| Marcos de Sousa |
|
| 2008-09-16 |
|
Hi Henri,
Congratulation.
I was trying to found time to write an Small Talk showing Spring
Security 2.0.X with ZK, but I was without time. Congratulation again.
I guess, the next question will be: "What about Database Object
Definition Source?"
I have write at Spring Security an way to do it with ZK all step by
step in "09-08-2008, 10:16 AM" there is "My Solution"
Check this link: http://forum.springframework.org/showthread.php?t=56615
One note:
I didn't use of "contextHolder ThreadLocal" at zk.xml, so the only
drawback without it with spring security was after an user logged in
with remember me first time it will not update the contextHolder, so I
found an workaround: if (getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY) != null) {
// TODO: Redirect to main page
}public static boolean isRememberMe() {
SecurityContext ctx = SecurityContextHolder.getContext();
if (ctx != null) {
Authentication auth = ctx.getAuthentication();
return resolver.isRememberMe(auth);
}
return false;
}<listener>
<description>ThreadLocal Synchronization Listener</description>
<listener-class>org.zkoss.zkplus.util.ThreadLocalListener</listener-class>
</listener>
<preference>
<name>ThreadLocal</name>
<value>
org.springframework.security.context.ThreadLocalSecurityContextHolderStrategy=contextHolder
</value>
</preference>
|
|
| Marcos de Sousa |
|
| 2008-09-16 |
|
I tried to set contextHolder and try to listen: if (isRememberMe()) {
// TODO: Redirect to main page
}
But it return false. So, I back to my workaround if (getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY) != null) {
// TODO: Redirect to main page
}
Maybe I must try in pure JSP to check whether it is an ZK Issue. |
|
| Marcos de Sousa |
|
| 2008-09-16 |
|
One strange thing is that if I restart the server isRememberMe() return true. So, it took me in an way such something is wrong so, I don´t know yet if it is wrong from ZK or from Spring Security |
|
| Marcos de Sousa |
|
| 2008-09-16 |
|
even using <system-config>
<disable-event-thread/>
</system-config>
it returned false when logged with remember me, but when I restart the server it return true |
|
| henrichen |
|
| 2008-09-17 |
|
Since
using <disable-event-thread/> give you same result, I guess this
has something to do with Spring Security. In diabled event thread mode,
ZK works like other servlet. Another way to make sure is using JSP
pages and see if it behaves the same. |
|
| Marcos de Sousa |
|
| 2008-09-17 |
|
Let me post it to Spring Forum and listen Spring Security's Team. |
|
| Cary |
|
| 2008-09-28 |
|
<form-login login-page="/login.zul"/>是絕對路徑,當你的路徑登陸到/secure下后他就不能正常找到這個頁面了,修改一下吧. |
|
| Ged Roberts |
|
| 2008-11-16 |
|
I
am trying to implement spring security with ZK 3.5 and Spring 2.5 but
am having some trouble identifying the Maven dependancies (Spring 2.5
and Spring Security 2.0 clash apparently). Do you have an example of a
Maven pom with this combination? |
|
| henrichen |
|
| 2008-11-19 |
|
Ged, I have no experience with maven build. Any one familiar with maven give a hand? |
|
| Ged Roberts |
|
| 2008-11-26 |
|
I
have managed to sort my Maven configuration out for Spring 2.5 and
Spring Security 2.0 but I am now getting "IllegalStateException" when I
try to log in having invoked a secure page. Snippet of the stack trace
below. Have you come across this before? Scenario here is, access
a secure page, login page presented by Spring Security, enter login
credentials and submit. IllegalStateException occurs. Any ideas? java.lang.IllegalStateException: Recover an invalidated session, org.zkoss.zk.ui.http.SimpleSession@1b1ff47
at org.zkoss.zk.ui.http.SimpleSession.recover(SimpleSession.java:354)
at org.zkoss.zk.ui.sys.SessionsCtrl.getSession(SessionsCtrl.java:92)
at org.zkoss.zk.ui.http.WebManager.getSession(WebManager.java:287)
at org.zkoss.zk.ui.http.WebManager.getSession(WebManager.java:269)
at org.zkoss.zk.ui.http.DHtmlLayoutServlet.doGet(DHtmlLayoutServlet.java:157) |
|
|
|
|
| 2008-11-27 |
|
By the way, would you show how to make maven works. I think the ZK community will appreciate it very much. |
|
| hum |
|
| 2008-12-26 |
|
Hi Marcos de Sousa. In which package can I find AbstractRememberMeServices or ArtefactId ? thx u |
|
| James |
|
| 2009-01-09 |
|
i get a 404 message
description: The requested resource () is not available.
I noticed in the log file i get this...
log4j:WARN No appenders could be found for logger (org.springframework.web.context.ContextLoader).
log4j:WARN Please initialize the log4j system properly. removing the spring security lines (filter and filtermapping) allows it to work, but then of course there is no security...
I'd appreciate any help I can get. |
|
| CBogdan |
|
| 2009-01-15 |
|
Hello, On this "invalidated session" issue, I've ran into it myself.
What I did to make it work (and still have security - I hope) was to get rid of this section from web.xml:
<listener>
<description>
Used to cleanup when a session is destroyed
</description>
<display-name>ZK Session Cleaner</display-name>
<listener-class>
org.zkoss.zk.ui.http.HttpSessionListener
</listener-class>
</listener> Could someone confirm that this is ok? Thank you, |
|
| henrichen |
|
| 2009-01-16 |
|
CBogdan, The
ZK HttpsSessionListener is used to "listen" to the session invalidation
outside of ZK's control. If a session is invalidated, this listener
will do "clean up" of the ZK resources associated with a session. I
will not suggest get rid of this. Regarding your issue, may I ask which
version of ZK you are using? It shall have been fixed. |
|
| CBogdan |
|
| 2009-01-17 |
|
Hello, Ok, I understand.
My version is 3.5.1 and Spring Security 2.0.4. I hope that my post helps probably in pointing a direction. Thank you very much for your support. |
|
| henrichen |
|
| 2009-01-17 |
|
Upgrade to 3.5.2 shall solve your issue. |
|
| CBogdan |
|
| 2009-01-17 |
|
Thank you for this. It works now. Best regards, |
|
| sysmat |
|
| 2009-02-23 |
|
This spring configuration works only for In-Memory Authentication, what if I wont define JDBC Authentication. In side applicationContext-security.xml I can't define bean, because xml start with beans:beans. |
|
| craps casino play |
|
| 2009-03-09 |
|
I'm trying with this new components and it works so good. Thanks a lot!!ZK is an open-source Ajax framework which
enables Java developers to create rich web applications with little programming.I always play chess on a java
supporting application online on http://www.crapscasinoplay.com |
|
| boards 4 chess |
|
| 2009-03-10 |
|
All
we have to do is to modify configuration files and then, layout the
Spreadsheet at proper place. In the near future, we will introduce more
useful tools of ZK Spreadsheet. But still i expect your response to
make it better.Thanks!! |
|
