Re: GWT and spring security integration,DelegatingFilterProxy has a dead loop

Does this mean if add  added blow to web.xml:

<!-- Spring Security related configuration -->  <filter>      <filter-name>springSecurityFilterChain</filter-name>      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  </filter>  <filter-mapping>      <filter-name>springSecurityFilterChain</filter-name>      <url-pattern>/dp_web/service/*</url-pattern>  </filter-mapping>

I must use <http> to configure something in applicationContext.xml?

In my case,I removed above stuff from web.xml,added 

@Secured({"ROLE_USER"})

to class ServiceBase and let all other service inherit from it,and added this:

 <security:global-method-security secured-annotations="enabled" />

to applicationContext.xml,and remove all other spring security related from it,rerun my web app,all inherited service invoking

give 500 error,so security mechanism do works, but obviously,following code is not enough:

User user = new User(login, password, true, true, true, true, new ArrayList<GrantedAuthority>());  Authentication auth = new UsernamePasswordAuthenticationToken(user, password,          new ArrayList<GrantedAuthority>());  try {      auth = this.authenticationProvider.authenticate(auth);  } catch (BadCredentialsException e) {      throw new ClientSideBadCredentialsException(e.getMessage(), e);  }  SecurityContext sc = new SecurityContextImpl();  sc.setAuthentication(auth);  SecurityContextHolder.setContext(sc);  




So question is what else I should do except:




1,add @Secured({"ROLE_USER"}) to parent service

2,add <security:global-method-security secured-annotations="enabled" /> to applictionContext.xml

On Tuesday, July 5, 2016 at 4:38:31 PM UTC+8, Alexander Leshkin wrote:

On Tuesday, July 5, 2016 at 6:02:38 AM UTC+3, Alex Luya wrote:

and blow to applicationContext.xml:

<bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy"/>  

I think this causes recursion. Try to remove this bean declarion. Spring security should internally create bean with name springSecurityFilterChain.

See http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#ns-web-xml

In this case, the bean is named "springSecurityFilterChain", which is an internal infrastructure bean created by the namespace to handle web security. Note that you should not use this bean name yourself. Once you've added this to your web.xml, you're ready to start editing your application context file. Web security services are configured using the <http> element.

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.