Friday, December 28, 2012

Spring Security 3.1 Book

I am pleased to announce that the Spring Security 3.1 Book is now out.

Thursday, May 24, 2012

QCon NYC Discount / shameless plug

QCon is the enterprise software development conference designed for team leads, architects, and project management and is organized by the community, for the community. As one of the speakers at QCon NYC and in order to promote the first time it is held in NYC I was given a discount code that I can share with others. To save $100 when attending QCon NYC you can use the discount code WINC100.

Wednesday, August 31, 2011

Easily (by Voting) Make Running Spring Security Samples Easier

I have been pretty busy and so things have been rather quiet on my blog as of late. However, I wanted to take a few minutes to post how by voting you can make running the Spring Security samples easier.

I have been posting JIRA's to STS's Gradle support to ensure that Spring Security and its samples can be ran without needing to use the command line. I could not be more pleased with how responsive Kris De Volder has been. However, some of the issues are blocked based upon what the Gradle tooling API supports. In order to help get the issues prioritized I have a listing of issues that would help Spring Security. If you would like to see better support simply vote on the issues below to help ensure that these issues get prioritized. I will be updating the list as necessary.

Thanks for your contribution!

Please Vote

http://issues.gradle.org/browse/GRADLE-1539
http://issues.gradle.org/browse/GRADLE-1765
http://issues.gradle.org/browse/GRADLE-1766
https://issuetracker.springsource.com/browse/STS-1856









Sunday, April 17, 2011

Running Spring Security's CAS and PreAuth Samples in STS

Introduction
In the previous blog I wrote about how to setup a Spring Security workspace with Spring Tool Suite. Most of the sample applications can now run just by right clicking the sample application and selecting Run As -> Run on Server. Thanks to AJDT all the aspects are even woven automatically for you. There are a few things that need to be done in order to run spring-security-samples-cassample and spring-security-samples-preauth within Spring Tool Suite. In this post I will discuss each of them in turn.

Setting Up Tomcat in STS
First you need to integrate STS with Tomcat.
  • Download an instance of Tomcat. In the example we use Tomcat 7.0.12
  • Open the Servers view (i.e. Window -> Show Views -> Other..., Server->Servers)
  • In the Servers view right click and select New -> Server
  • Select Apache->Tomcat 7
  • Select Next
  • Fill out the Tomcat location and if you are using Tomcat 7 ensure you are using JDK 1.6 (Eclipse will display an error if you do not meet this requirement)
  • Click Finish

Spring Security CAS Sample
In this section I will discuss how to run the CAS Sample using STS on Tomcat. I will not cover how to deploy the CAS Server in STS. Instead, we will use gradle to run the CAS Server on Jetty.

Setting Up HTTPS
CAS uses SSL handshakes for authentication; thus it requires HTTPS to be setup. To setup HTTPS you will need to update the Tomcat server.xml file.
  • Within the Package Explorer, navigate to Servers -> Server Name (i.e. Tomcat v7.0 Server at localhost-config) -> server.xml
  • Find scheme="https" with the server.xml. You should see something that looks like the following:
    <!--
        <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                   maxThreads="150" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS" />
        -->
  • Uncomment the Connector
  • Add the keystoreFile to point to the Spring Security's samples/certficates/server.jks
  • Specify the keystorePass as password
  • The result should look something like this:
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" 
        maxThreads="150" scheme="https" secure="true"
        clientAuth="false" sslProtocol="TLS" 
        keystoreFile="/home/rwinch/spring-security/samples/certificates/server.jks"
        keystorePass="password"/> 
Setting Up Trusted Certificates
Tomcat can now accept SSL connections on port 8443, but if you try and make an SSL connection to the CAS Server to validate a Service Ticket, the SSL handshake will fail. In this section, we will modify the System Properties of the Tomcat instance, so that the CAS Service will be able to validate Service Tickets. Please keep in mind if your CAS Server is using a certificate that is different than the one provided with Spring Security, you will need to point to that certificate and use its password instead.
  • If the Servers view is not open, open it (i.e. Window -> Show View -> Other, Server-> Servers)
  • Double click on the Server (i.e. Tomcat v7.0 Server at localhost)
  • Click the Open Launch Configuration link within the Overview tab
  • Select the Arguments tab
  • In the VM arguments section specify system arguments to specify the trust store and its password. Note that the arguments are separated by a space. An example is -Djavax.net.ssl.trustStore=/home/rwinch/spring-security/samples/certificates/server.jks -Djavax.net.ssl.trustStorePassword=password
Starting the CAS Server
The next step is to start the CAS Server using the gradle wraper.
  • Open a command prompt and navigate to where you downloaded Spring Security.
  • Execute .\gradlew.bat casServer for Windows or ./gradlew casServer for other Operating System  
Running the CAS Sample
Now you should be able to run the CAS sample application on the server.
  • Click the spring-security-samples-cassample and drag it to the Server you setup (i.e. Tomcat v7.0 Server at localhost)
  • Select the spring-security-samples-cassample project and perform a clean on it (i.e. Project->Clean..., Clean projects selected below, OK). This ensures that the updated server configuration gets published. You should also double check that the Server's status is Republish.
  • Select the Server and click the Run or Debug button
  • Navigate to https://localhost:8443/cas-sample/ 
  • Enter in a username / password (i.e. rod/rod)
  • You should be able to navigate the CAS application.
Spring Security PreAuth Sample
In this section I will discuss how to setup Tomcat to run the Spring Security PreAuth Sample and then run it within STS.
Update the tomcat-users.xml
Tomcat has other methods for managing users, but we will stick to the most basic...modifying tomcat-users.xml
  • Open tomcat-users.xml by navigating to Servers -> Server Name (i.e. Tomcat v7.0 Server at localhost-config) -> tomcat-users.xml
  • Paste the following into tomcat-users.xml
    <tomcat-users>
      <role rolename="ROLE_SUPERVISOR"/>
      <role rolename="ROLE_USER"/>
      <user username="rod" password="koala" roles="ROLE_SUPERVISOR,ROLE_USER"/>
      <user username="scott" password="wombat" roles="ROLE_USER"/>
      <user username="username" password="password" roles="role1"/>
    </tomcat-users>  
Running the PreAuth Sample
  • Click the spring-security-samples-preauth and drag it to the Server you setup (i.e. Tomcat v7.0 Server at localhost)
  • Select the spring-security-samples-preauth project and perform a clean on it (i.e. Project->Clean..., Clean projects selected below, OK). This ensures that the updated server configuration gets published. You should also double check that the Server's status is Republish.
  • Select the Server and click the Run or Debug button
  • Navigate to https://localhost:8443/preauth/ 
  • Enter in a username / password (i.e. rod/koala)
  • You should be able to navigate the PreAuth application.

Thursday, March 17, 2011

Running Spring Security's Tutorial Sample in Spring Tool Suite

Note
UPDATE If you are using Spring Security 3.1.2+ you should use the Gradle Eclipse Plugin instead of gradlew eclipse
Note: Vote on these JIRA's if you would like STS to be able to import Spring Security without use of the command line.
Introduction

This blog will teach you how to run the sample applications/tests for Spring Security 3.1.x in STS. It is assumed that you have already installed STS. Since STS is a flavor of Eclipse, the process for doing this in Eclipse is similar.

The main goal is to demonstrate how to setup a workspace with STS. In later posts I will describe how to run the other sample applications within STS. Once you can run Spring Security in an IDE, I will describe how to contribute back to Spring Security.

Screencast

If you want to see this in action, you can view the screen cast too.

STS Setup

Spring Security uses git to manage the source code. There are quite a few different git clients to choose from, but in this blog I will demonstrate how to obtain the source using EGit.

Some of the tests are written in Groovy. If you want to run the tests, you will need to install the Groovy Eclipse plugin.

To install the plugins:
  • Open up STS to a new workspace
  • You should see an option to Open Dashboard
  • At the bottom of the Dashboard View select the Extensions tab
  • In the Find box type in EGit and select the check box next to it
  • In the Find box type in Groovy Eclipse and select the check box next to it
  • Click the Install button in the lower right
  • Follow the instructions on any dialogs that pop up
  • After everything is installed, restart STS
Checking Out the Source Code
  • Once STS starts back up navigate to File->Import->Git->Projects from Git
  • Click the Clone... button
  • Fill out the URI with git://github.com/SpringSource/spring-security.git
  • Click the Next button to view the branches for this repository
  • Ensure that all the branches are selected
  • Click the Next button again to clone all the branches
  • Accept all the defaults and click the Finish button
  • The repository will be cloned and the local location will be displayed next to it
  • Remember the path to the repository as the Destination Directory
Generating the Eclipse Configuration Files
  • Open up a command prompt and navigate to the Destination Directory from the previous step
  • When using EGit, I have to add the execution bit the gradle wrapper. Since this does not happen when I use git from the command line, I suspect it is an EGit bug. To change the permissions in a Linux environment execute chmod +x gradlew from the command line.
  • Linux/Mac users run ./gradlew eclipse
  • Windows users run .\gradlew.bat eclipse
  • Gradle will automatically be downloaded, installed, download the required dependencies, and then the Eclipse configuration will be generated
Importing the Projects
  • Navigate back to Eclipse and click the Next button
  • Ensure Import Existing Projects is selected
  • Click the Next button
  • Click Select All
  • Click the Finish button
  • The project will be imported and there should be no errors.
Running the Code

At this point you should be able to run all of the unit tests by right clicking the project and navigating to Run As -> JUnit Tests. Of course that is not all that fun, so instead we will run the tutorial sample on tc Server. To run the tutorial follow these steps:
  • Right click spring-security-samples-tutorial and select Run As -> Run on Server
  • Select Finish
  • When prompted if you want to enable Spring Insight click No
  • The application will be opened up in Spring Tool Suite
  • When prompted to login, you can use the users defined in spring-security-samples-tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml (i.e. rod / koala)

What Next?

You can read about Running Spring Security's CAS and PreAuth Samples in STS