Re: Spring Security and Google App Engine

I'm having the same issue with my GWT web application.  issue still happens with the default GWT GAE sample project and basic spring security setup.

<http auto-config="true">
        <intercept-url pattern="/**" access="ROLE_USER" />
</http>

Has anyone else experienced this kind of issue? or has found a work around?


On Wednesday, November 28, 2012 4:09:14 PM UTC-6, Ronnie Schaniel wrote:

I'm working on Spring Security implementation for a few days now. The login form is displayed if I integrate spring security in a sample project. When I enable the Google App Engine in the eclipse project settings the redirect to the login form is not working anymore, so I can not secure the EntryPoint. If I have a single service on a specific URL which is not using RPC calls the spring security works well.
On the part of the application that uses RPC the login form is not rendered correctly and an exception is thrown. So most likely the rpc service is the source of the problem.

In addition my Spring Security configuration:
<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
 
    <http auto-config="true">
        <intercept-url pattern="/login.html*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/*.css" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/economapp/**" access="ROLE_USER" />
        <intercept-url pattern="/gwt/**" access="ROLE_USER"/>
        <intercept-url pattern="/**/*.html" access="ROLE_USER"/>
        <intercept-url pattern="/*.html" access="ROLE_USER" />
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    </http>

    <!-- <beans:bean id="customEntryPoint" class="com.nfl.economapp.security.CustomAuthenticationEntryPoint" /> -->
    <beans:bean id="customAuthenticationProvider" class="com.nfl.economapp.security.CustomAuthenticationProvider" />
     
    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="customAuthenticationProvider" />
    </authentication-manager>

</beans:beans>

Does anyone have an idea how to solve this? Or should I try Apache Shiro as an alternative?

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.