I was looking for proper way how to recieve active/logged in user. I use Spring Security 3.1 with the same version of Spring MVC.
The whole idea is based on this topic which was more commented in the article :
#ActiveUser annotation from the article
I completely follow the instructions but I still get this kind of error :
No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.core.userdetails.User.<init>()]
In my applicationContext.xml I have those three annotations which were not directly proposed by the author of
<context:annotation-config />
<context:component-scan base-package="my.package.*" />
<mvc:annotation-driven />
What could cause this kind of problem?
After hours of searching on internet I found out how should I solve the problem. As it might be useful for others I offer solution.
This kind of problem has in Spring 3.1(which I use) different solution than in Spring 3.0(for which the mentioned tutorial was ment). Great article about the problem was presented here : enter link description here
Related
Spring MVC documentation says that it is possible to have several DispatcherServlets in a Web application, each one would have a separate context. I wonder in which situation this would be useful? Also, why separated contexts? Could someone give some insight about this?
Thx in advance.
Please follow this question.
Can I use Spring MVC and Spring WS in one single application?
This should answer your question.
Please follow another question
Spring - When should I consider loading another context in same JVM?
This should answer your second question.
Yea, Its possible to have several Dispatcher Servlet, Say for example in one of my project I m using Json, Ibatis and normal spring configuration. For each one I m using each dispatcher servlet. But the main dispatcher servlet would be one in which other two would be included.
Its just for convinient.
I am newbie to Spring .I built a spring MVC application which is XML based and I used JAR files using Spring Framework MVC application step-by-step.
Now I have to integrate spring security in it. I found many tutorials for spring security, but all are made using annotations. And in the MVC tutorial it uses Ant and XML. I am just lost in this part. Should I have to convert my whole application using annotations or what to do?
Is there any way using spring security without annotations? May be this question is not logical. But guide me and help me solve my confusion.
Or is there any tutorial help me in this regard, please let me know. Thank you
I'm not sure what you mean with "change my application to annotation base", but you will have to add some anotations above your methods like this:
#Secured("isAuthenticated() and hasRole('PERMISSION_BUY_ITEMS')")
public void buyItem(int itemId, int userId) {
// you buy stuff login
}
This way in order to access your method the user should be logged in (authenticated) and have the permission BUY_ITEMS.
You don't have to do this for all your methods.
If you do not need permission/role based authorization you can just use authentication based expressions like isAuthenticated(), isAnonymous() and permitAll out of the box without any custom implementation.
I am trying to use DefaultAnnotationHandlerMapping for annotated Controllers in Spring Portlet MVC.
My portlet works with one controller. But I am not able to understand as to how DefaultAnnotationHandlerMapping is able to determine which Controller to choose among many controllers in the same package.
This link says that it searches for best matching Controller. But I could not understand the rules to determine the best matching controller.
Any clues?
Beware of the bug in Spring 3.1.2. I explained some portion of what you asked in Is this a Bug in Spring 3.1.2 ( specifically Spring Portlet MVC's )?
I also logged at bug https://jira.springsource.org/browse/SPR-9697 .
Hope you find it useful.
I am just delving into the spring mvc (or spring roo), from what i have read it appears that spring MVC can be a nightmare to configure. I have to configure XML files, is this the web.xml file??? Or something different?
Is it still a nightmare or has it been improved?
Is there no editor for these XML files? I am using eclipse IDE
Spring roo apparently does spring mvc without XML config worries.
I would love anyone to explain the differences..
Thanks in advance
First Spring MVC is not a nightmare to configure, you just have to know what you are doing.
For that I would suggest you to download Spring IDE, which have a lot of XML editors that make you life easier if you are not experienced with Spring XMLs.
Basicly you have to configure 2 things
Web.xml ( this one is not because of spring it's Java EE, but you
need to include some spring MVC configs in it )
applicationContext.xml( this is where you define what you want from Spring )
servlet-context.xml ( this is also from spring MVC and have some servlet definitions as well as some routing ones)
one you get to know them you will find it easy to configure and very flexible.
One thing to notice Spring and Spring MVC are different things, I advise you to learn both of them.
Also Spring Roo is a code generator, for Cruds, simple things and setup projects it's great but if you need to build a reasonable big app that will need support it's always easier to create everything youself because it's easier to support when you know the code, so use it with care.
I'd add that Spring XML configuration can be as simple as a few lines, with the bulk of work done via annotations. It may not always be preferable to do it that way, but it's an option. Configuration can be divided between mechanisms when it makes sense to do so.
You might want to spend some time with the Spring documentation, at least regarding the components you're using. If you think configuring it is a nightmare, wait until you have to diagnose a problem brought about by magic based on convention without understanding how the underlying framework(s) work.
I started on Spring a few months back and the Security topic seems the most complex to me. With Acegi moving into Spring I could not find a single tutorial that tells step by step way to add security to a Spring app. Please help me. My requirements are as follows:
I have several roles in application, they are not hierarchical roles (meaning Role A not necessarily have all roles of Role B etc).
I want to integrate it to use my own User table where I would store Username, encrypted password (one way encryption) and I want to use either Hibernate or any Spring inbuilt component (read the class name JdbcDaoImpl somewhere, have no clue how to use it though) to access the DB data.
I probably don't want method level security because I want to use Spring taglibs to selectively show/hide menu items, however there should be way to prohibit unauthorized user to access a page directly through URL.
I don't want ready made code, (this tutorial for example confused me to hell, since it doesn't even have Spring security name-space declaration in security.xml), I would appreciate rather a step-by-step guide on how to achieve the above in a Spring2.5/Hibernate3 application using Spring security.
Thanks for your time.
Well without knowing what you've already read here are the articles I used to first start. Note that a lot of the Acegi Security articles are still relevant, Spring Security uses almost all the concepts from Acegi - the only thing they really added was simplifying [some] configurations - like the auto-config for security situations that exactly fit their use case.
Securing Java applications with Acegi
Acegi Security Fundamentals
Pathway from Acegi to Spring Security 2.0