Gwt + Spring Security integration - security

I'm building an application with (smart)gwt, hibernate (actually gilead, or hibernate4gwt) and Spring Security.
I'm pretty new to all of these, by the way.
Everything worked fine until now, but I've recently added Spring security functionality, in order to implement an authentication system. Seems there are multiple ways of making this work, I looked at a few tutorials.
I liked this simple idea here: http://blog.maxmatveev.com/2011/06/gwt-and-spring-security-integration-as.html?showComment=1328698687249#c4823182825437196300
I also tried this one (a lot of dummy classes and such, but oh well): http://seewah.blogspot.com/2009/02/gwt-and-spring-security.html
In both cases I have the same problem, I get this error in the applicationContext.xml:
Error occured processing XML 'org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor'
In the first link it occurs at line:
<security:global-method-security secured-annotations="enabled" mode="aspectj"/>
In the second link it occurs at line:
<security:global-method-security secured-annotations="enabled" jsr250-annotations="disabled" />
I googled the problem, but I didn't find an answer..
PS1: using Eclipse 3.6, and I have installed plugins for Spring framework and aspectJ.
PS2: I didn't write all the code here, instead I liked to the tutorials i used (would have been too much code).
Maybe someone can help me out.
Thank you in advance.

It may be a problem with version of Spring/Spring Security.
Make sure you are updated to recent version (to handle attribute mode="aspectj" of element security:global-method-security) e.g. Spring-Security 3.1.

Related

getting jHipster project working with Atomikos JTA/XA transactions

I've been playing with the jHipster yeoman generator for the past week and I'm trying to get my application working with atomikos for JTA/XA transactions and I'm running into a number of problems, which is to be expected since I'm new to spring boot and a number of the other components in the jHipster stack.
I have been using the example found here as my starting point for configuring atomikos. I've implemented everything described there, replacing HikariCP entirely.
At the moment I have eliminated Metrics and liquibase from my configuration as they were giving me problems and I wanted to get the basics working and then add them back in. However, I'm now hitting a Hibernate issue.
Hibernate is complaining that second-level cache is used but hibernate.cache.region.factory_class is not given. The factory_class setting is specified in the configuration and I'm not able to figure out what I'm missing.
Has anyone managed to get atomikos (or maybe bitronix) working with this stack?
I've managed to get this working. For some reason I had to explicitly set hibernate.cache.use_second_level_cache to false. Not sure why it would require this given that I am not setting any second level cache flags anywhere that I can see.
Never the less. It's working now.

Creating modules/HMVC in sails.js

I am trying to make a separation in my new SailsJS app by creating modules/HMVC, just like ASP.NET MVC, and Codeigniter PHP. These frameworks provide a mechanism for handling such a separation. Do any one have an idea how to implement this in SailsJS?
There is some development taking place in that direction, I'm not quite sure whether or not anything usable already exists, at least I haven't been able to find anything final so far. Two threads where adding HMVC to sails was discussed are
https://github.com/balderdashy/sails/issues/1191
https://github.com/balderdashy/sails/issues/594
I think the most recent sails plugin/backend components system discussion is balderdashy/sails/pull/2083.
It looks like the most viable module solution today is balderdashy/sails-hook-subapps, an example of a sails hook. Hopefully, it works with 0.12.x and gets some attention/docs soon!
Additionally, the project sailorjs/sailorjs appears to do exactly this as a fork of sails from version 0.10.x, though I don't know if there are plans ot utilize that work in sails.js.

Has anyone gotten the Liferay portal to deploy onto an Eclipse Virgo Web Server?

I am trying to deploy the Liferay portal onto the Eclipse Virgo Web Server and haven't had much luck. I have at least solved two of the problems involved in this process:
1) The portal.jar that is part of the liferay dependencies has a malformed manifest. The Bundle-SymbolicName incorrectly sets the value to "JSR 286" when it should be "JSR286" (no space). Also, the Import-Package has a bunch of spaces/tabs and I removed those. That took care of problem 1.
2) The Virgo web server wasn't finding the liferay dependency jars (at least not where I was putting them), so I just stuck the dependencies into the main liferay.WAR and that has gotten rid of all the error messages.
Unfortunately, this didn't solve the overall problem. Perhaps there are other issues, but Virgo is not reporting any errors.
I've looked on both the Liferay and Virgo forums, but no one seems to have an answer to this, so I'm hoping someone here has had more success than me. If so, please let me know what you tried to get it to work.
A little more detail: I used the liferay-portal-6.0.5 WAR that is not bundled with an app server. And, I'm using Virgo 2.1.0.
Thanks,
David
I got it! http://sourceforge.net/projects/liferayforvirgo. But Virgo 3.6.0.RELEASE demonstrates too low performance and the couple Liferay+Virgo is not able to use for production

How to configure grails to always show own error page on status 500

In UrlMappings.groovy, I have set "500"(controller:'error', action:'error') so that my own error controller (and view) is used.
It usually works, however when I tried tampering with the request input (submitting a parameter with 1MB size), I got a Tomcat generated error page with HTTP Status 500.
First I thought this error was only generated by Tomcat so that grails couldn't do anything about it, but the Exception is an org.springframework.web.util.NestedServletException (nested Exception java.lang.StackOverflowError) and there are many org.codehaus.groovy.grails packaged Classes in the stack trace.
I think showing this Exception including stack trace to potential attackers is dangerous, so how I can I configure grails to always show my own error page? Or is it only possible to configure that in Tomcat?
It's possible that this is a Grails bug. I found this Nabble thread which directed me to this JIRA issue. That issue was resolved, but in the comments Peter Ledbrook linked to a different JIRA issue that may or may not be your problem.
If that does look like what's happening for you, there's a workaround suggested in the comments, which can be found here. The bug itself is scheduled to be fixed in 1.4; the fix workaround above is targeted for 1.3
Agreeing with Rob Hruska, having stumbled across most of his links myself.
I, too, suspect that the grails-error-pages-fix plugin ought to fix the issue - as the grailsWebRequest servlet by default doesn't have a <dispatcher>ERROR</dispatcher> assigned in web.xml.
The technique used with this plugin basically does the same as the technique that I'd suggested in a previous post. (Nevertheless, my own testings, as can be seen by my comments there, haven't led to consistent findings yet.)
Finally, one thing that would work at any rate is to implement a custom servlet Filter.

A Guice-ready security framework?

Has anybody seen a framework which is either written to work with Guice or a library that integrates an existing security system (ie: Acegi) with Guice?
I have found the following thus far...
http://code.google.com/p/warp-security/ (I think this abandonware)
http://code.google.com/p/warp-security/ (no documentation)
Apache Shiro 1.2 and later has native support for Guice applications:
http://shiro.apache.org/guice.html
HTH!
For whatever it's worth (being quite a late answer), I've had success integrating Apache Shiro with Guice. Last time I checked, Acegi was too deeply dependent on Spring to be usable in a pure Guice solution. Shiro's documentation is a little lacking, but the API is pretty straight-forward and easy to use, if don't mind a little digging.
In case it's of any interest, I've posted a Gist of the simplest example I could find. Two caveats:
It's written against a pre-release version of Shiro 1.0
The Active Directory realm we're using is a somewhat modified version from the main Shiro source, using some ideas from the Active Directory plugin for Jenkins (then Hudson).
Hopefully, it's enough to get you started...

Resources