Search:

The exception disappeared. :-)

If you want to revert the fix and retain the guard so I can help you identify the cause, I'm game. Let me know.

Yeah, absolutely, let me give it a shot right now. I'll post back shortly.

Having just recently upgraded to STS 2.5, I'm suddenly getting the following every time I make any change to any Java file:



java.lang.StringIndexOutOfBoundsException
at...

Try changing the "ref" attribute in your <authenticatoin-provider> configuration to "user-service-ref".

This thread's pretty old, but I ran into this issue as well and wanted to offer another possible explanation. It could be an IPv6 issue: your hasIpAddress pattern is IPv4 (Inet4Address) but the...

I've been using SE-JCR mostly successfully though admittedly I'm not exercising the full range of functionality that more demanding scenarios might require. Actually I was using the JCR module from...

Usually you would move JSPs under WEB-INF in cases where you're using a controller to mediate access to the JSP, and hence don't want the user requesting the JSP directly. With CSS, images and JS...

@bamboozle.who: Try this for your @Controller method:



@RequestMapping(method = RequestMethod.POST)
public String form(
@ModelAttribute(MA_USER) @Valid User user,
BindingResult result) {...

http://jira.springframework.org/browse/SEC-1164

Just to clarify, Spring in Practice will actually cover Spring 3.0. We're following along with the 3.0 milestones. :-)

I know I'm raising an old thread from the dead... :-)

I'm using Eclipse 3.4 and Spring IDE 2.2.2. I have Spring IDE's Spring Security extension installed as well.

I have a very simple Spring...

Just check out the schema documentation in the appendix, or else the XSD itself:

http://www.springframework.org/schema/aop/spring-aop-2.5.xsd

I didn't read the whole post, but I did notice that you have "java.util.Hash" in your definition above...

Hi pranko. The AOP config you define in the root app context (applicationContext.xml, for example) does not "see" the beans you define in the DispatcherServlet's app context (here, servlet.xml),...

Are you defining your AOP configuration in one app context and the controller beans in a separate child context (say associated with the DispatcherServlet)?

I like the general idea of externalizing the code that makes the display decision. In that respect you're emulating what happens on the web side with taglibs, which strikes me as a good direction.
...

Hi Pradeep. Yes, you can still use Spring Security though a Swing-like UI throws taglibs out the window. Take a look at the SecurityContextHolder class (and in particular at the MODE_GLOBAL mode) so...

It depends what extra "label" (I assume you mean a form field as well, not just extra text) you want to add. If you're wanting to add "Remember me", then you're in luck. What specifically do you...

Hi Donal. I don't think you're going to get much traction injecting a PropertyPlaceholderConfigurer into your DAO. That is something the container itself uses to accomplish the desired substitutions....

Autowiring is a feature of the core container; it isn't directly related to Spring Web MVC. So to answer your question, "yes."

No, I'm afraid I can't really speak to that. I'd imagine that the most important area of risk here would be in the ACL module, owing to the fact that the ACLs are DB-backed, that there can be a large...

Hi Moshe. Sure, you can do that. You can use the AFTER_ACL_COLLECTION_READ configuration attribute to filter out users for which the current user doesn't have read access. You don't need two methods....

Yes, Spring Security provides for business tier authorization. Specifically it allows you to authorize method invocations, supporting both role-based authorization and ACL-based authorization. There...

Yeah, it's definitely possible to do this. You will need to use the Spring Security tag library.

If you are wanting to make the show/hide decision based purely upon the user role, check out the...

Well, after the successful form submission, you do still have a populated form bean that you can use to drive view output. Though that's not in my opinion a great idea because normally you want to do...