Friday, October 30, 2009

Spring Security

I'm working on a project using the Spring Web MVC framework.  I was interested in learning more about Spring Security to have it manage authentication and authorization for me.  This way I can avoid having to write a custom form controller to manage authentication, and coming up with some home-grown ACL strategy.  I decided to try out the petclinic tutorial.  It seemed like after reviewing the information that I would be able to use Spring Security in my project.

So, I repeated the steps of the tutorial on my own project.  But I soon found out that the login page being displayed was not a jsp found in the petclinic project.  Instead, it is generated by the Spring Security library.  This won't do.  I need a login page that looks like the rest of my application.  So, off to Google I go...

Fortunately, I'm not the first person to have this same issue.  Thanks to Peter Mularien for putting together this excellent summary of and expansion on the petclinic tutorial.  The one thing I did differently in my project is that I wanted to enforce concurrent session control.  This is easily accomplished by adding the following to your security:http configuration:

<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>

However, I was experiencing a bad side-effect.  Now once my user logged out, they could no longer log back in.  After posting a question on Stack Overflow I discovered my own answer.  There is another listener required in the deployment descriptor to use session control:

<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>

Once again, I'm left with the feeling that Spring is great, but its lack of documentation for what I would consider to be core features is a chronic issue for me.  Spring is not for the faint-hearted or easily-frustrated.  One must have the intestinal fortitude to dig in and figure things out on their own...and search Google.
Posted by at No comments:
Labels: , ,

Sunday, October 04, 2009

Programming Zen

  • C = an axe: lots of people use it for lots of basic, but serious jobs.
  • C++ = a double-bladed axe with a graphite handle and a rubber grip:  similar, but fewer people use it, and they feel special having held it in their hands.
  • Java = one of every kind of axe there has ever been, all lined up neatly in a row.
  • Python = that old stand-by pair of scissors in your top drawer.
Posted by at No comments:
Subscribe to: Posts (Atom)