Asuka
Mar 3rd, 2011, 06:00 AM
Hi spring community,
iīm developing an android app which gets some data from our social network platform. the client gets the information via jersey spring. now i would like to realize the following thing. when the user submits his username and password, he should get a token, that is valid for a specific time. so the user does not have to login again for this time.
our server application is a jee application which uses spring security for authentication. the configuration looks like this:
<security:http auto-config='true' access-denied-page="/accessDenied.html" session-fixation-protection="migrateSession">
<security:intercept-url pattern="/testHTML.html*" filters='none' />
<!-- ... list of all pages, which are accessible before login .. -->
<security:form-login login-page="/login.html"
authentication-failure-url="/login_error.html"
default-target-url="/pages/start/start.html"
always-use-default-target="true"/>
<security:logout logout-success-url="/login.html" invalidate-session="true"/>
<security:concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="false"/>
</security:http>
<security:authentication-manager alias="authenticationManager"/>
<security:authentication-provider user-service-ref="userDetailsServiceImpl">
<security:password-encoder hash="md5"/>
</security:authentication-provider>
<security:global-method-security
secured-annotations="enabled">
<!--
AspectJ pointcut expression that locates our "post" method and
applies security that way <protect-pointcut expression="execution(*
bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
-->
<!--
security:protect-pointcut expression="execution(*
de.lyth.taunusConnection.handler.subProfileSearchS mallHandler.searchMember())"
access="ROLE_A" /
-->
</security:global-method-security>
<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false" />
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.vote.RoleVoter" />
<bean class="org.springframework.security.vote.AuthenticatedVot er" />
</list>
</property>
</bean>
<bean id="resourceSecurityInterceptor"
class="org.springframework.security.intercept.web.FilterS ecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager" ref="accessDecisionManager" />
<property name="objectDefinitionSource"
ref="secureResourceFilterInvocationDefinitionSource" />
<property name="observeOncePerRequest" value="false" />
<security:custom-filter after="LAST" />
</bean>
<bean id="secureResourceFilterInvocationDefinitionSource"
class="de.lyth.generic.util.SecureResourceFilterInvocatio nDefinitionSource" />
So, at the moment i really donīt know how to realize this. How do I have to configure the applicationcontext.xml. What do I have to use to generate tokens? Iīm sorry about these questions, but I donīt know that much about spring security. Advices or may an example/tutorial would be appreciated.
Thanks and greetings
Asuka
iīm developing an android app which gets some data from our social network platform. the client gets the information via jersey spring. now i would like to realize the following thing. when the user submits his username and password, he should get a token, that is valid for a specific time. so the user does not have to login again for this time.
our server application is a jee application which uses spring security for authentication. the configuration looks like this:
<security:http auto-config='true' access-denied-page="/accessDenied.html" session-fixation-protection="migrateSession">
<security:intercept-url pattern="/testHTML.html*" filters='none' />
<!-- ... list of all pages, which are accessible before login .. -->
<security:form-login login-page="/login.html"
authentication-failure-url="/login_error.html"
default-target-url="/pages/start/start.html"
always-use-default-target="true"/>
<security:logout logout-success-url="/login.html" invalidate-session="true"/>
<security:concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="false"/>
</security:http>
<security:authentication-manager alias="authenticationManager"/>
<security:authentication-provider user-service-ref="userDetailsServiceImpl">
<security:password-encoder hash="md5"/>
</security:authentication-provider>
<security:global-method-security
secured-annotations="enabled">
<!--
AspectJ pointcut expression that locates our "post" method and
applies security that way <protect-pointcut expression="execution(*
bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
-->
<!--
security:protect-pointcut expression="execution(*
de.lyth.taunusConnection.handler.subProfileSearchS mallHandler.searchMember())"
access="ROLE_A" /
-->
</security:global-method-security>
<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false" />
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.vote.RoleVoter" />
<bean class="org.springframework.security.vote.AuthenticatedVot er" />
</list>
</property>
</bean>
<bean id="resourceSecurityInterceptor"
class="org.springframework.security.intercept.web.FilterS ecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager" ref="accessDecisionManager" />
<property name="objectDefinitionSource"
ref="secureResourceFilterInvocationDefinitionSource" />
<property name="observeOncePerRequest" value="false" />
<security:custom-filter after="LAST" />
</bean>
<bean id="secureResourceFilterInvocationDefinitionSource"
class="de.lyth.generic.util.SecureResourceFilterInvocatio nDefinitionSource" />
So, at the moment i really donīt know how to realize this. How do I have to configure the applicationcontext.xml. What do I have to use to generate tokens? Iīm sorry about these questions, but I donīt know that much about spring security. Advices or may an example/tutorial would be appreciated.
Thanks and greetings
Asuka