Oct 21, 2011
Configuring Spring Security to persist the SecurityContext to places other than session between requests —
Yeah I agree, I suck at titles :) But, again and again, Spring guys are real badasses :)
By default, Spring Security keeps the SecurityContext object in session objects of user between requests. SecurityContextPersistenceFilter manages this task. When a request comes, it reads the SecurityContext object from a security context repository (which I will mention in a second), puts it to SecurityContextHolder to be used by other filters and the application.…
Oct 3, 2011
Extending Spring's OpenSessionInViewFilter to not open sessions for request to static resources —
If you are using OpenSessionInViewFilter in your application, you may be opening sessions for requests which don’t actually do any session-related things, simply accessing to css, javascript or image files. When you get your requests like images, js files with static urls not from servlets, the case will not happen. But for example, if you use JSF and map your “*.jsf” urls to Faces Servlet and filter it with OpenSessionInView filter to avoid lazy loading exceptions in your facelets, JSF fill send requests to your Faces Servlet to load resources like images, css files, js files and you will open session for those request too although not necessary.…
Oct 3, 2011
Writing a custom Facelet EL function makes authorization check using Spring Security —
It’s common that you may want to show some part of your pages to the user with certain roles. Writing a custom Facelet EL function makes doing authorization checks for viewing parts of pages really easy. If you are using Spring Security in the background, you can use its SecurityContext object to get authorities of the user and use them in your EL function implementation.
Here, there is a simple EL function implementation that users Spring Security to get roles of user and controls if the user has a certain role or not.…
Sep 29, 2011
Integrating Spring Security with LDAP —
To integrate Spring Security with Ldap, add the dependency to your build path first. You don’t have to define the second dependency, it is for using the latest version of spring ldap core.
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-ldap</artifactId> <version>3.0.5</version> </dependency> <dependency> <groupId>org.springframework.ldap</groupId> <artifactId>spring-ldap-core</artifactId> <version>1.3.1.RELEASE</version> </dependency> Spring LDAP’s LdapTemplate makes doing LDAP operations too much easy. But for simple authentication mechanism, you don’t need to use it actually. Although I will talk about LdapTemplate a little bit.…
Sep 22, 2011
Hibernate "A component cannot hold properties split into 2 different tables" hatası —
Bugün Hibernate’den çok güzel bir Exception yedim. Başta Exception biraz ilginç geldi ama, sebebini anlayınca Hibernate’e acayip hak verdim. @Embeddable ile annotate ettiğim bir sınıfı başka bir entity sınıfının içinde @Embedded ile tanımladığımda, Hibernate ayağa kalkarken şu hatayı attı:
org.hibernate.AnnotationException: A component cannot hold properties split into 2 different tables
@Embeddable dediğim sınıfın içeriği şuna benzer bişeydi:
@Embeddable public class Details { // ... // fields // .…