Search Results

Search found 14784 results on 592 pages for 'spring security'.

Page 7/592 | < Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >

  • Spring MVC configuration problems

    - by Smek
    i have some problems with configuring Spring MVC. I made a maven multi module project with the following modules: /api /domain /repositories /webapp I like to share the domain and the repositories between the api and the webapp (both web projects). First i want to configure the webapp to use the repositories module so i added the dependencies in the xml file like this: <dependency> <groupId>${project.groupId}</groupId> <artifactId>domain</artifactId> <version>1.0-SNAPSHOT</version> </dependency> <dependency> <groupId>${project.groupId}</groupId> <artifactId>repositories</artifactId> <version>1.0-SNAPSHOT</version> </dependency> And my controller in the webapp module looks like this: package com.mywebapp.webapp; import com.mywebapp.domain.Person; import com.mywebapp.repositories.services.PersonService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @Controller @RequestMapping("/") @Configuration @ComponentScan("com.mywebapp.repositories") public class PersonController { @Autowired PersonService personservice; @RequestMapping(method = RequestMethod.GET) public String printWelcome(ModelMap model) { Person p = new Person(); p.age = 23; p.firstName = "John"; p.lastName = "Doe"; personservice.createNewPerson(p); model.addAttribute("message", "Hello world!"); return "index"; } } In my webapp module i try to load configuration files in my web.xml like this: <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:/META-INF/persistence-context.xml, classpath:/META-INF/service-context.xml</param-value> </context-param> These files cannot be found so i get the following error: org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from class path resource [META-INF/persistence-context.xml]; nested exception is java.io.FileNotFoundException: class path resource [META-INF/persistence-context.xml] cannot be opened because it does not exist These files are in the repositories module so my first question is how can i make Spring to find these files? I also have trouble Autowiring the PersonService to my Controller class did i forget to configure something in my XML? Here is the error message: [INFO] [talledLocalContainer] SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener [INFO] [talledLocalContainer] org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'personServiceImpl': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private com.mywebapp.repositories.repository.PersonRepository com.mywebapp.repositories.services.PersonServiceImpl.personRepository; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No matching bean of type [com.mywebapp.repositories.repository.PersonRepository] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Autowired(required=true)} PersonServiceImple.java: package com.mywebapp.repositories.services; import com.mywebapp.domain.Person; import com.mywebapp.repositories.repository.PersonRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.mongodb.core.MongoTemplate; import org.springframework.stereotype.Service; @Service public class PersonServiceImpl implements PersonService{ @Autowired public PersonRepository personRepository; @Autowired public MongoTemplate personTemplate; @Override public Person createNewPerson(Person person) { return personRepository.save(person); } } PersonService.java package com.mywebapp.repositories.services; import com.mywebapp.domain.Person; public interface PersonService { Person createNewPerson(Person person); } PersonRepository.java: package com.mywebapp.repositories.repository; import com.mywebapp.domain.Person; import org.springframework.data.mongodb.repository.MongoRepository; import org.springframework.stereotype.Repository; import java.math.BigInteger; @Repository public interface PersonRepository extends MongoRepository<Person, BigInteger> { } persistance-context.xml <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mongo="http://www.springframework.org/schema/data/mongo" xsi:schemaLocation= "http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/data/mongo http://www.springframework.org/schema/data/mongo/spring-mongo-1.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"> <context:property-placeholder location="classpath:mongo.properties"/> <mongo:mongo host="${mongo.host}" port="${mongo.port}" id="mongo"> <mongo:options connections-per-host="${mongo.connectionsPerHost}" threads-allowed-to-block-for-connection-multiplier="${mongo.threadsAllowedToBlockForConnectionMultiplier}" connect-timeout="${mongo.connectTimeout}" max-wait-time="${mongo.maxWaitTime}" auto-connect-retry="${mongo.autoConnectRetry}" socket-keep-alive="${mongo.socketKeepAlive}" socket-timeout="${mongo.socketTimeout}" slave-ok="${mongo.slaveOk}" write-number="1" write-timeout="0" write-fsync="true"/> </mongo:mongo> <mongo:db-factory dbname="person" mongo-ref="mongo" id="mongoDbFactory"/> <bean id="personTemplate" name="personTemplate" class="org.springframework.data.mongodb.core.MongoTemplate"> <constructor-arg name="mongoDbFactory" ref="mongoDbFactory"/> </bean> <mongo:repositories base-package="com.mywebapp.repositories.repository" mongo-template-ref="personTemplate"> <mongo:repository id="personRepository" repository-impl-postfix="PersonRepository" mongo-template-ref="personTemplate" create-query-indexes="true"/> </mongo:repositories> Thanks

    Read the article

  • How do I set a dependency on Spring Web Services in my POM.xml

    - by Ben
    I get this on a lot of Maven dependencies, though current source of pain is Spring. I'll set a Spring version and include it like so: <spring-version>3.0.0.RELEASE</spring-version> <!-- Spring framework --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>${spring-version}</version> </dependency> Which works as expected. I am however having problems setting my dependency on spring-ws-core for web services. The latest I can find in any repo is 2.0.0-M1. http://mvnrepository.com/artifact/org.springframework.ws/spring-ws-core Any clues on what I need to include in my maven POM to get Spring 3 web services to work :)

    Read the article

  • When to use Spring Integration vs. Camel?

    - by ngeek
    As a seasoned Spring user I was assuming that Spring Integration would make the most sense in a recent project requiring some (JMS) messaging capabilities (more details). After some days working with Spring Integration it still feels like a lot of configuration overhead given the amount of channels you have to configure to bring some request-response (listening on different JMS queues) communications in place. Therefore I was looking for some background information how Camel is different from Spring Integration, but it seems like information out there are pretty spare, I found: http://java.dzone.com/articles/spring-integration-and-apache (Very neutral comparison between implementing a real-world integration scenario in Spring Integration vs. Camel, from December 2009) http://hillert.blogspot.com/2009/10/apache-camel-alternatives.html (Comparing Camel with other solutions, October 2009) http://raibledesigns.com/rd/entry/taking_apache_camel_for_a (Matt Raible, October 2008) Question is: what experiences did you make on using the one stack over the other? In which scenarios would you recommend Camel were Spring Integration lacks support? Where do you see pros and cons of each? Any advise from real-world projects are highly appreciated.

    Read the article

  • Sequence Number in testing Spring application with JUnit (Hibernating, Spring MVC)

    - by MBK
    I am testing DAO in Spring Application. @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = "classpath:/applicationContext.xml") @TransactionConfiguration(transactionManager = "transactionManager", defaultRollback = true) @Transactional public class CommentDAOImplTest { @Autowired //testing mehods here} The tests are running good. Iam able to add an comment and I also have a defaultRollback property set. So, the added comment will be deleted automatically. happy!..Now the problem is with the sequence number for mcomment. Can I, in any way rollback the seq number? any suggestins on that. I dont want to mess up the sequrnce number. Business requires comment Id to be showed. (I still dont know why). I know in memory db is an option....but I am guessing defaultRollback purpose is to eliminate in memory db testing and mocking. (Just my opinion.)

    Read the article

  • Does the "security" repository provides anything not found in the "updates" repository?

    - by netvope
    For the limited number of package I looked at (e.g. apache), I found that the package version in the updates repository is always newer than or equal to the version available in the security repository (provided that they exist). This gives me the impression that all security patches posted to the security repository are also posted to the updates repository. If this is true, I can remove all <release_name>-security entries in my apt sources.list and the <release_name>-updates entries will still give me the security patches. This will speed up apt-get update quite a bit. The best documentation I can found regarding the repositories is on the community help page "Important Security Updates (raring-security)". Patches for security vulnerabilities in Ubuntu packages. They are managed by the Ubuntu Security Team and are designed to change the behavior of the package as little as possible -- in fact, the minimum required to resolve the security problem. As a result, they tend to be very low-risk to apply and all users are urged to apply security updates. "Recommended Updates (raring-updates)". Updates for serious bugs in Ubuntu packaging that do not affect the security of the system. However, it does not mention whether the updates repository also includes everything in the security repository. Can anyone confirm (or disconfirm) this?

    Read the article

  • Spring Security 3.0- Customise basic http Authentication Dialog

    - by gav
    Rather than reading; A user name and password are being requested by http://localhost:8080. The site says: "Spring Security Application" I want to change the prompt, or at least change what the "site says". Does anyone know how to do this via resources.xml? In my Grails App Spring configuration, my current version is as follows; <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http auto-config="true" use-expressions="true"> <http-basic/> <intercept-url pattern="/**" access="isAuthenticated()" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <user-service> <user name="admin" password="admin" authorities="ROLE_ADMIN"/> </user-service> </authentication-provider> </authentication-manager> </beans:beans>

    Read the article

  • WCF WS-Security and WSE Nonce Authentication

    - by Rick Strahl
    WCF makes it fairly easy to access WS-* Web Services, except when you run into a service format that it doesn't support. Even then WCF provides a huge amount of flexibility to make the service clients work, however finding the proper interfaces to make that happen is not easy to discover and for the most part undocumented unless you're lucky enough to run into a blog, forum or StackOverflow post on the matter. This is definitely true for the Password Nonce as part of the WS-Security/WSE protocol, which is not natively supported in WCF. Specifically I had a need to create a WCF message on the client that includes a WS-Security header that looks like this from their spec document:<soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken wsu:Id="UsernameToken-8" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:Username>TeStUsErNaMe1</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" >TeStPaSsWoRd1</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" >f8nUe3YupTU5ISdCy3X9Gg==</wsse:Nonce> <wsu:Created>2011-05-04T19:01:40.981Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> Specifically, the Nonce and Created keys are what WCF doesn't create or have a built in formatting for. Why is there a nonce? My first thought here was WTF? The username and password are there in clear text, what does the Nonce accomplish? The Nonce and created keys are are part of WSE Security specification and are meant to allow the server to detect and prevent replay attacks. The hashed nonce should be unique per request which the server can store and check for before running another request thus ensuring that a request is not replayed with exactly the same values. Basic ServiceUtl Import - not much Luck The first thing I did when I imported this service with a service reference was to simply import it as a Service Reference. The Add Service Reference import automatically detects that WS-Security is required and appropariately adds the WS-Security to the basicHttpBinding in the config file:<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="RealTimeOnlineSoapBinding"> <security mode="Transport" /> </binding> <binding name="RealTimeOnlineSoapBinding1" /> </basicHttpBinding> </bindings> <client> <endpoint address="https://notarealurl.com:443/services/RealTimeOnline" binding="basicHttpBinding" bindingConfiguration="RealTimeOnlineSoapBinding" contract="RealTimeOnline.RealTimeOnline" name="RealTimeOnline" /> </client> </system.serviceModel> </configuration> If if I run this as is using code like this:var client = new RealTimeOnlineClient(); client.ClientCredentials.UserName.UserName = "TheUsername"; client.ClientCredentials.UserName.Password = "ThePassword"; … I get nothing in terms of WS-Security headers. The request is sent, but the the binding expects transport level security to be applied, rather than message level security. To fix this so that a WS-Security message header is sent the security mode can be changed to: <security mode="TransportWithMessageCredential" /> Now if I re-run I at least get a WS-Security header which looks like this:<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <u:Timestamp u:Id="_0"> <u:Created>2012-11-24T02:55:18.011Z</u:Created> <u:Expires>2012-11-24T03:00:18.011Z</u:Expires> </u:Timestamp> <o:UsernameToken u:Id="uuid-18c215d4-1106-40a5-8dd1-c81fdddf19d3-1"> <o:Username>TheUserName</o:Username> <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" >ThePassword</o:Password> </o:UsernameToken> </o:Security> </s:Header> Closer! Now the WS-Security header is there along with a timestamp field (which might not be accepted by some WS-Security expecting services), but there's no Nonce or created timestamp as required by my original service. Using a CustomBinding instead My next try was to go with a CustomBinding instead of basicHttpBinding as it allows a bit more control over the protocol and transport configurations for the binding. Specifically I can explicitly specify the message protocol(s) used. Using configuration file settings here's what the config file looks like:<?xml version="1.0"?> <configuration> <system.serviceModel> <bindings> <customBinding> <binding name="CustomSoapBinding"> <security includeTimestamp="false" authenticationMode="UserNameOverTransport" defaultAlgorithmSuite="Basic256" requireDerivedKeys="false" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"> </security> <textMessageEncoding messageVersion="Soap11"></textMessageEncoding> <httpsTransport maxReceivedMessageSize="2000000000"/> </binding> </customBinding> </bindings> <client> <endpoint address="https://notrealurl.com:443/services/RealTimeOnline" binding="customBinding" bindingConfiguration="CustomSoapBinding" contract="RealTimeOnline.RealTimeOnline" name="RealTimeOnline" /> </client> </system.serviceModel> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/> </startup> </configuration> This ends up creating a cleaner header that's missing the timestamp field which can cause some services problems. The WS-Security header output generated with the above looks like this:<s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:UsernameToken u:Id="uuid-291622ca-4c11-460f-9886-ac1c78813b24-1"> <o:Username>TheUsername</o:Username> <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" >ThePassword</o:Password> </o:UsernameToken> </o:Security> </s:Header> This is closer as it includes only the username and password. The key here is the protocol for WS-Security:messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" which explicitly specifies the protocol version. There are several variants of this specification but none of them seem to support the nonce unfortunately. This protocol does allow for optional omission of the Nonce and created timestamp provided (which effectively makes those keys optional). With some services I tried that requested a Nonce just using this protocol actually worked where the default basicHttpBinding failed to connect, so this is a possible solution for access to some services. Unfortunately for my target service that was not an option. The nonce has to be there. Creating Custom ClientCredentials As it turns out WCF doesn't have support for the Digest Nonce as part of WS-Security, and so as far as I can tell there's no way to do it just with configuration settings. I did a bunch of research on this trying to find workarounds for this, and I did find a couple of entries on StackOverflow as well as on the MSDN forums. However, none of these are particularily clear and I ended up using bits and pieces of several of them to arrive at a working solution in the end. http://stackoverflow.com/questions/896901/wcf-adding-nonce-to-usernametoken http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/4df3354f-0627-42d9-b5fb-6e880b60f8ee The latter forum message is the more useful of the two (the last message on the thread in particular) and it has most of the information required to make this work. But it took some experimentation for me to get this right so I'll recount the process here maybe a bit more comprehensively. In order for this to work a number of classes have to be overridden: ClientCredentials ClientCredentialsSecurityTokenManager WSSecurityTokenizer The idea is that we need to create a custom ClientCredential class to hold the custom properties so they can be set from the UI or via configuration settings. The TokenManager and Tokenizer are mainly required to allow the custom credentials class to flow through the WCF pipeline and eventually provide custom serialization. Here are the three classes required and their full implementations:public class CustomCredentials : ClientCredentials { public CustomCredentials() { } protected CustomCredentials(CustomCredentials cc) : base(cc) { } public override System.IdentityModel.Selectors.SecurityTokenManager CreateSecurityTokenManager() { return new CustomSecurityTokenManager(this); } protected override ClientCredentials CloneCore() { return new CustomCredentials(this); } } public class CustomSecurityTokenManager : ClientCredentialsSecurityTokenManager { public CustomSecurityTokenManager(CustomCredentials cred) : base(cred) { } public override System.IdentityModel.Selectors.SecurityTokenSerializer CreateSecurityTokenSerializer(System.IdentityModel.Selectors.SecurityTokenVersion version) { return new CustomTokenSerializer(System.ServiceModel.Security.SecurityVersion.WSSecurity11); } } public class CustomTokenSerializer : WSSecurityTokenSerializer { public CustomTokenSerializer(SecurityVersion sv) : base(sv) { } protected override void WriteTokenCore(System.Xml.XmlWriter writer, System.IdentityModel.Tokens.SecurityToken token) { UserNameSecurityToken userToken = token as UserNameSecurityToken; string tokennamespace = "o"; DateTime created = DateTime.Now; string createdStr = created.ToString("yyyy-MM-ddThh:mm:ss.fffZ"); // unique Nonce value - encode with SHA-1 for 'randomness' // in theory the nonce could just be the GUID by itself string phrase = Guid.NewGuid().ToString(); var nonce = GetSHA1String(phrase); // in this case password is plain text // for digest mode password needs to be encoded as: // PasswordAsDigest = Base64(SHA-1(Nonce + Created + Password)) // and profile needs to change to //string password = GetSHA1String(nonce + createdStr + userToken.Password); string password = userToken.Password; writer.WriteRaw(string.Format( "<{0}:UsernameToken u:Id=\"" + token.Id + "\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" + "<{0}:Username>" + userToken.UserName + "</{0}:Username>" + "<{0}:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">" + password + "</{0}:Password>" + "<{0}:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" + nonce + "</{0}:Nonce>" + "<u:Created>" + createdStr + "</u:Created></{0}:UsernameToken>", tokennamespace)); } protected string GetSHA1String(string phrase) { SHA1CryptoServiceProvider sha1Hasher = new SHA1CryptoServiceProvider(); byte[] hashedDataBytes = sha1Hasher.ComputeHash(Encoding.UTF8.GetBytes(phrase)); return Convert.ToBase64String(hashedDataBytes); } } Realistically only the CustomTokenSerializer has any significant code in. The code there deals with actually serializing the custom credentials using low level XML semantics by writing output into an XML writer. I can't take credit for this code - most of the code comes from the MSDN forum post mentioned earlier - I made a few adjustments to simplify the nonce generation and also added some notes to allow for PasswordDigest generation. Per spec the nonce is nothing more than a unique value that's supposed to be 'random'. I'm thinking that this value can be any string that's unique and a GUID on its own probably would have sufficed. Comments on other posts that GUIDs can be potentially guessed are highly exaggerated to say the least IMHO. To satisfy even that aspect though I added the SHA1 encryption and binary decoding to give a more random value that would be impossible to 'guess'. The original example from the forum post used another level of encoding and decoding to string in between - but that really didn't accomplish anything but extra overhead. The header output generated from this looks like this:<s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:UsernameToken u:Id="uuid-f43d8b0d-0ebb-482e-998d-f544401a3c91-1" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <o:Username>TheUsername</o:Username> <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ThePassword</o:Password> <o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" >PjVE24TC6HtdAnsf3U9c5WMsECY=</o:Nonce> <u:Created>2012-11-23T07:10:04.670Z</u:Created> </o:UsernameToken> </o:Security> </s:Header> which is exactly as it should be. Password Digest? In my case the password is passed in plain text over an SSL connection, so there's no digest required so I was done with the code above. Since I don't have a service handy that requires a password digest,  I had no way of testing the code for the digest implementation, but here is how this is likely to work. If you need to pass a digest encoded password things are a little bit trickier. The password type namespace needs to change to: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#Digest and then the password value needs to be encoded. The format for password digest encoding is this: Base64(SHA-1(Nonce + Created + Password)) and it can be handled in the code above with this code (that's commented in the snippet above): string password = GetSHA1String(nonce + createdStr + userToken.Password); The entire WriteTokenCore method for digest code looks like this:protected override void WriteTokenCore(System.Xml.XmlWriter writer, System.IdentityModel.Tokens.SecurityToken token) { UserNameSecurityToken userToken = token as UserNameSecurityToken; string tokennamespace = "o"; DateTime created = DateTime.Now; string createdStr = created.ToString("yyyy-MM-ddThh:mm:ss.fffZ"); // unique Nonce value - encode with SHA-1 for 'randomness' // in theory the nonce could just be the GUID by itself string phrase = Guid.NewGuid().ToString(); var nonce = GetSHA1String(phrase); string password = GetSHA1String(nonce + createdStr + userToken.Password); writer.WriteRaw(string.Format( "<{0}:UsernameToken u:Id=\"" + token.Id + "\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" + "<{0}:Username>" + userToken.UserName + "</{0}:Username>" + "<{0}:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#Digest\">" + password + "</{0}:Password>" + "<{0}:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" + nonce + "</{0}:Nonce>" + "<u:Created>" + createdStr + "</u:Created></{0}:UsernameToken>", tokennamespace)); } I had no service to connect to to try out Digest auth - if you end up needing it and get it to work please drop a comment… How to use the custom Credentials The easiest way to use the custom credentials is to create the client in code. Here's a factory method I use to create an instance of my service client:  public static RealTimeOnlineClient CreateRealTimeOnlineProxy(string url, string username, string password) { if (string.IsNullOrEmpty(url)) url = "https://notrealurl.com:443/cows/services/RealTimeOnline"; CustomBinding binding = new CustomBinding(); var security = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement(); security.IncludeTimestamp = false; security.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256; security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; var encoding = new TextMessageEncodingBindingElement(); encoding.MessageVersion = MessageVersion.Soap11; var transport = new HttpsTransportBindingElement(); transport.MaxReceivedMessageSize = 20000000; // 20 megs binding.Elements.Add(security); binding.Elements.Add(encoding); binding.Elements.Add(transport); RealTimeOnlineClient client = new RealTimeOnlineClient(binding, new EndpointAddress(url)); // to use full client credential with Nonce uncomment this code: // it looks like this might not be required - the service seems to work without it client.ChannelFactory.Endpoint.Behaviors.Remove<System.ServiceModel.Description.ClientCredentials>(); client.ChannelFactory.Endpoint.Behaviors.Add(new CustomCredentials()); client.ClientCredentials.UserName.UserName = username; client.ClientCredentials.UserName.Password = password; return client; } This returns a service client that's ready to call other service methods. The key item in this code is the ChannelFactory endpoint behavior modification that that first removes the original ClientCredentials and then adds the new one. The ClientCredentials property on the client is read only and this is the way it has to be added.   Summary It's a bummer that WCF doesn't suport WSE Security authentication with nonce values out of the box. From reading the comments in posts/articles while I was trying to find a solution, I found that this feature was omitted by design as this protocol is considered unsecure. While I agree that plain text passwords are rarely a good idea even if they go over secured SSL connection as WSE Security does, there are unfortunately quite a few services (mosly Java services I suspect) that use this protocol. I've run into this twice now and trying to find a solution online I can see that this is not an isolated problem - many others seem to have struggled with this. It seems there are about a dozen questions about this on StackOverflow all with varying incomplete answers. Hopefully this post provides a little more coherent content in one place. Again I marvel at WCF and its breadth of support for protocol features it has in a single tool. And even when it can't handle something there are ways to get it working via extensibility. But at the same time I marvel at how freaking difficult it is to arrive at these solutions. I mean there's no way I could have ever figured this out on my own. It takes somebody working on the WCF team or at least being very, very intricately involved in the innards of WCF to figure out the interconnection of the various objects to do this from scratch. Luckily this is an older problem that has been discussed extensively online and I was able to cobble together a solution from the online content. I'm glad it worked out that way, but it feels dirty and incomplete in that there's a whole learning path that was omitted to get here… Man am I glad I'm not dealing with SOAP services much anymore. REST service security - even when using some sort of federation is a piece of cake by comparison :-) I'm sure once standards bodies gets involved we'll be right back in security standard hell…© Rick Strahl, West Wind Technologies, 2005-2012Posted in WCF  Web Services   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • Do you develop with security in mind?

    - by MattyD
    I was listening to a podcast on Security Now and they mentioned about how a lot of the of the security problems found in Flash were because when flash was first developed it wasdn't built with security in mind because it didn't need to thus flash has major security flaws in its design etc. I know best practices state that you should build secure first etc. Some people or companies don't always follow 'best practice'... My question is do you develop to be secure or do you build with all the desired functionality etc then alter the code to be secure (Whatever the project maybe) (I realise that this question could be a possible duplicate of Do you actively think about security when coding? but it is different in the fact of actually process of building the software/application and design of said software/application)

    Read the article

  • Multi-module web project with Spring and Maven

    - by Johan Sjöberg
    Assume we have a few projects, each containing some web resources (e.g., html pages). parent.pom +- web (war) +- web-plugin-1 (jar) +- web-plugin-2 (jar) ... Let's say web is the deployable war project which depends on the known, but selectable, set of plugins. What is a good way to setup this using Spring and maven? Let the plugins be war projects and use mavens poor support for importing other war projects Put all web-resource for all plugins in the web project Add all web-resources to the classpath of all jar web-plugin-* dependencie and let spring read files from respective classpath? Other? I've previously come from using #1, but the copy-paste semantics of war dependencies in maven is horrible.

    Read the article

  • Spring can commit Transaction in finally block with RunTimeException in try block [migrated]

    - by Chance Lai
    The project used Spring + Hibernate Sample code: public void method(){ try{ dao.saveA(entityA); throw RuntimeException; dao.saveB(entityB); }catch(RuntimeException e){ throw e; }finally{ dao.saveC(entityC) } } Finally, just entityC will be saved in database in test. I think saveA, saveB, saveC in the same transaction,they should not be committed. In this case, I want to know why entityC is committed. How does Spring do this in the finally block?

    Read the article

  • Difference between spring setter and interface injection?

    - by Satish Pandey
    I know how constructor and setter injection works in spring. Normally I use interfaces instead of classes to inject beans using setter and I consider it as interface injection, but in case of constructor we also use interfaces (I am confused). In following example I use JobProcessor interface instead of JobProcessorImpl class. public class JobScheduler { // JobProcessor interface private JobProcessor jobProcessor; // Dependecy injection public void setJobProcessor(JobProcessor jobProcessor){ this.jobProcessor = jobProcessor; } } I tried to find a solution by googling but there are different opinions by writers. Even some people says that spring doesn't support interface injection in their blogs/statements. Can someone help me by example?

    Read the article

  • Spring can't find a lib and webapp doesn't start up in tomcat 6

    - by gotch4
    I've this problem using STS: I'm building a simple Spring app, just to try out features like MVC and persistence. Now I've created something very simple, out of a bunch of tutorials for Spring 3, that I'm using. The application fails with this, during server startup: Code: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping#0': Initialization of bean failed; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean] for bean with name 'mySessionFactory' defined in ServletContext resource [/WEB-INF/spring/appServlet/servlet-context.xml]; nested exception is java.lang.ClassNotFoundException: org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean but I've org.springframework.orm in web-inf/classes folder (I even tried putting it in web-inf/lib). As I copied these libs there, the came out in Web App Libraries folder. Building this project in STS works fine as this dependency is set up in build path throught project properties, but how do I transfer the libs to the web app? (I'm using Tomcat 6 as it is the server I'm going to use sometime in the future for production). Is this a config problem of my XML? Or am I just missing the right way to put this lib? (I encountered the same problem before, but adding the needed lib in classes worked it out). More than this I that if I browse inside my workspace to the folder where the working folder of tomcat should be, I can't find any work directory and any commo

    Read the article

  • problem in handling menu - submenu based on spring security

    - by Nirmal
    Hi All... I have configured spring security core plugin using requestmap table inside the database.. Now inside requestmap table I have all the possible urls and it's equivalent roles who can access that url... Now I want to generate menus and submenus based on the urls stored in requestmap table... So my requirement is to check the urls of menu & submenus against the logged in users privileges... And if logged in user has any one privilege then I need to display that main menu and the available submenus.... For e.g. I have a menu in my project called user which has a following submenus : **Users (main menu)** Manage Users (sub menu) Import Users (sub menu) Now inside my header.gsp I have successfully achieved the above requirement using if else condition, like : if ( privs.contains("/users/manageUsers") || privs.contains("/users/importUsers")) here privs are the list of urls from requestmap table for logged in user. But I want to achieve these using spring security tag lib, so for comparing urls I have find following tag from spring security core documentation : <sec:access url="/users/manageUsers"> But i am bit confuse that how I can replace or condition using tag library.. Is there any tag available which checks from multiple urls and evaluate it to true or false ? Of course I can do using sec:access tag with some flag logic, but is there any tags available which can fulfill my requirement directly ? Thanks in advance...

    Read the article

  • Which Java modules get Spring Security

    - by HDave
    I have a classic Java SOA application, with a web UI module, web services module, a service module (Java API), a domain module and a persistence module. In a sense, each of these modules has their own public API. My understanding of Spring Security is that I can use web filters to handle the security of the web gui and web services, and method level security (via annotations) for the service module. My question is this: should I bother to add method level security to the domain module and the persistence module or is that considered overkill?

    Read the article

  • Java Spotlight Episode 106: Java Security Update @spoofzu

    - by Roger Brinkley
    Java security update with Bruce Lowenthal and Milton Smith. Right-click or Control-click to download this MP3 file. You can also subscribe to the Java Spotlight Podcast Feed to get the latest podcast automatically. If you use iTunes you can open iTunes and subscribe with this link:  Java Spotlight Podcast in iTunes. Show Notes News Apple's Java Mac OS X 2012-006 Update NightHacking Tour Across Europe Four New Java Champions Oracle Announces Availability of Oracle Solaris 11.1 and Oracle Solaris Cluster 4.1 Oracle Announces General Availability of Oracle Application Development Framework Mobile Bean Validation 1.1 Early Draft JSR 107 Early Draft JCP Elections - Meet the Candidates GlassFish switching to JDK-7 only build Events Oct 30-Nov 1, Arm TechCon, Santa Clara, United States of America Oct 31, JFall, Hart van Holland, Netherlands Nov 2-3, JMaghreb, Rabat, Morocco Nov 5-9, Øredev Developer Conference, Malmö, Sweden Nov 13-17, Devoxx, Antwerp, Belgium Nov 20-22, DOAG 2012, Nuremberg, Germany Dec 3-5, jDays, Göteborg, Sweden Dec 4-6, JavaOne Latin America, Sao Paolo, Brazil Dec 14-15, IndicThreads, Pune, India Feature InterviewMilton Smith leads the security program for Java products at Oracle. His responsibilities span from tactical to strategic: definition and communication of the security vision for Java, working with engineering teams and researchers, as well as industry at large. He has over 20+ years of industry experience with emphasis in programming and computer security. Milton previous employer was Yahoo where he lead security for the User Data Analytics(UDA) property.Bruce Lowenthal is the Senior Director of Security Alerts at Oracle Corporation. What’s Cool Andrew Haley on an OpenJDK ARM64 Port Joe Darcy - JDK bug migration: bugs.sun.com now backed by JIRA Marcus Hirt on Using the Mission Control DTrace Plug-in

    Read the article

  • Quantal: Broken apt-index, cant fix dependencies

    - by arcyqwerty
    I can't seem to add/remove/update packages Ubuntu software update has a notice about partial upgrades but fails Seems to be similar to this problem $ sudo apt-get update Ign http://archive.ubuntu.com quantal InRelease Ign http://security.ubuntu.com precise-security InRelease Ign http://us.archive.ubuntu.com precise InRelease Ign http://extras.ubuntu.com precise InRelease Ign http://us.archive.ubuntu.com precise-updates InRelease Ign http://us.archive.ubuntu.com precise-backports InRelease Ign http://ppa.launchpad.net precise InRelease Ign http://archive.canonical.com precise InRelease Ign http://ppa.launchpad.net precise InRelease Ign http://ppa.launchpad.net precise InRelease Hit http://archive.ubuntu.com quantal Release.gpg Get:1 http://security.ubuntu.com precise-security Release.gpg [198 B] Hit http://extras.ubuntu.com precise Release.gpg Get:2 http://us.archive.ubuntu.com precise Release.gpg [198 B] Get:3 http://us.archive.ubuntu.com precise-updates Release.gpg [198 B] Hit http://archive.canonical.com precise Release.gpg Hit http://ppa.launchpad.net precise Release.gpg Hit http://ppa.launchpad.net precise Release.gpg Hit http://archive.ubuntu.com quantal Release Get:4 http://security.ubuntu.com precise-security Release [49.6 kB] Get:5 http://us.archive.ubuntu.com precise-backports Release.gpg [198 B] Get:6 http://us.archive.ubuntu.com precise Release [49.6 kB] Hit http://extras.ubuntu.com precise Release Hit http://archive.canonical.com precise Release Hit http://ppa.launchpad.net precise Release.gpg Hit http://ppa.launchpad.net precise Release Hit http://archive.ubuntu.com quantal/main amd64 Packages Hit http://extras.ubuntu.com precise/main Sources Hit http://archive.canonical.com precise/partner Sources Hit http://ppa.launchpad.net precise Release Hit http://ppa.launchpad.net precise Release Get:7 http://us.archive.ubuntu.com precise-updates Release [49.6 kB] Hit http://extras.ubuntu.com precise/main amd64 Packages Hit http://extras.ubuntu.com precise/main i386 Packages Hit http://archive.ubuntu.com quantal/main i386 Packages Hit http://archive.ubuntu.com quantal/main Translation-en Hit http://archive.canonical.com precise/partner amd64 Packages Hit http://archive.canonical.com precise/partner i386 Packages Hit http://ppa.launchpad.net precise/main Sources Hit http://ppa.launchpad.net precise/main amd64 Packages Hit http://ppa.launchpad.net precise/main i386 Packages Get:8 http://us.archive.ubuntu.com precise-backports Release [49.6 kB] Hit http://ppa.launchpad.net precise/main Sources Get:9 http://security.ubuntu.com precise-security/main Sources [22.5 kB] Hit http://ppa.launchpad.net precise/main amd64 Packages Hit http://ppa.launchpad.net precise/main i386 Packages Hit http://ppa.launchpad.net precise/main Sources Hit http://ppa.launchpad.net precise/main amd64 Packages Hit http://ppa.launchpad.net precise/main i386 Packages Get:10 http://us.archive.ubuntu.com precise/main Sources [934 kB] Get:11 http://security.ubuntu.com precise-security/restricted Sources [14 B] Get:12 http://security.ubuntu.com precise-security/universe Sources [7,832 B] Ign http://archive.ubuntu.com quantal/main Translation-en_US Get:13 http://security.ubuntu.com precise-security/multiverse Sources [713 B] Get:14 http://security.ubuntu.com precise-security/main amd64 Packages [67.8 kB] Ign http://archive.canonical.com precise/partner Translation-en_US Get:15 http://security.ubuntu.com precise-security/restricted amd64 Packages [14 B] Get:16 http://security.ubuntu.com precise-security/universe amd64 Packages [18.8 kB] Ign http://extras.ubuntu.com precise/main Translation-en_US Ign http://archive.canonical.com precise/partner Translation-en Get:17 http://security.ubuntu.com precise-security/multiverse amd64 Packages [1,155 B] Get:18 http://security.ubuntu.com precise-security/main i386 Packages [70.2 kB] Ign http://extras.ubuntu.com precise/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Get:19 http://security.ubuntu.com precise-security/restricted i386 Packages [14 B] Get:20 http://security.ubuntu.com precise-security/universe i386 Packages [19.0 kB] Get:21 http://security.ubuntu.com precise-security/multiverse i386 Packages [1,394 B] Ign http://ppa.launchpad.net precise/main Translation-en Hit http://security.ubuntu.com precise-security/main Translation-en Hit http://security.ubuntu.com precise-security/multiverse Translation-en Hit http://security.ubuntu.com precise-security/restricted Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en Hit http://security.ubuntu.com precise-security/universe Translation-en Ign http://security.ubuntu.com precise-security/main Translation-en_US Ign http://security.ubuntu.com precise-security/multiverse Translation-en_US Ign http://security.ubuntu.com precise-security/restricted Translation-en_US Ign http://security.ubuntu.com precise-security/universe Translation-en_US Get:22 http://us.archive.ubuntu.com precise/restricted Sources [5,470 B] Get:23 http://us.archive.ubuntu.com precise/universe Sources [5,019 kB] Get:24 http://us.archive.ubuntu.com precise/multiverse Sources [155 kB] Get:25 http://us.archive.ubuntu.com precise/main amd64 Packages [1,273 kB] Get:26 http://us.archive.ubuntu.com precise/restricted amd64 Packages [8,452 B] Get:27 http://us.archive.ubuntu.com precise/universe amd64 Packages [4,786 kB] Get:28 http://us.archive.ubuntu.com precise/multiverse amd64 Packages [119 kB] Get:29 http://us.archive.ubuntu.com precise/main i386 Packages [1,274 kB] Get:30 http://us.archive.ubuntu.com precise/restricted i386 Packages [8,431 B] Get:31 http://us.archive.ubuntu.com precise/universe i386 Packages [4,796 kB] Get:32 http://us.archive.ubuntu.com precise/multiverse i386 Packages [121 kB] Hit http://us.archive.ubuntu.com precise/main Translation-en Hit http://us.archive.ubuntu.com precise/multiverse Translation-en Hit http://us.archive.ubuntu.com precise/restricted Translation-en Hit http://us.archive.ubuntu.com precise/universe Translation-en Get:33 http://us.archive.ubuntu.com precise-updates/main Sources [124 kB] Get:34 http://us.archive.ubuntu.com precise-updates/restricted Sources [1,379 B] Get:35 http://us.archive.ubuntu.com precise-updates/universe Sources [30.9 kB] Get:36 http://us.archive.ubuntu.com precise-updates/multiverse Sources [1,058 B] Get:37 http://us.archive.ubuntu.com precise-updates/main amd64 Packages [311 kB] Get:38 http://us.archive.ubuntu.com precise-updates/restricted amd64 Packages [2,417 B] Get:39 http://us.archive.ubuntu.com precise-updates/universe amd64 Packages [85.4 kB] Get:40 http://us.archive.ubuntu.com precise-updates/multiverse amd64 Packages [1,829 B] Get:41 http://us.archive.ubuntu.com precise-updates/main i386 Packages [314 kB] Get:42 http://us.archive.ubuntu.com precise-updates/restricted i386 Packages [2,439 B] Get:43 http://us.archive.ubuntu.com precise-updates/universe i386 Packages [85.9 kB] Get:44 http://us.archive.ubuntu.com precise-updates/multiverse i386 Packages [2,047 B] Hit http://us.archive.ubuntu.com precise-updates/main Translation-en Hit http://us.archive.ubuntu.com precise-updates/multiverse Translation-en Hit http://us.archive.ubuntu.com precise-updates/restricted Translation-en Hit http://us.archive.ubuntu.com precise-updates/universe Translation-en Get:45 http://us.archive.ubuntu.com precise-backports/main Sources [1,845 B] Get:46 http://us.archive.ubuntu.com precise-backports/restricted Sources [14 B] Get:47 http://us.archive.ubuntu.com precise-backports/universe Sources [11.1 kB] Get:48 http://us.archive.ubuntu.com precise-backports/multiverse Sources [1,383 B] Get:49 http://us.archive.ubuntu.com precise-backports/main amd64 Packages [1,271 B] Get:50 http://us.archive.ubuntu.com precise-backports/restricted amd64 Packages [14 B] Get:51 http://us.archive.ubuntu.com precise-backports/universe amd64 Packages [9,701 B] Get:52 http://us.archive.ubuntu.com precise-backports/multiverse amd64 Packages [996 B] Get:53 http://us.archive.ubuntu.com precise-backports/main i386 Packages [1,271 B] Get:54 http://us.archive.ubuntu.com precise-backports/restricted i386 Packages [14 B] Get:55 http://us.archive.ubuntu.com precise-backports/universe i386 Packages [9,703 B] Get:56 http://us.archive.ubuntu.com precise-backports/multiverse i386 Packages [999 B] Hit http://us.archive.ubuntu.com precise-backports/main Translation-en Hit http://us.archive.ubuntu.com precise-backports/multiverse Translation-en Hit http://us.archive.ubuntu.com precise-backports/restricted Translation-en Hit http://us.archive.ubuntu.com precise-backports/universe Translation-en Ign http://us.archive.ubuntu.com precise/main Translation-en_US Ign http://us.archive.ubuntu.com precise/multiverse Translation-en_US Ign http://us.archive.ubuntu.com precise/restricted Translation-en_US Ign http://us.archive.ubuntu.com precise/universe Translation-en_US Ign http://us.archive.ubuntu.com precise-updates/main Translation-en_US Ign http://us.archive.ubuntu.com precise-updates/multiverse Translation-en_US Ign http://us.archive.ubuntu.com precise-updates/restricted Translation-en_US Ign http://us.archive.ubuntu.com precise-updates/universe Translation-en_US Ign http://us.archive.ubuntu.com precise-backports/main Translation-en_US Ign http://us.archive.ubuntu.com precise-backports/multiverse Translation-en_US Ign http://us.archive.ubuntu.com precise-backports/restricted Translation-en_US Ign http://us.archive.ubuntu.com precise-backports/universe Translation-en_US Fetched 19.9 MB in 34s (571 kB/s) Reading package lists... Done $ sudo apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done You might want to run 'apt-get -f install' to correct these. The following packages have unmet dependencies: netbase : Breaks: ifupdown (< 0.7) Breaks: ifupdown:i386 (< 0.7) E: Unmet dependencies. Try using -f. $ sudo apt-get -f install Reading package lists... Done Building dependency tree Reading state information... Done Correcting dependencies... Done The following packages were automatically installed and are no longer required: dh-apparmor html2text libmail-sendmail-perl libsys-hostname-long-perl Use 'apt-get autoremove' to remove them. The following extra packages will be installed: ifupdown Suggested packages: rdnssd The following packages will be upgraded: ifupdown 1 upgraded, 0 newly installed, 0 to remove and 1179 not upgraded. 85 not fully installed or removed. Need to get 0 B/54.1 kB of archives. After this operation, 19.5 kB of additional disk space will be used. Do you want to continue [Y/n]? (Reading database ... 222498 files and directories currently installed.) Preparing to replace ifupdown 0.7~beta2ubuntu8 (using .../ifupdown_0.7.1ubuntu1_amd64.deb) ... Unpacking replacement ifupdown ... dpkg: error processing /var/cache/apt/archives/ifupdown_0.7.1ubuntu1_amd64.deb (--unpack): trying to overwrite '/etc/init.d/networking', which is also in package netbase 5.0ubuntu1 Processing triggers for man-db ... Processing triggers for ureadahead ... Errors were encountered while processing: /var/cache/apt/archives/ifupdown_0.7.1ubuntu1_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) cat /etc/apt/sources.list # deb cdrom:[Ubuntu 12.04 LTS _Precise Pangolin_ - Release amd64 (20120425)]/ dists/precise/main/binary-i386/ # deb cdrom:[Ubuntu 12.04 LTS _Precise Pangolin_ - Release amd64 (20120425)]/ dists/precise/restricted/binary-i386/ # deb cdrom:[Ubuntu 12.04 LTS _Precise Pangolin_ - Release amd64 (20120425)]/ precise main restricted # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://us.archive.ubuntu.com/ubuntu/ precise main restricted deb-src http://us.archive.ubuntu.com/ubuntu/ precise main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://us.archive.ubuntu.com/ubuntu/ precise-updates main restricted deb-src http://us.archive.ubuntu.com/ubuntu/ precise-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://us.archive.ubuntu.com/ubuntu/ precise universe deb-src http://us.archive.ubuntu.com/ubuntu/ precise universe deb http://us.archive.ubuntu.com/ubuntu/ precise-updates universe deb-src http://us.archive.ubuntu.com/ubuntu/ precise-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://us.archive.ubuntu.com/ubuntu/ precise multiverse deb-src http://us.archive.ubuntu.com/ubuntu/ precise multiverse deb http://us.archive.ubuntu.com/ubuntu/ precise-updates multiverse deb-src http://us.archive.ubuntu.com/ubuntu/ precise-updates multiverse ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. deb http://us.archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse deb-src http://us.archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse deb http://security.ubuntu.com/ubuntu precise-security main restricted deb-src http://security.ubuntu.com/ubuntu precise-security main restricted deb http://security.ubuntu.com/ubuntu precise-security universe deb-src http://security.ubuntu.com/ubuntu precise-security universe deb http://security.ubuntu.com/ubuntu precise-security multiverse deb-src http://security.ubuntu.com/ubuntu precise-security multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. deb http://archive.canonical.com/ubuntu precise partner deb-src http://archive.canonical.com/ubuntu precise partner ## This software is not part of Ubuntu, but is offered by third-party ## developers who want to ship their latest software. deb http://extras.ubuntu.com/ubuntu precise main deb-src http://extras.ubuntu.com/ubuntu precise main deb http://archive.ubuntu.com/ubuntu/ quantal main

    Read the article

  • Setup database for Unit tests with Spring, Hibernate and Spring Transaction Support

    - by Michael Bulla
    I want to test integration of dao-layer with my service-layer in a unit-test. So I need to setup some data in my database (hsql). For this setup I need an own transaction at the begining of my testcase to ensure that all my setup is really commited to database before starting my testcase. So here's what I want to achieve: // NotTranactional public void doTest { // transaction begins setup database // commit transaction service.doStuff() // doStuff is annotated @Transactional(propagation=Propagation.REQUIRED) } Here is my not working code: @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations={"/asynchUnit.xml"}) @DirtiesContext(classMode=ClassMode.AFTER_EACH_TEST_METHOD) public class ReceiptServiceTest implements ApplicationContextAware { @Autowired(required=true) private UserHome userHome; private ApplicationContext context; @Before @Transactional(propagation=Propagation.REQUIRED) public void init() throws Exception { User user = InitialCreator.createUser(); userHome.persist(user); } @Test public void testDoSomething() { ... } } Leading to this exception: org.hibernate.HibernateException: No Hibernate Session bound to thread, and configuration does not allow creation of non-transactional one here at org.springframework.orm.hibernate3.SpringSessionContext.currentSession(SpringSessionContext.java:63) at org.hibernate.impl.SessionFactoryImpl.getCurrentSession(SessionFactoryImpl.java:687) at de.diandan.asynch.modell.GenericHome.getSession(GenericHome.java:40) at de.diandan.asynch.modell.GenericHome.persist(GenericHome.java:53) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:196) at $Proxy28.persist(Unknown Source) at de.diandan.asynch.service.ReceiptServiceTest.init(ReceiptServiceTest.java:63) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:27) at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:74) at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:83) at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:72) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:231) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184) at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61) at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:71) at org.junit.runners.ParentRunner.run(ParentRunner.java:236) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:174) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:49) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197) I dont know whats the right way to get the transaction around setup database. What I tried: @Before @Transactional(propagation=Propagation.REQUIRED) public void setup() { setup database } - Spring seems not to start transaction in @Before-annotated methods. Beyond that, thats not what I really want, cause there are a lot merhods in my testclass which needs a slightly differnt setup, so I need several of that init-methods. @Transactional(propagation=Propagation.REQUIRED) public void setup() { setup database } public void doTest { init(); service.doStuff() // doStuff is annotated @Transactional(propagation=Propagation.REQUIRED) } -- init seems not to get started in transaction What I dont want to do: public void doTest { // doing my own transaction-handling setup database // doing my own transaction-handling service.doStuff() // doStuff is annotated @Transactional(propagation=Propagation.REQUIRED) } -- start mixing springs transaction-handling and my own seems to get pain in the ass. @Transactional(propagation=Propagation.REQUIRED) public void doTest { setup database service.doStuff() } -- I want to test as real as possible situation, so my service should start with a clean session and no transaction opened So whats the right way to setup database for my testcase?

    Read the article

  • Call stored procedure using Spring SimpleJdbcCall with callback

    - by MFIhsan
    I have an Oracle Stored procedure that takes CLOB input and REFCURSOR output. I invoke the SP via Spring SimpleJdbcCall passing in a RowMapper to map the results. However, since the result set is large, I need to provide callback feature to the client. I can't quite figure out how to add callback for an SP call using Spring - both with and without SimpleJdbcCall. One thought I have is to pass-in a RowCallbackHandler. Will this work or is there a better way to solve this problem? Any help here is appreciated. private Map<String, Object> arguments = ...; SimpleJdbcCall jdbcCall = new SimpleJdbcCall(this.jdbcTemplate) .withCatalogName(this.packageName) .withProcedureName(this.storedProcName) .withoutProcedureColumnMetaDataAccess() .declareParameters(this.outputParameters.toArray(new SqlOutParameter[]{})); if(!isEmpty(inputParameters)) { jdbcCall.declareParameters(inputParameters.toArray(new SqlParameter[]{})); } this.outputParameters.add(new SqlOutParameter(outputParamName, VARCHAR, rowMapper)); jdbcCall.execute(arguments);

    Read the article

  • Spring redirect: prefix issue

    - by Javi
    Hello, I have an application which uses Spring 3. I have a view resolver which builds my views based on a String. So in my controllers I have methods like this one. @RequestMapping(...) public String method(){ //Some proccessing return "tiles:tileName" } I need to return a RedirectView to solve the duplicate submission due to updating the page in the browser, so I have thought to use Spring redirect: prefix. The problem is that it only redirects when I user a URL alter the prefix (not with a name a resolver can understand). I wanted to do something like this: @RequestMapping(...) public String method(){ //Some proccessing return "redirect:tiles:tileName" } Is there any way to use RedirectView with the String (the resolvable view name) I get from the every controller method? Thanks

    Read the article

  • Spring 3.0: Handler mapping issue

    - by Yaniv Cohen
    I am having a trouble mapping a specific URL request to one of the controllers in my project. the URL is : http://HOSTNAME/api/v1/profiles.json the war which is deployed is: api.war the error I get is the following: [PageNotFound] No mapping found for HTTP request with URI [/api/v1/profiles.json] in DispatcherServlet with name 'action' The configuration I have is the following: web.xml : <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/applicationContext.xml,/WEB-INF/applicationContext-security.xml</param-value> </context-param> <!-- Cache Control filter --> <filter> <filter-name>cacheControlFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <!-- Cache Control filter mapping --> <filter-mapping> <filter-name>cacheControlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Spring security filter --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <!-- Spring security filter mapping --> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Spring listener --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- Spring Controller --> <servlet> <servlet-name>action</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>action</servlet-name> <url-pattern>/v1/*</url-pattern> </servlet-mapping> The action-servlet.xml: <mvc:annotation-driven/> <bean id="contentNegotiatingViewResolver" class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver"> <property name="favorPathExtension" value="true" /> <property name="favorParameter" value="true" /> <!-- default media format parameter name is 'format' --> <property name="ignoreAcceptHeader" value="false" /> <property name="order" value="1" /> <property name="mediaTypes"> <map> <entry key="html" value="text/html"/> <entry key="json" value="application/json" /> <entry key="xml" value="application/xml" /> </map> </property> <property name="viewResolvers"> <list> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix" value="/WEB-INF/jsp/"/> <property name="suffix" value=".jsp"/> <property name="viewClass" value="org.springframework.web.servlet.view.JstlView" /> </bean> </list> </property> <property name="defaultViews"> <list> <bean class="org.springframework.web.servlet.view.json.MappingJacksonJsonView" /> <bean class="org.springframework.web.servlet.view.xml.MarshallingView"> <constructor-arg> <bean class="org.springframework.oxm.xstream.XStreamMarshaller" /> </constructor-arg> </bean> </list> </property> </bean> the application context security: <sec:http auto-config='true' > <sec:intercept-url pattern="/login.*" filters="none"/> <sec:intercept-url pattern="/oauth/**" access="ROLE_USER" /> <sec:intercept-url pattern="/v1/**" access="ROLE_USER" /> <sec:intercept-url pattern="/request_token_authorized.jsp" access="ROLE_USER" /> <sec:intercept-url pattern="/**" access="ROLE_USER"/> <sec:form-login authentication-failure-url ="/login.html" default-target-url ="/login.html" login-page ="/login.html" login-processing-url ="/login.html" /> <sec:logout logout-success-url="/index.html" logout-url="/logout.html" /> </sec:http> the controller: @Controller public class ProfilesController { @RequestMapping(value = {"/v1/profiles"}, method = {RequestMethod.GET,RequestMethod.POST}) public void getProfilesList(@ModelAttribute("response") Response response) { .... } } the request never reaches this controller. Any ideas?

    Read the article

  • portlet 2.0 (jsr286) development with spring

    - by Patrick Cornelissen
    Hi! We are discussing whether it's a good idea to switch from plain portlet development on a liferay installation to spring webmvc portlet based development. We're starting the development of some portlets soon, so now is the time. But the problem I see is that we'd like to use some of the portlet 2.0 features, which won't work with versions older than spring 3.0. (Right?) Has anyone insight, if it's worth the waiting? (When is 3.0 scheduled anyway?) Is the current milestone stable enough? Our first real release will be in the last quarter of the year, so the springsource guys have some time left to get a final out of the door... ;-) Any ideas?

    Read the article

  • How can I use Spring Security without sessions?

    - by Jarrod
    I am building a web application with Spring Security that will live on Amazon EC2 and use Amazon's Elastic Load Balancers. Unfortunately, ELB does not support sticky sessions, so I need to ensure my application works properly without sessions. So far, I have setup RememberMeServices to assign a token via a cookie, and this works fine, but I want the cookie to expire with the browser session (e.g. when the browser closes). I have to imagine I'm not the first one to want to use Spring Security without sessions... any suggestions?

    Read the article

  • Using Spring's KeyHolder with programmatically-generated primary keys

    - by smayers81
    Hello, I am using Spring's NamedParameterJdbcTemplate to perform an insert into a table. The table uses a NEXTVAL on a sequence to obtain the primary key. I then want this generated ID to be passed back to me. I am using Spring's KeyHolder implementation like this: KeyHolder key = new GeneratedKeyHolder(); jdbcTemplate.update(Constants.INSERT_ORDER_STATEMENT, params, key); However, when I run this statement, I am getting: org.springframework.dao.DataRetrievalFailureException: The generated key is not of a supported numeric type. Unable to cast [oracle.sql.ROWID] to [java.lang.Number] at org.springframework.jdbc.support.GeneratedKeyHolder.getKey(GeneratedKeyHolder.java:73) Any ideas what I am missing?

    Read the article

  • Is it required to generate java classes to use spring-ws client

    - by vishnu
    Hi, I want to use spring ws to create the webservice client. I have seen some documentation. In all using jaxb marshalling and unmarshalling. But to start of need to create java classes from xsd. I tried to download the elcipse plugin for this. The location in java.net is not showing any thing to download. Sourceforce net showing the link to download. But that plugin is not working. I have tried wsimport, but it is generating only .classes? My question is if i want to use spring ws, is it required to generate .java classes? If so where can i find the elipse plugin or how to generate the classes? Is there any other way we can do without generating these classes?

    Read the article

< Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >