Search:

Is there any way to append a locale specific CSS file using the resources framework? We have a scenario in which some translated text takes us more space than the en_US version so we'd like to use a...

That's broadly correct, at least in the context of the TokenBasedRememberMeServices. Personally I would recommend using the PersistentTokenBasedRememberMeServices as it's more secure but the choice...

Check out the source code for AbstractAuthenticationProcessingFilter, especially the methods successfulAuthentication and unsuccessfulAuthentication, you will see how they call rememberMeServices.

What exactly are you trying to achieve with your custom implementation? If you tell us some more about your overall goals we can recommend an approach.

A quick and dirty solution is to write a servlet filter that intercepts requests and sets the HttpServletRequest on a ThreadLocal object. This will then get passed down the call stack and you will be...

Facebook uses oauth2 which is simple to implement, the basic flow would be something like:


User clicks a link "login with facebook"
You redirect to facebook oath2 endpoint
Facebook will...

I don't think the Spring-SAML extension is being actively maintained. In the end we created a fork of the project and we maintain it ourselves.

We have implemented something similar:



Our IDP passes the user's roles in the SAML assertion as SAML attributes.
We created a custom namespace which maps the roles to granted authorities...

We faced the same problem, you basically have two options:

1. Fork the code and make those methods protected, potentially submitting a patch to Vldimir
2. Proxy the SAMLMessageContext using AOP...

I'm glad you got it working :)

The introduction of auto wiring along with namespaces has greatly simplified things in the spring world, but sometimes it bites you because you don't know what's...

You won't get a redirect if you make an ajax request. You would need to configure your ajax handler to detect the session timeout event and then redirect the browser to the login page (probably by...

What you are asking for is single sign on. Spring security itself does not offer single sign on although in theory you could hack something together using the remember-me feature but I wouldn't...

Our namespace takes care of this. Take a look at the docs for our spring quickstart app. Then take a look at the source code for our spring extension (which is based on spring saml) to see how we...

You would want to use kerberos/spnego for this. There is an spring project for this but I'm not sure how well maintained it is. We're currently implementing Active Directory support for our single...

One option is to use Tomcat's container managed single sign on and then use Spring's pre-authentication feature. However Tomcat's SSO feature is pretty basic, it's limited to a single server (unless...

I suspect that you are seeing duplicate SessionFixationProtectionStrategy beans because you have two http elements (ignoring those with security="none"). Normally this would not be a problem because...

The SessionFixationProtectionStrategy is created and wired up by the Spring Security namespace parser. It would be helpful if you could post the final merged security context file that is giving you...

Sure, you can write your own Authentication filter which sits in front of the default filters and watches for the query parameters. Check out this article

I'll leave you to decide whether this is...

Please be more explicit, are you asking how to implement RSA SecureID with Spring Security?

The Spring SAML code is stable, we use it with our Cloudseal platform (an IDP) and it works with Spring Security 3.0.x. We also patched it to work with Spring Security 3.1.x (you can download the...

Spring SAML is not officially supported by Spring, as an extension it is managed by an external party (in this case a gentleman called Vladimír Schäfer). You can see the activity of this project by...

What you are asking for is single sign on (and possible single logout also). There are several options:

1) If you have two web apps on the same tomcat server you could use Tomcat's container...

Are you sure the page you are seeing is not cached by your browser?

Your concerns are valid, however you can set the postOnly property on the filter to prevent credentials being processed if passed as urls parameters, obviously you would have to ensure that you are...

What technology are you using for your SSO system? This will dictate the best approach