Elementary Spring Security on GAE

[kievari]

Hi,
I've been googling and trying for quite a few days to get Spring Security up and running on GAE - the platform that encourage me to start to study Spring - but I am convinced now that must ask for help in the forum

I used a great tutorial here:
http://www.ardentlord.com/apps/blog/...gle-app-engine

Which let me to have a clear basic understanding of SpringMVC mechanism and have it up and running on GAE (tried many tutorials before this which all failed). The next logical step was to add security. I used the 'petclinic' and the guid on Spring site. I got it running on Tomcat. Next tried to use the same tutorial and do just what I did to have 'petclinic' working under Spring Security, but failed to errors I could not understand.

My last try was with the book "Spring Security 3" by Peter Mularien, where on the 26th page it has "Securing our application in three
easy steps". I read the steps carefully and implemented over the above mention tutorial and again the wall of errors

I run the webapp locally, and when I open it on a browser I get:

Code:

HTTP ERROR: 503
Problem accessing /a/hello/world. Reason:
SERVICE_UNAVAILABLE

I will provide the error message here, and files I changed. Other files are just what is provided on the tutorial I used. Please point me to right direction out of problem.

I put the project for download (it has my error!) here:
http://zabavaclub.com/gae/error_GAE_SpringExample.zip

A screen shot of my Eclipse environment with the project from that tutorial:


Error code:
http://zabavaclub.com/gae/error.rtf

[Luke Taylor]

Looks like your XML is invalid, so not anything to do with GAE.

If you want to use GAE, I'd suggest the Spring Security on GAE blog I wrote a while back.

The demo application is still running on App Engine (with the current master branch code), so you can use the sample code as a guide.

[kievari]

Looks like your XML is invalid, so not anything to do with GAE.

If you want to use GAE, I'd suggest the Spring Security on GAE blog I wrote a while back.

The demo application is still running on App Engine (with the current master branch code), so you can use the sample code as a guide.

Frist of all: it is a great tutorial. I've hit to it from google searching for many times. The thing is that it is hard to understand where from to start with it, no step-by-step construction, comparing with what is on the tutorial I mentioned (from ground up).

My next problem with it is that it uses Google account authentication, but I want my own authentication. When I go through it I'm lost in the middle.

As I am a novice in the concept it is highly possible that I am not right in my trying to implement your nice tutorial. Please continue to help me, I really appreciate it

[Luke Taylor]

If you are a novice, then you should probably start without GAE and examine something like the tutorial sample application.

There's no reason why you shouldn't be able to use that configuration out of the box in GAE. Any normal Spring Security application should run in GAE, with obvious limitations on the type of security repository available (lack of JDBC, for example).

You will probably have to write your own UserDetailsService or AuthenticationProvider, but from a Spring Security perspective, nothing GAE-specific is required.

[kievari]

If you are a novice, then you should probably start without GAE and examine something like the tutorial sample application.

There's no reason why you shouldn't be able to use that configuration out of the box in GAE. Any normal Spring Security application should run in GAE, with obvious limitations on the type of security repository available (lack of JDBC, for example).

You will probably have to write your own UserDetailsService or AuthenticationProvider, but from a Spring Security perspective, nothing GAE-specific is required.

Luke Tayler, thank you very much for continuing to help. I actually did as you suggested, i.e. I first passed the 'petclinic' tutorial successfully:


and then tried to bring it to GAE. There is only a few things there to do to get Spring Security enable on a working SpringMVC application:
1. adding dependencies: I imported all of needed jar files,
2. adding "applicationContext-security.xml" with code:

Code:

    <http use-expressions="true">
        <intercept-url pattern="/" access="permitAll"/>
        <intercept-url pattern="/static/**" filters="none" />
        <intercept-url pattern="/**" access="isAuthenticated()" />
        <form-login />
        <logout />
    </http>

3. updating the web.xml file:

Code:

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
      /WEB-INF/applicationContext-jdbc.xml
      /WEB-INF/applicationContext-security.xml
    </param-value>
</context-param>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

After doing all of these, checking many times the config. files and their dependencies again failed. In fact I did whatever came to my mind before asking help.

Could you please kindly publish your project as a whole, so that I import into Eclipse and play with it please?

[Luke Taylor]

As I said, the project is part of the codebase on the git master branch. Checkout the source and you'll find it in the samples/gae directory.

[Luke Taylor]

Also, if you explain how it actually fails then someone might be able to provide a solution.

[kievari]

As I said, the project is part of the codebase on the git master branch. Checkout the source and you'll find it in the samples/gae directory.

Ok,

1. I am not familiar with git and could not obtain the files under windows xp command line with git command. Is there any ftp access or other methods?

2. To provide information about the failaur, I will go back to petclinic and reimplement the steps into my GAE working SpringMVC. Then I will make a new post to this forum.

[Luke Taylor]

You can either install a Windows git client or you can download a source snapshot as a tar.gz archive from the web interface.

[kievari]

You can either install a Windows git client or you can download a source snapshot as a tar.gz archive from the web interface.

Thank you!