One day when I tried to use the Hibernate @Cascade annotation, the syntax was correct, but I had the error of "Type mismatch: cannot convert from CascadeType to CascadeType[]".
It turned out I had a mismatch import. To fix it, remove the line
import javax.persistence.CascadeType;
then add the line
import org.hibernate.annotations.CascadeType;
Reference
JPA & Hibernate annotation common mistake
http://www.mkyong.com/hibernate/cascade-jpa-hibernate-annotation-common-mistake/
Thursday, July 25, 2013
Thursday, July 11, 2013
Test Spring security protected web app using curl
Form-based authentication
1. Obtain a session and write it to the file. Note that the spring security path j_spring_security_check is used for this step
$ curl --data "j_username=myname&j_password=mypswd" http://localhost:8080/SpringSecurityAuth/j_spring_security_check --cookie-jar cookies.txt
2. Access the protected URL with the session
$ curl http://localhost:8080/SpringSecurityAuth/api/helloworld --cookie cookies.txt
HTTP basic authentication
$ curl --user myname:mypwsd http://localhost:8080/SpringSecurityAuth/api/helloworld
$ curl --user byname:mypwsd http://localhost:8080/SpringSecurityAuth/api/helloworld --cookie-jar cookies.txt
2. Access the protected URL with the session
$ curl http://localhost:8080/SpringSecurityAuth/api/helloworld --cookie cookies.txt
Simple REST Stateless configuration
To achieve REST stateless feature, the element in security configuration file can be configured as follow
This feature can be achieved only with HTTP basic authentication because the form-based authentication needs to have a session to access the protected resource, but the session is not valid here.
This approach may not be secure enough because the username and password are transmitted in each request. To have a more secure implementation, using option to generate token and customer-filter to authenticate token may be required (authentication could be form-based or HTTP basic since token is being used).
Reference
Interact with a spring-security protected application
https://bowerstudios.com/node/913
Spring Security Basic Authentication
http://www.baeldung.com/spring-security-basic-authentication
Advanced Namespace Configuration
http://static.springsource.org/spring-security/site/docs/3.1.x/reference/security-filter-chain.html#filter-chains-with-ns
1. Obtain a session and write it to the file. Note that the spring security path j_spring_security_check is used for this step
$ curl --data "j_username=myname&j_password=mypswd" http://localhost:8080/SpringSecurityAuth/j_spring_security_check --cookie-jar cookies.txt
2. Access the protected URL with the session
$ curl http://localhost:8080/SpringSecurityAuth/api/helloworld --cookie cookies.txt
HTTP basic authentication
Option 1
Send username and password for each request$ curl --user myname:mypwsd http://localhost:8080/SpringSecurityAuth/api/helloworld
Option 2
1. Obrain a session similar to the way in form-based authentication, but using spring security path j_spring_security_check is not needed$ curl --user byname:mypwsd http://localhost:8080/SpringSecurityAuth/api/helloworld --cookie-jar cookies.txt
2. Access the protected URL with the session
$ curl http://localhost:8080/SpringSecurityAuth/api/helloworld --cookie cookies.txt
Simple REST Stateless configuration
To achieve REST stateless feature, the
<!-- Stateless RESTful service using Basic authentication -->
<http pattern="/restful/**" create-session="stateless">
<intercept-url pattern='/**' access='ROLE_REMOTE' />
<http-basic />
</http>
Then the saved session will not work and providing username and password is required for each request.This feature can be achieved only with HTTP basic authentication because the form-based authentication needs to have a session to access the protected resource, but the session is not valid here.
This approach may not be secure enough because the username and password are transmitted in each request. To have a more secure implementation, using
Reference
Interact with a spring-security protected application
https://bowerstudios.com/node/913
Spring Security Basic Authentication
http://www.baeldung.com/spring-security-basic-authentication
Advanced Namespace Configuration
http://static.springsource.org/spring-security/site/docs/3.1.x/reference/security-filter-chain.html#filter-chains-with-ns
Subscribe to:
Posts (Atom)