Results 1 to 5 of 5
  1. #1
    Cbani is offline Member
    Join Date
    Jan 2010
    Posts
    90
    Rep Power
    0

    Default Spring Security + Crowd

    I am using spring-security-core-2.0.4 with springframework-2.5.
    > I am using atlassain crowd for authentication and authorization.
    > One thing I found in my com.atlassian.crowd.integration.springsecurity.use r.CrowdUserDetails class is, the below getter throws exception always if there is a request to get the password. For me in my code I am not doing anything explicitly to get the password infact I dont want that. The Crowd SpringSecurityConnector is the one who is trying to get the password for remember me purpose. For me http autoconfig is set to true. I tried a lot find out the way to disable remember me functionality; but no luck. Please gimme some inputs..
    > public String getPassword()
    > {
    > throw new UnsupportedOperationException("Not giving you the password");
    > }

    > I do not want this remember me functionality; is there a way to disable the same???
    > i am getting the below exception on valid credentials (as spring security is trying to get the password and crowd is not allowing and throwing back exception)
    > > java.lang.UnsupportedOperationException: Not giving you the password
    > > at com.atlassian.crowd.integration.springsecurity.use r.CrowdUserDetails.getPassword(CrowdUserDetails.ja va:52)
    > > at org.springframework.security.providers.dao.DaoAuth enticationProvider.additionalAuthenticationChecks( DaoAuthenticationProvider.java:67)
    > > at org.springframework.security.providers.dao.Abstrac tUserDetailsAuthenticationProvider.authenticate(Ab stractUserDetailsAuthenticationProvider.java:137)
    > > at org.springframework.security.providers.ProviderMan ager.doAuthentication(ProviderManager.java:188)
    > > at org.springframework.security.AbstractAuthenticatio nManager.authenticate(AbstractAuthenticationManage r.java:46)
    > > at org.springframework.security.ui.basicauth.BasicPro cessingFilter.doFilterHttp(BasicProcessingFilter.j ava:139)
    > > at org.springframework.security.ui.SpringSecurityFilt er.doFilter(SpringSecurityFilter.java:53)
    > > at org.springframework.security.util.FilterChainProxy $VirtualFilterChain.doFilter(FilterChainProxy.java :390)
    > > at org.springframework.security.ui.AbstractProcessing Filter.doFilterHttp(AbstractProcessingFilter.java: 277)
    > > at org.springframework.security.ui.SpringSecurityFilt er.doFilter(SpringSecurityFilter.java:53)
    > > at org.springframework.security.util.FilterChainProxy $VirtualFilterChain.doFilter(FilterChainProxy.java :390)
    > > at org.springframework.security.ui.logout.LogoutFilte r.doFilterHttp(LogoutFilter.java:89)
    > > at org.springframework.security.ui.SpringSecurityFilt er.doFilter(SpringSecurityFilter.java:53)
    > > at org.springframework.security.util.FilterChainProxy $VirtualFilterChain.doFilter(FilterChainProxy.java :390)
    > > at org.springframework.security.context.HttpSessionCo ntextIntegrationFilter.doFilterHttp(HttpSessionCon textIntegrationFilter.java:235)
    > > at org.springframework.security.ui.SpringSecurityFilt er.doFilter(SpringSecurityFilter.java:53)
    > > at org.springframework.security.util.FilterChainProxy $VirtualFilterChain.doFilter(FilterChainProxy.java :390)
    > > at org.springframework.security.util.FilterChainProxy .doFilter(FilterChainProxy.java:175)
    > > at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:183)
    > > at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:138)
    > > at weblogic.servlet.internal.FilterChainImpl.doFilter (FilterChainImpl.java:56)
    > > at weblogic.servlet.internal.WebAppServletContext$Ser vletInvocationAction.doIt(WebAppServletContext.jav a:3684)
    > > at weblogic.servlet.internal.WebAppServletContext$Ser vletInvocationAction.run(WebAppServletContext.java :3650)
    > > at weblogic.security.acl.internal.AuthenticatedSubjec t.doAs(AuthenticatedSubject.java:321)
    > > at weblogic.security.service.SecurityManager.runAs(Se curityManager.java:121)
    > > at weblogic.servlet.internal.WebAppServletContext.sec uredExecute(WebAppServletContext.java:2268)
    > > at weblogic.servlet.internal.WebAppServletContext.exe cute(WebAppServletContext.java:2174)
    > > at weblogic.servlet.internal.ServletRequestImpl.run(S ervletRequestImpl.java:1446)
    > > at weblogic.work.ExecuteThread.execute(ExecuteThread. java:201)
    > > at weblogic.work.ExecuteThread.run(ExecuteThread.java :173)


    My configuration in applicationContext-security.xml is as below

    Java Code:
    <?xml version="1.0" encoding="UTF-8"?> <beans:beans 
    xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
          [url]http://www.springframework.org/schema/beans/spring-beans-2.5.xsd[/url]
             [url=http://www.springframework.org/schema/security]Index of /schema/security[/url]
             http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
    		<http auto-config="true">
    			<intercept-url pattern='/login.htm*' filters='none' />		
    			<intercept-url pattern='/superPackage.htm*' access='ROLE_USER' />
     			<form-login login-page='/login.htm' authentication-failure-url="/login.htm?error=1"/>
     		</http>
     	<authentication-provider user-service-ref="crowdUserDetailsService"></authentication-provider>
    	<beans:bean id="crowdUserDetailsService"
     		class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl">
    		<beans:property name="authenticationManager" ref="crowdAuthenticationManager" />
    		<beans:property name="groupMembershipManager" ref="crowdGroupMembershipManager" />
    		<beans:property name="userManager" ref="crowdUserManager" />
     		<beans:property name="authorityPrefix" value="ROLE_" />
     	</beans:bean>
     	<beans:bean id="crowdAuthenticationProvider"
    		class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider">
    		<custom-authentication-provider />
     		<beans:constructor-arg ref="crowdAuthenticationManager" />
    	<beans:constructor-arg ref="httpAuthenticator" />
    		<beans:constructor-arg ref="crowdUserDetailsService" />
    </beans:bean>
     </beans:beans>
    Last edited by Cbani; 09-13-2010 at 12:49 PM.

  2. #2
    JosAH's Avatar
    JosAH is offline Moderator
    Join Date
    Sep 2008
    Location
    Voorschoten, the Netherlands
    Posts
    13,375
    Blog Entries
    7
    Rep Power
    20

    Default

    Why the funny ">" indentation? Did you copy and paste the text from somewhere else?

    kind regards,

    Jos

  3. #3
    Cbani is offline Member
    Join Date
    Jan 2010
    Posts
    90
    Rep Power
    0

    Default

    ya.. Jos.. Thats because I posted the same in atlassain and spring security forums.. So, copied and pasted.. do ignore

  4. #4
    Cbani is offline Member
    Join Date
    Jan 2010
    Posts
    90
    Rep Power
    0

    Default

    require urgent help on this guys

    Below URL gives the complete details of the problem;

    Spring Security 2.0.4 with spring 2.5 and Crowd 2.0.7 - Spring Community Forums

  5. #5
    Cbani is offline Member
    Join Date
    Jan 2010
    Posts
    90
    Rep Power
    0

Similar Threads

  1. spring security tutorial
    By devstarter in forum New To Java
    Replies: 1
    Last Post: 03-01-2010, 06:51 PM
  2. Custom role in spring security
    By ngoc61 in forum Web Frameworks
    Replies: 1
    Last Post: 08-07-2009, 03:39 AM
  3. spring security and struts2
    By ngoc61 in forum Web Frameworks
    Replies: 0
    Last Post: 03-09-2009, 09:26 AM
  4. Replies: 0
    Last Post: 12-30-2008, 05:58 AM
  5. Replies: 1
    Last Post: 07-23-2007, 11:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •