CODEWITHSUNDEEP
springgwt
quarks
quarks

Reputation: 35276

GWT and Spring Security Integration

In my currect GWT application login, I use a back-end XMPP server to authenticate the Username-Password combination from the server, and the response is a connection ID sent back through the RPC login mechanism.

However, I created a new "User" database (which is shared with the XMPP server) in which user info is stored and is used as part to authenticate username and password with Spring Security;

Anyone can share some code snippet for GWT + Spring Security, login / logout codes?

Upvotes: 1

Views: 3505

Answers (2)

Aravind A
Aravind A

Reputation: 9697

My configurations are as follows . I use a GWT app

in my jsp

<form name="login" action="<c:url value="j_spring_security_check"/>" method="POST">

in my web.xml

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

in my welcome.jsp

<sec:authorize ifAnyGranted="<%=gRoles%>">      
  <meta http-equiv="REFRESH" content="0;  url=demoApp/demoApp.jsp">
</sec:authorize>

spring-security.xml

    <http auto-config="false" access-denied-page="/login.jsp?error=Access%20Denied">
    <intercept-url pattern="/login.jsp*" filters="none" />
    <intercept-url pattern="/demoApp/**" access="${app.roles}" />

    <form-login login-page="/login.jsp"
                default-target-url="/welcome.jsp" 
                always-use-default-target="true" 
                authentication-failure-url="/login.jsp?error=true" />
    <logout logout-success-url="/login.jsp"/>   
    <anonymous/>

Note that I use form based security sample here . You could use security:jdbc-user-service to connect to DB for authentication.

see a sample here

Upvotes: 0

Renato
Renato

Reputation: 13690

I'm using code from this article: http://www.javacodegeeks.com/2010/12/securing-gwt-apps-with-spring-security.html

Basically, you implement the Spring interface

org.springframework.security.authentication.AuthenticationProvider

which has an authenticate(Authentication) method. You get the username and password entered by the user inside this method with:

String username = (String) authentication.getPrincipal();
String password = (String) authentication.getCredentials();
// now try to get the user from your DB
User user = db.getUser(username, password);

and in your Spring context, you configure Spring security's filter (see the link) and declare your AuthenticationProvider:

<bean id="authProvider" class="com.example.security.MyAuthenticationProvider" />

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="authProvider" />
</security:authentication-manager>

I don't use GWT at all to log the user on... just a plain JSP page.... you can see a sample JSP login page (and a logout link) here When the user logs on, the GWT app is loaded. To logout, just do something like:

RequestBuilder rb = new RequestBuilder(RequestBuilder.POST, "/j_spring_security_logout");
try {
    rb.sendRequest(null, new RequestCallback() {
        public void onResponseReceived(Request request, Response response) {
            GWT.log("Logged user out: " + response.getStatusText());
        }
        public void onError(Request request, Throwable caught) {
            // try to recover somehow
        }
    });
} catch (RequestException re) {
    someOtherLogoutMechanism();
}

Upvotes: 2

Related Questions