|
»
»
»
Spring Security and Struts2 Using tiles
|
View:
New views
9 Messages
—
Rating Filter:
Alert me
|
 |
Spring Security and Struts2 Using tiles
by Alberto A. Flores
::
Rate this Message:
Folks,
My understanding is that Spring Security does not secure resources on *forwards* (I believe tiles2 do forward/chaining). In an application using Struts2, Spring and Tiles2, these forwards work just fine. Has anyone had success using these three frameworks together using Spring Security? I tried it today and It turned out that the security tag (http://www.springframework/security/tags/): <security:authorization property="principal.username"/> never fetches anything. Furthermore, the code: SecurityContextHolder.getContext().getAuthentication() returns null (in the forwarded jsp page). Has anyone know what to do in this case? I'm beginning to think I can not use Spring Security at all. Regards, -- Alberto A. Flores http://www.linkedin.com/in/aflores --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@... For additional commands, e-mail: user-help@... |
|
|
Re: Spring Security and Struts2 Using tiles
by Antonio Petrelli-3
::
Rate this Message:
2008/5/13 Alberto A. Flores <aaflores@...>:
> My understanding is that Spring Security does not secure resources on > *forwards* (I believe tiles2 do forward/chaining). Forwards and includes, that's where I think there may be a fault. Can you try if, using simple <jsp:include> tags, the security tags work? Antonio --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@... For additional commands, e-mail: user-help@... |
|
|
Re: Spring Security and Struts2 Using tiles
by Alberto A. Flores
::
Rate this Message:
I don't thinks that's possible as the Struts2 result would be something
like: <result type="tiles" name="foo">my.tile</result> In here, I don't have access to the forward. Antonio Petrelli wrote: > 2008/5/13 Alberto A. Flores <aaflores@...>: >> My understanding is that Spring Security does not secure resources on >> *forwards* (I believe tiles2 do forward/chaining). > > Forwards and includes, that's where I think there may be a fault. > Can you try if, using simple <jsp:include> tags, the security tags work? > > Antonio > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscribe@... > For additional commands, e-mail: user-help@... > > Alberto A. Flores http://www.linkedin.com/in/aflores --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@... For additional commands, e-mail: user-help@... |
|
|
Re: Spring Security and Struts2 Using tiles
by Antonio Petrelli-3
::
Rate this Message:
2008/5/13 Alberto A. Flores <aaflores@...>:
> I don't thinks that's possible as the Struts2 result would be something > like: > > <result type="tiles" name="foo">my.tile</result> > > In here, I don't have access to the forward. Mmm... it's starting to be complicated, and I think that there is a bug somewhere. Can you open a JIRA issue, attaching, if possible, a sample web application? http://issues.apache.org/struts Antonio --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@... For additional commands, e-mail: user-help@... |
|
|
Re: Spring Security and Struts2 Using tiles
by Alberto A. Flores
::
Rate this Message:
I would, but it seems to me like there is little that can be done on the
Struts2 side (unless a plugin of some sort is written). Essentially, when control is forwarded to the tile, Spring security can not do much (or maybe I'm missing something). The Spring Security team is well aware of (as far as forwards), that resources are not secured on forwards (which sucks, really, unless I'm doing something terribly wrong). I'll see if I can create a subset of my current app describing the problem. Probably would post a war file? Is that what you meant? Antonio Petrelli wrote: > 2008/5/13 Alberto A. Flores <aaflores@...>: >> I don't thinks that's possible as the Struts2 result would be something >> like: >> >> <result type="tiles" name="foo">my.tile</result> >> >> In here, I don't have access to the forward. > > Mmm... it's starting to be complicated, and I think that there is a > bug somewhere. > Can you open a JIRA issue, attaching, if possible, a sample web application? > > http://issues.apache.org/struts > > Antonio > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscribe@... > For additional commands, e-mail: user-help@... > > Alberto A. Flores http://www.linkedin.com/in/aflores --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@... For additional commands, e-mail: user-help@... |
|
|
Re: Spring Security and Struts2 Using tiles
by Antonio Petrelli-3
::
Rate this Message:
2008/5/13 Alberto A. Flores <aaflores@...>:
> I would, but it seems to me like there is little that can be done on the > Struts2 side (unless a plugin of some sort is written). Essentially, when > control is forwarded to the tile, Spring security can not do much (or maybe > I'm missing something). I see... > The Spring Security team is well aware of (as far as forwards), that > resources are not secured on forwards (which sucks, really, unless I'm doing > something terribly wrong). Great, at least the bug is not at Struts or Tiles side :-) > I'll see if I can create a subset of my current app describing the problem. > Probably would post a war file? Is that what you meant? Exactly, with the source. Antonio --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@... For additional commands, e-mail: user-help@... |
|
|
Re: Spring Security and Struts2 Using tiles
by Alberto A. Flores
::
Rate this Message:
After further testing, it looks like even without tiles, the strut2
action mapping is not secured with Acegi/Spring Security (as of version 2.0.1, Struts version 2.0.11). As far as I can tell, it has to do with the FilterDispatcher (Struts2) always forwarding to ActionProxy class to process work (hence the Spring Security Filter never knows of the request) Antonio Petrelli wrote: > 2008/5/13 Alberto A. Flores <aaflores@...>: >> I would, but it seems to me like there is little that can be done on the >> Struts2 side (unless a plugin of some sort is written). Essentially, when >> control is forwarded to the tile, Spring security can not do much (or maybe >> I'm missing something). > > I see... > >> The Spring Security team is well aware of (as far as forwards), that >> resources are not secured on forwards (which sucks, really, unless I'm doing >> something terribly wrong). > > Great, at least the bug is not at Struts or Tiles side :-) > >> I'll see if I can create a subset of my current app describing the problem. >> Probably would post a war file? Is that what you meant? > > Exactly, with the source. > > Antonio > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscribe@... > For additional commands, e-mail: user-help@... > > Alberto A. Flores http://www.linkedin.com/in/aflores --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@... For additional commands, e-mail: user-help@... |
|
|
Re: Spring Security and Struts2 Using tiles
by JerryK
::
Rate this Message:
I was able to get this working with Acegi, by setting the Dispatcher property in web.xml
<url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> But, now when i try this with Spring Security 2.0.1, i am facing the same problem as you have described here. Have you found any solution so far?
|
|
|
Re: Spring Security and Struts2 Using tiles
by Alberto A. Flores
::
Rate this Message:
I had to put those efforts on the side as it was in a prototype and
proof of concept phase. However, I have just began (today) to officially make serious effort into making it work (if at all possible) for our project. I should have a better answer by the end of the day... but any feedback would be much appreciated... JerryK wrote: > I was able to get this working with Acegi, by setting the Dispatcher property > in web.xml > <url-pattern>/*</url-pattern> > <dispatcher>REQUEST</dispatcher> > <dispatcher>INCLUDE</dispatcher> > <dispatcher>FORWARD</dispatcher> > </filter-mapping> > > But, now when i try this with Spring Security 2.0.1, i am facing the same > problem as you have described here. Have you found any solution so far? > > > > Alberto A. Flores wrote: >> Folks, >> >> My understanding is that Spring Security does not secure resources on >> *forwards* (I believe tiles2 do forward/chaining). In an application >> using Struts2, Spring and Tiles2, these forwards work just fine. Has >> anyone had success using these three frameworks together using Spring >> Security? I tried it today and It turned out that the security tag >> (http://www.springframework/security/tags/): >> >> <security:authorization property="principal.username"/> >> >> never fetches anything. Furthermore, the code: >> >> SecurityContextHolder.getContext().getAuthentication() >> >> returns null (in the forwarded jsp page). Has anyone know what to do in >> this case? I'm beginning to think I can not use Spring Security at all. >> >> Regards, >> >> -- >> >> Alberto A. Flores >> http://www.linkedin.com/in/aflores >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscribe@... >> For additional commands, e-mail: user-help@... >> > Alberto A. Flores http://www.linkedin.com/in/aflores --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@... For additional commands, e-mail: user-help@... |
| Free Forum Powered by Nabble | Forum Help |