Spring Security Plugin...What am I missing?
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
Spring Security Plugin...What am I missing?
by jej2003
::
Rate this Message:
I must be missing something, so please fill me in if you can....
It looks like every tutorial that exists for the Spring Security Plugin for Grails requires there be a DaoAuthenticationProvider supplied. Why do I need this if I want to use http-basic and an in-memory userservice? Currently, I am not using the Spring Security Plugin (I had figured using plain Spring Security would help me here) but I still have this issue. If I do <http> <intercept-url pattern="/**" access="ROLE_USER"/> <intercept-url pattern="/Manage**" access="ROLE_ADMIN"/> <x509 subject-principal-regex="CN=(.*?),"/> <port-mappings> <port-mapping http="8400" https="8443"/> </port-mappings> </http> <beans:bean id="preAuthenticatedEntryPoint" class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" /> <authentication-provider> <user-service id="userService"> <user name="john" password="john" authorities="ROLE_USER" /> <user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" /> <user name="guest" password="guest" authorities="ROLE_GUEST" /> <user name="rod" password="rod" authorities="ROLE_USER"/> </user-service> </authentication-provider> everything loads fine, but if I specify http-basic also I get this error: 2009-10-21 16:10:38,112 [main] ERROR mortbay.log - Failed startup of context org.mortbay.jetty.webapp.WebAppContext@191275b{/test,C:\test/web-app} org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'org.springframework.security.providers.dao.DaoAuthenticationProvider#0' is defined at grails.web.container.EmbeddableServer$start.call(Unknown Source) at _GrailsRun_groovy$_run_closure5_closure11.doCall(_GrailsRun_groovy:145) at _GrailsRun_groovy$_run_closure5_closure11.doCall(_GrailsRun_groovy) at _GrailsSettings_groovy$_run_closure10.doCall(_GrailsSettings_groovy:274) at _GrailsSettings_groovy$_run_closure10.call(_GrailsSettings_groovy) at _GrailsRun_groovy$_run_closure5.doCall(_GrailsRun_groovy:137) at _GrailsRun_groovy$_run_closure5.call(_GrailsRun_groovy) at _GrailsRun_groovy.runInline(_GrailsRun_groovy:104) at _GrailsRun_groovy.this$4$runInline(_GrailsRun_groovy) at _GrailsRun_groovy$_run_closure1.doCall(_GrailsRun_groovy:58) at RunApp$_run_closure1.doCall(RunApp.groovy:33) at gant.Gant$_dispatch_closure4.doCall(Gant.groovy:324) at gant.Gant$_dispatch_closure6.doCall(Gant.groovy:334) at gant.Gant$_dispatch_closure6.doCall(Gant.groovy) at gant.Gant.withBuildListeners(Gant.groovy:344) at gant.Gant.this$2$withBuildListeners(Gant.groovy) at gant.Gant$this$2$withBuildListeners.callCurrent(Unknown Source) at gant.Gant.dispatch(Gant.groovy:334) at gant.Gant.this$2$dispatch(Gant.groovy) at gant.Gant.invokeMethod(Gant.groovy) at gant.Gant.processTargets(Gant.groovy:495) at gant.Gant.processTargets(Gant.groovy:480) at grails.util.GrailsMain.run(GrailsMain.groovy:31) at grails.util.GrailsMain.main(GrailsMain.groovy) Why doesn't http-basic use the defined userService? --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email |
|
|
Re: Spring Security Plugin...What am I missing?
by Jim Shingler-2
::
Rate this Message:
Disclaimer, . . . I am new to acegi myself and I reserve the right to be wrong and or miss understand what is being asked. :-)
There is Authentication and Authorization, . . . Looks you are using LDAP for Authentication. In addition Security needs to know the users what Application group the user belongs in User, Admin, . . . . By default, this is part of what the DAO does. I believe the issue you are facing can probably be addressed with a Custom Users Detail Service: http://www.grails.org/AcegiSecurity+Plugin+-+Custom+UserDetailsService Hope this helps. On Wed, Oct 21, 2009 at 4:19 PM, Jamie Johnson <jej2003@...> wrote: I must be missing something, so please fill me in if you can.... -- Jim Shingler LinkedIn: http://www.linkedin.com/in/jimshingler Blog: http://jshingler.blogspot.com (614) 937-8378 |
|
|
Re: Spring Security Plugin...What am I missing?
by jej2003
::
Rate this Message:
hmm....
So in the case of x509 that works as I expect because that is being used for Authentication and the UserService is being used for Authorization. But in the case of http-basic even though I provide a user service which has roles and usernames/passwords it can't use that for both authentication and authorization, it only can use it for Authentication? Again, I created a sample project using Roo and it seems to work as I expect there, if I have the users/passwords and groups in the userservice I don't see why I can't have the Grails Plugin use those for Authentication and Authorization. On Thu, Oct 22, 2009 at 6:15 AM, Jim Shingler <shinglerjim@...> wrote: > Disclaimer, . . . I am new to acegi myself and I reserve the right to be > wrong and or miss understand what is being asked. :-) > > There is Authentication and Authorization, . . . Looks you are using LDAP > for Authentication. In addition Security needs to know the users what > Application group the user belongs in User, Admin, . . . . By default, this > is part of what the DAO does. > > I believe the issue you are facing can probably be addressed with a Custom > Users Detail Service: > http://www.grails.org/AcegiSecurity+Plugin+-+Custom+UserDetailsService > > Hope this helps. > > On Wed, Oct 21, 2009 at 4:19 PM, Jamie Johnson <jej2003@...> wrote: >> >> I must be missing something, so please fill me in if you can.... >> >> >> It looks like every tutorial that exists for the Spring Security >> Plugin for Grails requires there be a DaoAuthenticationProvider >> supplied. Why do I need this if I want to use http-basic and an >> in-memory userservice? Currently, I am not using the Spring Security >> Plugin (I had figured using plain Spring Security would help me here) >> but I still have this issue. If I do >> >> >> <http> >> <intercept-url pattern="/**" access="ROLE_USER"/> >> <intercept-url pattern="/Manage**" access="ROLE_ADMIN"/> >> <x509 subject-principal-regex="CN=(.*?),"/> >> <port-mappings> >> <port-mapping http="8400" https="8443"/> >> </port-mappings> >> </http> >> >> <beans:bean id="preAuthenticatedEntryPoint" >> >> class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" >> /> >> >> >> >> <authentication-provider> >> <user-service id="userService"> >> <user name="john" password="john" >> authorities="ROLE_USER" /> >> <user name="admin" password="admin" >> authorities="ROLE_USER, ROLE_ADMIN" /> >> <user name="guest" password="guest" >> authorities="ROLE_GUEST" /> >> <user name="rod" password="rod" >> authorities="ROLE_USER"/> >> </user-service> >> </authentication-provider> >> >> everything loads fine, but if I specify http-basic also I get this error: >> >> 2009-10-21 16:10:38,112 [main] ERROR mortbay.log - Failed startup of >> context >> org.mortbay.jetty.webapp.WebAppContext@191275b{/test,C:\test/web-app} >> org.springframework.beans.factory.NoSuchBeanDefinitionException: No >> bean named >> 'org.springframework.security.providers.dao.DaoAuthenticationProvider#0' >> is defined >> at grails.web.container.EmbeddableServer$start.call(Unknown Source) >> at >> _GrailsRun_groovy$_run_closure5_closure11.doCall(_GrailsRun_groovy:145) >> at >> _GrailsRun_groovy$_run_closure5_closure11.doCall(_GrailsRun_groovy) >> at >> _GrailsSettings_groovy$_run_closure10.doCall(_GrailsSettings_groovy:274) >> at >> _GrailsSettings_groovy$_run_closure10.call(_GrailsSettings_groovy) >> at _GrailsRun_groovy$_run_closure5.doCall(_GrailsRun_groovy:137) >> at _GrailsRun_groovy$_run_closure5.call(_GrailsRun_groovy) >> at _GrailsRun_groovy.runInline(_GrailsRun_groovy:104) >> at _GrailsRun_groovy.this$4$runInline(_GrailsRun_groovy) >> at _GrailsRun_groovy$_run_closure1.doCall(_GrailsRun_groovy:58) >> at RunApp$_run_closure1.doCall(RunApp.groovy:33) >> at gant.Gant$_dispatch_closure4.doCall(Gant.groovy:324) >> at gant.Gant$_dispatch_closure6.doCall(Gant.groovy:334) >> at gant.Gant$_dispatch_closure6.doCall(Gant.groovy) >> at gant.Gant.withBuildListeners(Gant.groovy:344) >> at gant.Gant.this$2$withBuildListeners(Gant.groovy) >> at gant.Gant$this$2$withBuildListeners.callCurrent(Unknown Source) >> at gant.Gant.dispatch(Gant.groovy:334) >> at gant.Gant.this$2$dispatch(Gant.groovy) >> at gant.Gant.invokeMethod(Gant.groovy) >> at gant.Gant.processTargets(Gant.groovy:495) >> at gant.Gant.processTargets(Gant.groovy:480) >> at grails.util.GrailsMain.run(GrailsMain.groovy:31) >> at grails.util.GrailsMain.main(GrailsMain.groovy) >> >> Why doesn't http-basic use the defined userService? >> >> --------------------------------------------------------------------- >> To unsubscribe from this list, please visit: >> >> http://xircles.codehaus.org/manage_email >> >> > > > > -- > Jim Shingler > LinkedIn: http://www.linkedin.com/in/jimshingler > Blog: http://jshingler.blogspot.com > (614) 937-8378 > --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email |
| Free embeddable forum powered by Nabble | Forum Help |
