진 송씨세종실록 149권, 지리지 충청도 공주목 은진현