tag:blogger.com,1999:blog-20427072.post1674324747358627489..comments2024-03-01T08:14:47.040+00:00Comments on random thoughts...: GWT and Spring SecuritySee Wah Chenghttp://www.blogger.com/profile/08504655870498748611noreply@blogger.comBlogger23125tag:blogger.com,1999:blog-20427072.post-2077799428952582872012-06-13T01:15:25.696+01:002012-06-13T01:15:25.696+01:00Very interesting, would this still be the recommen...Very interesting, would this still be the recommended way with GWT 2.4 & Spring 3.1?dhofferhttps://www.blogger.com/profile/13594560224868336986noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-86562135722195213322011-02-18T12:03:37.034+00:002011-02-18T12:03:37.034+00:00Hello,
thanks for this howto.
I'm working an...Hello,<br /><br />thanks for this howto. <br />I'm working an a solution using this demo together with a dispatcher servlet to handle the rcp request in an easier way.<br /><br />But there are some problems using a dispatcher servlet:<br />- The init method of DependencyInjectionRemoteServiceServlet isn't called anymore<br />- The ServletContext isn't available in DependencyInjectionRemoteServiceServlet <br /><br />The way how to integrate the dispatcher servlet I described here:<br /><a href="http://www.i-net-design.com/2011/02/18/problem-including-dispatcher-servlet-with-spring-security/" rel="nofollow">http://www.i-net-design.com/2011/02/18/problem-including-dispatcher-servlet-with-spring-security/</a><br /><br />Perhaps someone knows how handle the spring injection of the servlet. I think it isn't a good solution to set the ServletContext call the init method by myself.<br /><br />ThanksUnknownhttps://www.blogger.com/profile/14807075678510111988noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-79151383018929439412011-01-02T06:29:57.616+00:002011-01-02T06:29:57.616+00:00Here is my applicationContext.xml
I removed the &q...Here is my applicationContext.xml<br />I removed the " < " and " >" to make it visible.<br /><br />beans:beans xmlns="http://www.springframework.org/schema/security"<br /> xmlns:beans="http://www.springframework.org/schema/beans"<br /> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"<br /> xmlns:osgi="http://www.springframework.org/schema/osgi"<br /> xmlns:security="http://www.springframework.org/schema/security"<br /> xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd<br /> http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"><br /><security:global-method-security secured-annotations="enabled" jsr250-annotations="disabled" <br /><br />bean id="dummyAuthenticationProvider" class="com.xxx.xxx.DummyAuthenticationProvider"<br /><br /> security:custom-authentication-provider <br />bean<br /><br />beans:beansravihttps://www.blogger.com/profile/15590394746939541564noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-75100285324371063092011-01-02T06:25:11.156+00:002011-01-02T06:25:11.156+00:00I am very new to Spring and I am getting the follo...I am very new to Spring and I am getting the following exception when I tried your blog.<br /><br /><br />invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'bean'.:<br /><br />Here is my applicationContext.xmlravihttps://www.blogger.com/profile/15590394746939541564noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-9897774030020457202010-03-11T20:16:11.474+00:002010-03-11T20:16:11.474+00:00Thanks a lot. It works great. In fact I was using ...Thanks a lot. It works great. In fact I was using GWT + GAE + Spring Security. And the only thing I have to do to make it work was changing appengine-web.xml. Just add an extra line <sessions-enabled>true</sessions-enabled>.Alexhttps://www.blogger.com/profile/18027371326708950966noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-74696241357862998062009-09-07T16:17:02.393+01:002009-09-07T16:17:02.393+01:00Neat!
May incorporate this into my demo when I g...Neat! <br /><br />May incorporate this into my demo when I get round to updating it. I thought I should update it to work with GWT 1.6+ at some point.<br /><br />Cheers!See Wah Chenghttps://www.blogger.com/profile/01577408205867601665noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-15046242254759116362009-09-05T07:42:49.319+01:002009-09-05T07:42:49.319+01:00Hi Wah Cheng thanks for your good works!
Hope you ...Hi Wah Cheng thanks for your good works!<br />Hope you dont mind that I do some amendment to your DependencyRemoteServiceServlet so that it allow to inject inherit fields incase we need to build another base servlet by extending your dependency servlet.<br />Here is the code : <br /><br />/**<br /> * Carries out dependency injection. This implementation uses Spring IoC<br /> * container.<br /> * <br /> * @exception NoSuchBeanDefinitionException<br /> * if a suitable bean cannot be found in the Spring<br /> * application context. The current implementation looks up<br /> * beans by name<br /> */<br /> protected void doDependencyInjection() {<br /> for (Field field : getFieldsToDependencyInject(this.getClass())) {<br /> try {<br /> boolean isFieldAccessible = field.isAccessible();<br /> if (!isFieldAccessible) {<br /> field.setAccessible(true);<br /> }<br /> field.set(this, WebApplicationContextUtils.getWebApplicationContext(getServletContext()).getBean(field.getName()));<br /> if (!isFieldAccessible) {<br /> field.setAccessible(false);<br /> }<br /> } catch (IllegalArgumentException e) {<br /> throw new RuntimeException(e);<br /> } catch (IllegalAccessException e) {<br /> throw new RuntimeException(e);<br /> }<br /> }<br /> }<br /><br /> /**<br /> * Find annotated fields to inject.<br /> * <br /> * @return a list of all the annotated fields<br /> */<br /> private Set getFieldsToDependencyInject(Class clazz) {<br /><br /> Set fieldsToInject = new HashSet();<br /> Field[] fields = clazz.getDeclaredFields();<br /> for (Field field : fields) {<br /> if (field.getAnnotation(Autowired.class) != null) {<br /> fieldsToInject.add(field);<br /> }<br /> }<br /><br /> Class parent = clazz.getSuperclass();<br /> if (parent != null && !(parent == DependencyInjectionRemoveServiceServlet.class)) {<br /> fieldsToInject.addAll(getFieldsToDependencyInject(parent));<br /> }<br /><br /> return fieldsToInject;<br /> }Wind Javatarhttps://www.blogger.com/profile/10656523944752343511noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-35809203237257286752009-07-21T13:24:38.882+01:002009-07-21T13:24:38.882+01:00Cool I am glad that solved it :-)Cool I am glad that solved it :-)See Wah Chenghttps://www.blogger.com/profile/01577408205867601665noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-83375500351004825082009-07-18T12:05:22.961+01:002009-07-18T12:05:22.961+01:00yes, it was my problem, I've forgeted to add t...yes, it was my problem, I've forgeted to add this declaration on the interface. Thanks for you help.Unknownhttps://www.blogger.com/profile/04744139101425402105noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-36115005089757977362009-07-17T13:36:42.348+01:002009-07-17T13:36:42.348+01:00Hi
I suppose you followed my demo on http://seewa...Hi<br /><br />I suppose you followed my demo on http://seewah.blogspot.com/2009/06/gwt-and-spring-security-sample-demo.html. Is that right?<br /><br />Personally I have not tried it on 1.6.4, but can you just check that your GWT ProjectService interface throws ServiceSecurityException in its signature? i.e.<br /><br />abstract List<?> fetch() throws ServiceSecurityException<br /><br />?See Wah Chenghttps://www.blogger.com/profile/01577408205867601665noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-3656834748678748042009-07-16T19:44:35.262+01:002009-07-16T19:44:35.262+01:00Hi,
I followed your example and it seems to work. ...Hi,<br />I followed your example and it seems to work. In fact it works. Except that my callback on client side don't receive the security exception but a generic exception : <br /><br />"see server log for details"<br /><br />The exception is correctly sent but catched on server side and I receive an error from the server which is not what I expected :<br /><i><br />com.google.gwt.user.server.rpc.UnexpectedException: Service method 'public abstract java.util.List com.hakanai.i18n.client.services.ProjectService.fetch()' threw an unexpected exception: com.hakanai.i18n.client.services.auth.ServiceSecurityException<br /> at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:360)<br /> at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:546)<br /> at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:166)<br /></i><br /><br />This UnexpectedException is quite confusing. I don't understand what's wrong.<br /><br />I use gwt 1.6.4 and smartGWT on client side (but it shouldn't interfere on server side). <br /><br />Any idea ?Unknownhttps://www.blogger.com/profile/04744139101425402105noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-34572315283400294272009-06-06T21:26:26.143+01:002009-06-06T21:26:26.143+01:00Oh yeah! Spring AOP does not support private metho...Oh yeah! Spring AOP does not support private method proxying...<br /><br />I am glad your code is working now :-)See Wah Chenghttps://www.blogger.com/profile/01577408205867601665noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-63637732348292262532009-06-06T15:07:23.008+01:002009-06-06T15:07:23.008+01:00See Wah, thank you for the demo app. I already fo...See Wah, thank you for the demo app. I already found out the problem and i am posting to share with the rest of the people who reading your article . <br /><br /><br /> public void delete(Long id) throw ServiceSecurityException {<br /> try {<br /> documentService.delete(id);<br /> } catch (SpringSecurityException e) {<br /> throw new ServiceSecurityException();<br /> }<br /><br />also remember in the interface remember to put public void delete(Long id) throw ServiceSecurityException<br /> <br /><br />thank you to you See Wah.it works greatUnknownhttps://www.blogger.com/profile/07020867340871084652noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-5842133617422986152009-06-06T00:56:48.864+01:002009-06-06T00:56:48.864+01:00I have put together a sample app: http://seewah.bl...I have put together a sample app: http://seewah.blogspot.com/2009/06/gwt-and-spring-security-sample-demo.html<br /><br />hope you will find it useful!See Wah Chenghttps://www.blogger.com/profile/01577408205867601665noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-39726295398251449322009-06-05T14:27:38.748+01:002009-06-05T14:27:38.748+01:00I am just putting together a sample app at the mom...I am just putting together a sample app at the moment and I will add a download link to it in the blog article as soon as it is ready (maybe today or next monday...)<br /><br />you can then compare your code with my sample and hopefully work out the differences!See Wah Chenghttps://www.blogger.com/profile/01577408205867601665noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-18388798427712869692009-06-04T13:17:30.040+01:002009-06-04T13:17:30.040+01:00yes, i already put that in web.xml
below is my s...yes, i already put that in web.xml <br /><br />below is my startup log<br /><br />http://pastebin.com/m66c58959<br /><br />noticed anything that i missed out?<br /><br /><br />@Autowired<br /><br />private DocumentService documentService;<br /><br />try{<br /> <br />documentService.doSomething(); <br />}<br />catch (SpringSecurityException e) {<br /> <br />throw new ServiceSecurityException(e.getMessage());<br />}<br /><br /><br />//your serviceSecurityException extends RuntimeException right?Unknownhttps://www.blogger.com/profile/07020867340871084652noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-81295737556710878982009-06-03T10:00:21.262+01:002009-06-03T10:00:21.262+01:00Hi your applicationContext looks fine to me. Have ...Hi your applicationContext looks fine to me. Have you remembered to include<br /><br /><filter><br /><filtername>springSecurityFilterChain</filter-name><br /><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class><br /> </filter><br /> <br /> <filter-mapping><br /> <filter-name>springSecurityFilterChain</filter-name><br /> <url-pattern>/*</url-pattern><br /> </filter-mapping><br /><br />in your web.xml? (see the first code snippet after the heading "HTTP Session Integration")See Wah Chenghttps://www.blogger.com/profile/01577408205867601665noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-62563997868671617542009-06-02T14:48:49.763+01:002009-06-02T14:48:49.763+01:00inside applicationContext.xml, is there any extra ...inside applicationContext.xml, is there any extra things you specified beside below...<br /><br /><br /><br />http://pastebin.com/m49fad44d<br /><br /><br /><br />is there a need to specify intercept point with security:http ?<br />i have a problem, even though my method inside DocumentServiceImpl is annotated with @Secured , no exception is throws when user not yet loginUnknownhttps://www.blogger.com/profile/07020867340871084652noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-81129644727366000132009-06-01T12:57:38.760+01:002009-06-01T12:57:38.760+01:00Sorry for the delay. I have been away.
Yeah you m...Sorry for the delay. I have been away.<br /><br />Yeah you missed out the namespace declaration, as pointed out by the two replies.<br /><br />GWT RPC handles primitive return types - while the actual method returns a primitive boolean, you just have to specify a Boolean object in the asyncCallback:<br /><br />public void authenticate(String username, String password, AsyncCallback<Boolean> callback);See Wah Chenghttps://www.blogger.com/profile/01577408205867601665noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-7240035708146517992009-05-24T15:01:36.744+01:002009-05-24T15:01:36.744+01:00in authenticateServiceAsync how to I do callback? ...in authenticateServiceAsync how to I do callback? <br /><br /><br />public interface AuthenticationServiceAsync {<br /><br /><br />public void authenticate(String username, String password ,AsyncCallback < boolean > callback) ;<br /><br /><br /><br />}<br /><br /><br />the AsyncCallback cannot use primitive "boolean" as callback right?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-20427072.post-9363164553372169572009-05-24T14:54:46.783+01:002009-05-24T14:54:46.783+01:00can you help me look at this problem
http://foru...can you help me look at this problem<br /><br /><br />http://forum.springsource.org/showthread.php?p=242557#post242557<br /><br /><br />i tried your tutorial on applicationContext.xml and get error<br />The prefix "security" for element "security:http" is not bound.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-20427072.post-50654365009947747132009-05-05T18:23:00.000+01:002009-05-05T18:23:00.000+01:00Yes, except that the client does not explicitly ha...Yes, except that the client does not explicitly handle the token. Spring Security provides a servlet filter to put the token into the HTTP session. The browser automatically sends the HTTP session cookie to the server for every subsequent HTTP request. From the session, the server can then retrieve the corresponding token when handling these HTTP (in effect, RPC) requests. See the HTTP Session Integration section in the article.See Wah Chenghttps://www.blogger.com/profile/01577408205867601665noreply@blogger.comtag:blogger.com,1999:blog-20427072.post-85303635127101030922009-04-27T08:29:00.000+01:002009-04-27T08:29:00.000+01:00So is a token passed to the client application, wh...So is a token passed to the client application, which it then sends back to the server with every RPC call?Unknownhttps://www.blogger.com/profile/15942917280664277834noreply@blogger.com