Dec 8th, 2010, 11:14 AM
Basic Roo + GWT + Spring Security Question
Question regarding basic Spring Security setup. I've setup a basic Roo Web App + GWT + Spring Security and am trying to get the login page to show up. At the moment I've modified the applicationContextSecurity.xml for database storage. My problem is that it does look like it's trying to redirect me to the login page to access the website now (as I expected it to) but it can't find the /login.jsp page. I'm guessing I need to setup some sort of url route to point any /login.jsp requests to src/main/webapp/WEB-INF/views/login.jsp. But a mornings worth of searches haven't turned up a whole lot of information. Would anybody here have a direction to point me for this one?
I've included the applicationContext-security.xml file below:
<?xml version="1.0" encoding="UTF-8"?>
<!-- HTTP security configurations -->
<!-- Don't set any role restrictions on login.jsp -->
<intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- Restrict access to ALL other pages -->
<intercept-url pattern="/**" access="ROLE_USER" />
<!-- Set the login page and what to do if login fails -->
<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1" />
<!-- Configure Authentication mechanism -->
<!-- SHA-256 values can be produced using 'echo -n your_desired_password | sha256sum' (using normal *nix environments) -->
authorities-by-username-query="select username,authority from users where username=?"/>
Thanks much in advance,
Dec 8th, 2010, 11:38 AM
So as a quick update the file is being found now. the problem was a difference of filetypes. login.jsp vs. login.jspx Anyway, now that the file is being found it's in a redirect loop. I haven't made any changes to login.jspx so I'm at a bit of a loss here, Anybody else run into this?
Dec 8th, 2010, 12:12 PM
so I've resolved my problems with to many redirects and finding the page and am on to a problem with the standard login.jspx supplied by "security setup". In particular the error is:
Javax.servlet.jsp.JspTagException: No message found under code 'security_login_title' for locale 'en_US'.
I'll be honest, I'm a little unclear as to the thread etiquette at this point. We've moved past my initial problem and on to others. Should I consider this thread closed and open a new one with my current problem? or just keep them all in this thread? More experienced posters thoughts?
Thanks again all,
Dec 10th, 2010, 04:13 AM
I've been through the same cycle; if you create a Spring Securified GWT app via Roo, the generated login.jspx can't find its taglibs. Even after I cut all the taglibs out of the jspx and it renders, I still couldn't get it to work.
So I tried a different tack and created a non-GWT app via Roo and did "setup security"; everything works, with the standard flavour of JSP/HTML scaffold. I then tried to "backport" the Spring Security config (and login page) to my other demo project, so I could have the login page protecting my GWT (SmartGWT actually) page.
I've kinda got it to work but it's a bit of a mess. The structure generated under src/main/webapp is vastly different for a "pure" Roo app vs a GWT Roo app (I had to fiddle around to get my GWT .js in the right place to get served properly). And also, from what I understand from some other threads here, you've also got to clue GWT in on login information by putting hooks in some other places. This meshes with what I'm seeing, which is the server happily showing me my GWT pages after I've logged out unless I do a force-refresh, at which point I get bounced to the login page as expected.
So, anyone from the Spring/Roo team out there with an example of a best-practice way of getting GWT and Spring Security to play nice together?
 http://forum.springsource.org/showthread.php?t=58874 (and http://forum.springsource.org/showthread.php?t=82139)
Dec 10th, 2010, 09:46 AM
Glad to know I'm not the only one that's struggled with this, hopefully there will be somebody with a bit more experience who will be able to help us both out here.
All the Best,
Feb 22nd, 2011, 02:07 PM
I've been struggling with roo, gwt and spring security aswell. Has anyone of you made any progress which you would like to share with us?