Search:

Please use <code> for code samples.

That said, I'm not sure that spring security is the right place to solve your problem. Typically you would prevent two users from modifying the same object by...

If you're using cas, you don't need a form login in your application. the cas filter should redirect the user to the cas server if they aren't authenticated. Which will redirect them back into your...

Spring security 3.1. I don't immediately know the cas version.

The forum says I have "too many images to post my config" - so here's a pastebin. http://pastebin.com/w21xCecJ

I think your example is missing some information. But as a reference, I have a concurrent session filter running on my app with cas and haven't encountered issues.

Have you tried not using your...

It's not clear to me what your usecase is, but if you mean http://static.springsource.org/spring-security/site/docs/3.0.x/reference/preauth.html then yes - change your configuration.

Typically httpd is used in front of your servlet container. Meaning a request is processed by httpd before it hits the servlet container. If that's the case for your deployment, the answer to your...

You can use whatever JPA Provider you choose. Hibernate is common to see examples of because it's the most widely used. But OpenJPA, EclipseLink, or DataNucleus should all work fine. And each has...

A sample application is available at https://github.com/SpringSource/spring-security/tree/master/samples/cas.

It will take you a few more lines of configuration to get your application to use...

https://jira.springsource.org/browse/SEC-748

Two comments:

1. You can always do a check programmatically if the exception is of a certain type.
2. Have you considered looking through the api for your logging framework for emailing...

One of these workstations is not like the others, One of these workstations just doesn't belong...

Sorry - couldn't resist... :)

Typically this is done with a seperate form. For example a "reset password" page.

My bad. Take a look at https://gist.github.com/1642655

Have you looked at changing the "path-type" to regex as shown in http://static.springsource.org/spring-security/site/docs/3.0.x/reference/core-web-filters.html ?

that is correct

We did something like this recently. We used spring security for normal auth, but then rather then giving them ROLE_USER upon login, we gave them PRE_AUTH_USER. Then we sent them to a page to...

Look at CAS's single signon/off functionality. Your rememberme approach won't work because none of your applications will have access to the other's cookies.

Also - note that having...

Typically with AJAX, you need to write some client side code if you want to do a redirect. Have you considered writing that code to be triggered by the http response code?

that sounds correct.

You need to wire in a custom userdetailsservice. That will allow you to update authorities with whatever you need.

Is there a reason you think you should? Or alternatively, is there a problem you're trying to solve?

maybe you need to allow ROLE_ANONYMOUS access to your login page? Or alternatlively verify that the authority that's granted upon successful login actual has access to the page you're redirecting...

I'm not going to be helpful on the implementation details - but a high level you need to:
- Implement AuthenticationProvider and probably AuthenticationEntryPoint
- Wire it into your security...

Ignoring the bmc remedy aspect - switching between https and http is likely failing for unrelated reasons. A non secure session can't access a secure session. ...

Just as an fyi, the jdbc implementation is pretty non database specific unless you've customized the the queries. But in answer to your question, you should updated the acls on create, update only...