I have completed setting up Spring Security using the roo shell as a guide and it has generated several views, amongst them is the login.jspx. I am trying to create a custom login form using Vaadin's Visual editor and Eclipse, how can i redirect the user to my login form and then use Spring Security to validate and authenticate the user as well as start a session management? I am really trying to avoid JSP since the rest of my application is using Vaadin as its Core Front-End
vaadin has some limitations on the login form.
Have a look at: https://vaadin.com/book/-/page/components.loginform.html so you will notice what I mean.
You can also have a look at the vaadin wiki (https://vaadin.com/wiki). There are several articles on your topic. You may find your solution there :)
kind regards
.zip
Related
We are starting out with Spring Boot, and looking for best practices
in implementing a large application. If you can provide links to any large/mid scale open source application
implemented using Spring Boot, that would be helpful.
Also we did research code generated by "JHipster" (jhipster.github.io/) project, which
definitely helps generating lot of boiler plate code like user management, transaction management, REST Services/ AngularJS based application.
The only problem is "JHipster" is AngularJS based. But in our case we
would like to go with "Thymeleaf" based UI.
If you can provide a link to framework/sample application similar to "JHipster",
but based on "Thymeleaf" based UI, that will also be very helpful.
Thanks
JHipster also supports Thymeleaf: by default it generates an AngularJS front-end, and this is its main goal, but you can also use Thymeleaf if you don't want a single Web page application.
If you have a look at the error pages, for example, they are done with Thymeleaf (as the 404 page can't be in the single Web page application, for obvious reasons)
I am developing a jsp dynamic web project on eclipse.
I want to create an website with login functionality. I intend to store users' accounts and passwords in MySQL database. Of course, different users have different roles and rights to access different web pages. What is the best approach to implement it?
So far, I know these approaches:
1) Users enter accounts/passwords in login.jsp. LoginServlet then connects to MySQL database to check if it is correct. AuthenticationFilters will make sure only users with rights can access certain pages.
2) Use Role Based Authentication by declaring user roles in web.xml. I find this approach is not flexible, because I need to declare roles in advance.
3) Use HttpServletRequest's login/logout methods. I have not studied it.
Is my understanding correct? Could someone gives me some suggestions? Some clues would be very helpful!
Besides, I know that using POST alone to send passwords is not safe enough. Many websites suggest to use HTTPS connections. So if using HTTPS connections, does it affect the approach I choose to implement the login function?
Thanks!
--
Now, I know I need to use Spring. But Spring seems difficult for me... In Spring website I cant find out the link to download jar files. The user guide says I need to use Gradle or Maven, which I haven't used before, and have no idea why I need them. Besides, there are many Spring projects. Which one should I choose? Spring framework?
--
Have you looked into using Spring Security? It's built for just that. You don't need to be familiar with Spring but it may help.
Here are a couple of tutorials that use database authentication:
1: Spring Security Authentication and Authorization Example with Database Credentials
2: Spring Security Login Example with Database
Edit:
You don't have to Maven or Gradle. You can simply add the jars to your build path and they will work. The only projects you need to implement for the login to work is the Spring Framework and Spring Security.
To use Spring Security without Maven or Gradle:
Download the Spring Framework jars, unzip them, and add them to your project and build path. It's probably a good idea to find a hello world tutorial using Spring to get you started. A quick Google search should turn up many results.
After you have Spring implemented in your project, download the Spring Security jars, unzip those, and add them to your build path. The links to the tutorials that I previously posted will get you started. They may take a little while to go through and you may not understand exactly what is happening behind the scenes, but once you get it set up is works outstanding. I'm also not sure if you are using xml configuration or Java config but I believe those tutorials are for xml.
Spring Security was built so that it could be added to any project and have you up and running with basic configuration in about 15 minutes. After you get the basic login going (it will use the generic login form), you can search for how to implement your own custom login form, add permissions or restrictions to users and url patters, adding custom filters, etc. I encourage you to spend some time learning it as it is highly flexible and customizable.
I'm developing two java web-applications through (springDataJPA,spring and vaadin). Now I want to make a login module usable from both applications.
I worked with JAAS a few month ago, and I want any suggestion about the tecnology to use to implement it.
Can i make this using spring Security?
Can you give me any suggestion about this?
Use spring-security, create database with users. And use them in both web apps
Look for this tutorial:
spring-security with database
Thinking to use Spring security but is there better than that? Also, thinking to use CAS (Central Authentication Service) to integrate with Spring security for Single Sign On? Any suggestions? It might be different question but any idea how to use spring taglib in GWT to hide certain things based on user role?
I would recommend also the great (but maybe easier) security library from Apache: Shiro.
Here is the documentation to integrate with CAS: http://shiro.apache.org/cas.html.
Thinking to use Spring security but is there better than that?
Maybe
Also, thinking to use CAS (Central Authentication Service) to integrate with Spring security for Single Sign On? Any suggestions?
Spring Security integrates seamlessly with CAS, you just need to do namespace based configuration and add beans when required on the client side.
See Documentation
It might be different question but any idea how to use spring taglib in GWT to hide certain things based on user role?
Yes, you can do that using the security taglib like provided you include your GWT widgets into JSPs:
Here is a tutorial on how to do that but haven't tested it.
custom-integration-of-gwt-widgets-into-jsps
and the-role-of-jsps-in-a-gwt-world/
See also:
http://www.springbyexample.org/examples/simple-gwt-spring-webapp-gwt.html
how to conditionally show jsp content to logged in users with Spring security
I have a project with the following setup:
Tomcat 6.x
Struts 2.1.6
DisplayTag 1.2
Spring 2.x (1 or 5, don't remember now)
I want to know to to do session controlling in every action of my app, like if the users weren't logged in, they're redirect to certain page to login (in the case of my project, either the user come to a special crafted url like login/SPECIALHASHTOLOGIN or won't enter at all.
Need more details?
Thx in advance.
I'm still new to S2 as well, but I believe what you will need to do is modify the default interceptor stack (or create a custom stack) and add a custom interceptor. This custom interceptor will need to implement SessionAware to access the user session, and must implement your custom logic (which action to redirect to, which URLs do not need protection, etc.).
Here is a good tutorial of a LoginInterceptor that behaves similar to what you are requesting.
Acegi security is a great way to add security to your web app if you're already using Spring. Here's a decent 1-hour Acegi tutorial.