Metadata External xml Path Issue - grails-2.0

I would like to read the metadata from the external xml file in my saml configuration . Can anybody tell me whether it is possible or not . if yes then how?
currently i tried with this:-
grails.plugins.springsecurity.saml.metadata.sp.file = 'file:c://temp/idp_local.xml'

In my web project I put metadata in resources under src directory. Content gets deployed inside WEB-INF/classes in the final WAR.
In your spring security configuration file you can then use this code for example:
<beans:bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<beans:constructor-arg>
<beans:bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
<beans:constructor-arg>
<beans:bean class="java.util.Timer"/>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.opensaml.util.resource.ClasspathResource">
<beans:constructor-arg value="/metadata/TestFederationMetadata.xml"/>
</beans:bean>
</beans:constructor-arg>
<beans:property name="parserPool" ref="parserPool"/>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.saml.metadata.ExtendedMetadata"/>
</beans:constructor-arg>
<beans:property name="metadataTrustCheck" value="false"/>
</beans:bean>

Related

spring security logout success url redirecting to http from https

Our application is protected by siteminder web agent and is on https.
Our application is running on weblogic and is on http.
When the user access protected URL, the siteminder login page(https) is displayed and the user enters his credentials here.
But after successful authentication, the user was redirected to http URL and page cannot be displayed or unable to connect message was displayed.
I fixed this issue by adding redirectHttp10Compatible="false" attribute to my view resolver.
Now, upon logout, the application is redirecting to logout success URL over http rather than https.
redirectHttp10Compatible="false" attribute is still in the same place.
Any help in this regard is very helpful and highly appreciated.
Thanks a lot in advance.
The below are the config files(edited, removed irrelevant lines) :
<-- DISPATCHER SERVLET -->
<context:component-scan base-package="xxx.xxx.controllers"/>
<mvc:annotation-driven />
<mvc:default-servlet-handler/>
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="100000000"/>
</bean>
<bean id="jspViewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:viewClass="org.springframework.web.servlet.view.JstlView"
p:prefix="/WEB-INF/jsp/"
p:suffix=".jsp"
p:redirectHttp10Compatible="false"
/>
<-- SPRING SECURITY XML FILE -->
<http pattern="/login/login.action" security="none"/>
<http pattern="/login/logout.action" security="none"/>
<http pattern="/WEB-INF/jsp/Login.jsp" security="none"/>
<http pattern="/WEB-INF/jsp/Logout.jsp" security="none"/>
<http auto-config="false" entry-point-ref="http403EntryPoint" use-expressions="true">
<form-login login-page="/login/login.action"
default-target-url="/home.action"
authentication-failure-url="/login/login.action?loginFailed=true"
always-use-default-target="true"/>
<custom-filter ref="siteMinderAgent" position="PRE_AUTH_FILTER"/>
<logout logout-success-url="/login/logout.action"
invalidate-session="true" />
</http>
<beans:bean id="siteMinderAgent"
class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
<beans:property name="principalRequestHeader" value="SM_USER"/>
<beans:property name="authenticationManager" ref="appAuthenticationManager" />
</beans:bean>
<beans:bean id="preauthAuthProvider"
class="com.xxx.security.PreAuthenticatedAuthenticationProvider">
<beans:property name="preAuthenticatedUserDetailsService">
<beans:bean id="userDetailsServiceWrapper"
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="http403EntryPoint"
class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
<authentication-manager alias="appAuthenticationManager">
<authentication-provider ref="preauthAuthProvider"/>
</authentication-manager>

No request mapping for url

In my spring mvc project the login page is served as a direct url host/context/login.jsp.
My web.xml states dispatcher-servlet url pattern as:
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern> / </url-pattern>
</servlet-mapping>
Also my mvc-dispatcher-servlet.xml is below:
<context:component-scan base-package="com.company" />
<mvc:resources location="/, /assets/"
mapping="/assets/**" />
<mvc:annotation-driven/>
<context:property-placeholder location="classpath*:METAINF/spring/application.properties" />
<bean id="jspViewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<security:http use-expressions="true">
<security:form-login login-page="/login.jsp" login-processing-url="/j_spring_security_check" authentication-failure-url="/login.jsp?login_error=iup"/>
<security:http-basic />
<security:logout />
<security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/WEB-INF/jsp/**" access="hasRole('ROLE_ADMIN')" />
</security:http>
Also I have a jsp file login.jsp just above the WEB-INF folder for direct access.
On my local machine when I do localhost:8080/context/login.jsp everyting runs fine and login.jsp is rendered but on server machine the call is intercepted by DispatcherServlet and it tries to find a corresponding url mapping(which is not present). What could possibly be making it happen. The logs for catalina.out at server machine are as:
-DispatcherServlet with name 'mvc-dispatcher' processing GET request for [/context/login.jsp]
-command not found
-Looking up handler method for path /login.jsp
-command not found
-Did not find handler method for [/login.jsp]
-command not found
-No mapping found for HTTP request with URI [/context/login.jsp] in DispatcherServlet with name 'mvc-dispatcher'

Spring locale resolver - current locale in url

I use this simple configuration
<beans:bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<beans:property name="basename" value="classpath:localization/messages" />
<beans:property name="defaultEncoding" value="UTF-8" />
</beans:bean>
<interceptors>
<beans:bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<beans:property name="paramName" value="lang" />
</beans:bean>
</interceptors>
<beans:bean id="localeResolver" class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
<beans:property name="defaultLocale" value="en" />
<beans:property name="cookieMaxAge" value="100000" />
</beans:bean>
Works nice but what if someone will send an url to someone else? This works only with a client browser, If user changes a localization, it will set a cookie. I have seen a lot of websites that they have a localization after the first slash in the url (e.g. nette.org/en/about). When someone send this link, it will resolve localization depending on url. Does exist any simple solution to do this in spring framework? Somehow map this place in url?
Instead of CookieLocaleResolver use SessionLocaleResolver.
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
<property name="defaultLocale" value="en"/>
</bean>
I think this should resolve your problem.
Cheers.

How to resolve the confliction between "<resources" tag and "<context:component-scan.." tag for Spring MVC showcase project

I'm currently working on a Spring MVC project and have some issue with using "<MVC:resource "tag of SpringMVC to load static resource. So I downloaded the springMVC showcase project and did some change on it to check this tag.
Since my project is a simple one, seems to me the two tags for "conversionservice" is not necessary.
However after I removed this two tag, something wired happend.
If I have both the tag for static resources "<resources mapping="/resources/.." and the "<context:component-scan base-package="org.springframework.samples.mvc" />" tag (in controllers.xml) configged, then I cann't access any uri that anotated on controllers- it returns a 404 not found error. if I comment out the resource mapping tag, then those controllers works fine.
Anyone have ever experience this situation? Any idea how to get around that?
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure -->
<!-- Enables the Spring MVC #Controller programming model -->
<annotation-driven conversion-service="conversionService">
<argument-resolvers>
<beans:bean class="org.springframework.samples.mvc.data.custom.CustomArgumentResolver"/>
</argument-resolvers>
</annotation-driven>
<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources/ directory -->
<resources mapping="/resources/**" location="/resources/" />
<!-- Resolves views selected for rendering by #Controllers to .jsp resources in the /WEB-INF/views directory -->
<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/WEB-INF/views/" />
<beans:property name="suffix" value=".jsp" />
</beans:bean>
<!-- Only needed because we install custom converters to support the examples in the org.springframewok.samples.mvc.convert package -->
<beans:bean id="conversionService" class="org.springframework.format.support.FormattingConversionServiceFactoryBean">
<beans:property name="formatters">
<beans:bean class="org.springframework.samples.mvc.convert.MaskFormatAnnotationFormatterFactory" />
</beans:property>
</beans:bean>
<!-- Imports user-defined #Controller beans that process client requests -->
<beans:import resource="controllers.xml" />
</beans:beans>
<context:annotation-config/> just don't work on Spring 3.1.0, but <mvc:annotation-driven/> just works, I referenced this post
I got the same issue and what I did is to remove the "**" in the resource tag.
I had faced similar issue - SO Question
You can either use <mvc:annotation-driven/> or provide handler mapping yourself with order of higher precedence -
<bean id="annotationUrlMapping" class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
<property name="order" value="0" />
</bean>
<bean id="annotationMethodHandlerAdapter" class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter"/>

Spring MVC 3 Locale changing using a link not working

Edit: My Spring framework version 3.0.5
A small issue here, The language is not changing when I click the language changer link.
The language files (messages_xx.properties) are in the classpath i18n directory. The files are:
i18n/messages_en.properties
i18n/messages_ar.properties
Spring Configuration
<!-- Component scanner. This is used to automatically find Spring annotations like #Service and #Repository -->
<context:component-scan base-package="com.keype" />
<!-- Annotation driven programming model -->
<mvc:annotation-driven />
<context:annotation-config />
<mvc:resources mapping="/static/**" location="/static/" />
<!-- Session Object Configuration -->
<bean id="session" class="com.keype.system.Session" scope="session">
<aop:scoped-proxy />
</bean>
<!-- The View Resolver -->
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/jsp/"
p:suffix=".jsp"
/>
<!-- i18n Configuration. Default language is english. Change language using ?language=en -->
<bean id="localeChangeInterceptor" class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="lang" />
</bean>
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
<property name="defaultLocale" value="en" />
</bean>
<!-- Message text files. This is set UTF-8 to display Arabic UTF correctly. -->
<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="classpath:i18n/messages" />
<property name="defaultEncoding" value="UTF-8"/>
</bean>
A section from the JSP Code
<spring:message code="header.arabic" /> |
<spring:message code="header.english" />
The issue is, when I click the above link to change the language, the locale changing functionality is not working. I tested by changing the "defaultLocate" to "ar" and I'm getting Arabic text.
What could possibly be wrong here? There is nothing in the tomcat log also.
You have to register the localeChangeInterceptor among the MVC interceptors for Spring-MVC to consider it. Add the interceptor to the configuration:
<mvc:interceptors>
<bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="lang"></property>
</bean>
</mvc:interceptors>
<mvc:interceptors>
<bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor"
p:paramName="lang" />
</mvc:interceptors>
<bean id="localeResolver"
class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
<property name="defaultLocale" value="en" />
</bean>
Another thing that can help others:
In my case, I MUST add in the applicationContext.xml. Putting it in the spring-servlet (ref. dispatcher), not worked at all.
You need to register the LocaleChangeInterceptor inside the mvc interceptors tag as below,
E.g.
<mvc:interceptors>
<bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="siteLanguage" />
</bean>
</mvc:interceptors>
I was getting the same error and it worked using this code :-)

Resources