Questions tagged [spring-security]

Spring Security is the Spring Framework's application security solution. Spring security can be used to secure URLs and method invocations. It is widely used to secure standalone web applications, portlets and increasingly REST applications.

2
votes
0answers
5 views

Unable to start Angular 7 with SSL certificate connecting to spring cloud applications - PEM_READ_BIO_PRIVATEKEY:bad password read

we are developing a Spring cloud application with microservice architecture and have a self signed certificate.We have written the code and completed the SSL settings in back end successfully. Now we ...
0
votes
0answers
10 views

authenticationEntryPoint is called for every page, despite permitAll();

In my project i need to change authenticationEntryPoint since I am using OAuth 2 which redirect every unauthorized user to login via Google page, I want to make simply sending 403 Forbidden for every ...
1
vote
1answer
11 views

Spring boot security - inMemoryAuthentication not working

Here is my security configuration code: @EnableWebSecurity @EnableGlobalMethodSecurity ( prePostEnabled=true ) @Configuration public class SecurityConfig extends ...
0
votes
0answers
14 views

Vaadin missing SpringSecurityContext in StreamResource callback method

I got a simple StreamResource example where SpringSecurityContext mysteriously disappears when clicking on the download anchor. Basically when download anchor is clicked createInputStream method is ...
0
votes
0answers
7 views

Multiple authentication providers OpenKM

I'm using OpenKM community version. I want to modify security authentication with multiple authentication providers. When a User provide credentials, it will check in LDAP and if it failed then ...
-1
votes
0answers
31 views

Login by URL or by Form

I am developing a Web application that uses Spring security to login. Until now, the login has been done inserting a username and a password in a form. After clicking submit, the controller checks if ...
-1
votes
1answer
19 views

No mapping found for HTTP request with URI. Where am I wrong

I have these files below. I don't what wrong I am doing. I get an error saying No mapping found for HTTP request with URI [/pages/j_spring_security_check] in DispatcherServlet with name 'dispatcher' ...
0
votes
0answers
16 views

After Change legacy application configuration from HTTPS to HTTP Spring Security stopped working

I'm using tomcat 7 and Spring 3.1.0.RELEASE. Before making this change the authentication process works well, after doing it stopped: web.xml Before: <user-data-constraint> <...
0
votes
2answers
27 views

Unauthorized error on Spring Boot Authorization Server /oauth/authorize

I am trying to develop a simple POC for OAuth2 Authorization Server in Spring Boot using @EnableAuthorizationServer and a in-memory client. My Web Security configuration class looks like follows: ...
0
votes
1answer
18 views

Spring-Boot with CustomAuthenticationProvider and CustomPasswordEncoder

Its not clear for me how to glue my CustomPasswordEncoder to the authentication process of spring boot. I define in a configuration that spring boot should use my CustomAuthenticationProvider with my ...
1
vote
0answers
30 views

How to remove webapp name from urls in spring security

I deployed my spring boot webapp to Apache Tomcat. Apache Tomcat sits behind a httpd webserver. I want to access my webapp with www.mydomain.de, which works fine for the most part. I achived this by ...
-1
votes
0answers
12 views

Spring Boot OAuth2 revoke refresh token jwt

I'm trying to revoke the refresh_token but to no avail. All information I see on the internet is like revoking tokens that use JdbcTokenStore, however I'm using JwtTokenStore. Could anyone help? I'm ...
0
votes
0answers
23 views

spring security loadUserByUsername username empty after login url is not used for a few days

@Autowired private BCryptPasswordEncoder passwordEncoder; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .userDetailsService(...
0
votes
0answers
26 views

Spring MVC security configuration problem: Default matcher added to start of list by default (Resolved)

I'm configuring spring security in a project and have run into a weird problem. Here is the code for configuration: http.authorizeRequests() .antMatchers("/assets/**").permitAll() ...
1
vote
1answer
32 views

Spring Boot requestDataValueProcessor Bean Definition Conflict

I try to use SpringWebFluxSecurityin my project, but I got this error when compiling The bean 'requestDataValueProcessor', defined in class path resource [org/springframework/security/config/...
0
votes
1answer
29 views

Spring Security 5 - Bad Credentials at Login despite correct email and password

I have been trying to solve this since a week and tried all posts and still could not get this work. My SecurityConfiguration Class is: @Configuration @EnableWebSecurity public class ...
0
votes
2answers
22 views

Recaptcha with Spring Security

Unfortunately I dont get Recaptcha working for my application on localhost. I followed the introduction on Baeldung. I created a website key and secret for localhost and 127.0.0.1. In my html head ...
0
votes
0answers
19 views

Obtain list of currently logged in users in a Grails 3 application with Spring Security core plugin

I'm running a grails web app (Grails version 3.3.9) with the following two plugins: spring-security-core:3.2.3 and spring-security-ui:3.1.2 I would like to view in a controller the list of users ...
1
vote
0answers
19 views

Spring Security + GWT - Too Many redirects

I am setting up a login page for a simple GWT app using Spring Security. I am trying to keep the login separate from the GWT app. I am new to Spring Security and am having some configuration issues. ...
1
vote
1answer
56 views

How to disable Spring Boot Security

Scenario: Extended the Parent POM into the Child POM. So spring-boot-starter-security got inherited. Normally, if triggered, http://localhost:9000/, the control comes to the Controller class where ...
0
votes
1answer
25 views

Spring Security - Filter Ordering and Multiple HttpSecurity

I want two diffrent http configurations to come in depending on the url i am entering. For example, when i type in "localhost:8080/HQ/test_web" i want this configuration to come in. @Configuration ...
1
vote
1answer
27 views

How to permit single url in spring security

I have two get urls /api/appconsole/app/{appid} /api/appconsole/app/search I want to secure second API but want to permit first one api. below is the websecurityconfig.java file. What ...
0
votes
0answers
27 views

spring-boot security basic remember me functionality doesn't work

i'm new. I use spring boot, mongodb, agularjs. Trying to turn on remember-me functionality. As i understood it should be pretty easy to enable remember me functionality in spring boot just like adding ...
0
votes
1answer
29 views

Spring Security OAuth2 SSO Unauthorized 401 Error

I am quite new to Spring Security and OAuth2 SSO in particular. I am currently trying to test and learn with this sample Spring Boot OAuth2 tutorial: https://spring.io/guides/tutorials/spring-boot-...
0
votes
2answers
22 views

Showing specific content for anonymous users with Thymeleaf Security

I'm struggling with the following. I have a nav-bar and i want to show/hide specific content depending on whether the user is anonymous/role_user/role_admin. Here is my html: <html lang="en" ...
0
votes
0answers
12 views

spring-social: ProviderSignInController: Why signIn(…) with POST only?

Is there a specific reason why a user sign-in with {providerId} can only be initiated with a POST request (to /signin/{providerId})? Why not with a GET request?
0
votes
0answers
21 views

Oauth2 authentication in Angular 6 and spring boot are on different host

I've frontend application is written on Angular 6 and backend app(REST) is written Spring Boot. I need authorization through social network VK. What have I already done? Backend server interceprs ...
0
votes
0answers
28 views

Spring- Security No AuthenticationProvider found for org.springframework.security.oauth2.provider.OAuth2Authentication

I am using authorization_code grant type to generate access token. I am using /oauth/confirm_access path to get approval from user for scope= read. After user approves above scope, auth code is ...
0
votes
3answers
33 views

Java Spring Multiple @Autowired MongoRepository Usages with JWT

The successfulAuthentication function in JWTAuthenticationFilter.java gives a nullpointerexception. Do you see why this would be an issue? Is it a problem with using the same bean for autowiring? ...
0
votes
0answers
16 views

The user is not logged out when using react and spring boot

I am having this error where when I go to the "/logout" url it doesn't delete the session and redirects me to "/" instead of "/login" This is the setup I have Router.js export default (onLogout) =&...
0
votes
0answers
36 views

How to secure specific routes with token and filters?

Context I'm doing an app (REST API) and I try to add some security. Current code So I created two methods : public class Security { private final static String apiKey ="secretkey"; // ...
0
votes
0answers
23 views

Distribute Spring Security Session across micro services [on hold]

I have 4 micro-services connected to each other using Netflix Eureka. All Applications are Spring Boot based. One micro-service also contains web where clients authenticate. I want to distribute ...
0
votes
1answer
24 views

javax.sql.DataSource BeanCurrentlyInCreationException (Circular reference?)

I am working on my Spring Boot application to integrate Spring Security with database authentication. I am fairly new to Spring and I keep getting an exception. I was just following this tutorial ...
0
votes
0answers
11 views

SecurityConfiguration based on profile

I have a Spring application that has the below Security Config: @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(...
-1
votes
0answers
15 views

Spring Security - Authentication and how to define log-in url [on hold]

I know i can define a controller for /login and make logic inside it to see if the stuff the user sent is ok, if so add the authentication to the securitycontextholder and so forth. Something like ...
0
votes
0answers
18 views

Concurrent User Management Using Principal

I am using Principal principal to get the currently logged-in user. When I open one tab-1 and log-in with USER-1's credentials I get the correct Principal. Now I open the second tab-2 and log-in with ...
0
votes
2answers
58 views

Encrypt user credentials in properties file [on hold]

soguha09@gmail.com=soham123,ROLE_USER,enabled This is the users.properties file where "soguha09@gmail.com" is the username and "soham123" is the password. I want to encrypt the username and password.
0
votes
1answer
52 views

Spring Security returns 403 on any request

I created two users with ADMIN and USER roles, but every time i try to login server return 403. WebSecurityConfig : @Override protected void configure(HttpSecurity http) throws Exception { ...
1
vote
0answers
29 views

Multiple authentication provider for specific url - Spring Boot Security

In Spring security I want to use Basic authentication for urls starting with api/** LDAP Rest Authentication for urls starting with /ldap/. The current code i have also allows ldap/ with basic ...
0
votes
1answer
17 views

Decode Spring Boot 2.1 OAuth2 encoded JWT on Resource Server

Trying to upgrade existing resource services from Spring Boot 1.x to 2.x. Spring Security 4.5 is running on the authentication server and encodes JWT tokens like this: @Bean public ...
0
votes
0answers
30 views

Spring Data + SpringBootTest: How to mock SecurityContext for JPA auditing?

In a Spring Boot application I want to test (JUnit 5) the persistence layer with enabled auditing (@EnableJpaAuditing). I use Liquibase to setup a H2 db and Hibernate as the JPA implementation. @...
0
votes
1answer
29 views

how to send an unauthorized response for annotation @CurrentUser

how to send an unauthorized response for annotation @CurrentUser i have annotation @Target(ElementType.PARAMETER) @Retention(RetentionPolicy.RUNTIME) public @interface CurrentUser { boolean ...
-2
votes
0answers
33 views

Spring Boot - Declaring And Ordering Filters

I have 2 filters and i want to secure some endpoints. Lets say i have filterA and filterB. I want to secure the endpoints through the configure() method from WebSecurityConfigurerAdapter. So this is ...
0
votes
1answer
22 views

Used a token to secure API without authentification

Objective When a person creates a resource (no need to connect), she receives a unique token, which she must then transmit to each request she sends for information about her resource. Question ...
0
votes
1answer
24 views

BCryptPasswordEncoder strength [on hold]

I am evaluating the effect of the "strength" parameter, which (using Spring org.springframework.security.crypto package) is passed to BCryptPasswordEncoder constructor as follows: PasswordEncoder ...
2
votes
0answers
44 views

Is it actually bad practice to ignore non-static resources using WebSecurity? [on hold]

Let's say in my Spring Security configuration i would like to allow all OPTIONS requests. To me the simplest way to do this would be the following: @Override public void configure(WebSecurity web) { ...
0
votes
1answer
23 views

Customization of TokenEndpoint in Sprin OAuth2

I would like to provide a custom implmentation of the TokenEndpoint class in Spring framework. Ive copied over the TokenEndpoint class of spring and have made my changes to the required places. But ...
0
votes
0answers
10 views

Spring Security with upload file

"Access denied" when I upload some files using multipartfile. config: http .csrf().disable() .formLogin().disable() .cors() .and() .httpBasic() ...
1
vote
1answer
27 views

What class/method in Spring Security handles redirecting to /oauth2/authorization/{registrationId}? Need to override for container

We're deploying our API in a docker container behind a gateway. Everything behind the gateway is http, not https. As a result, when Spring Security tries to redirect a user to the authorization Uri, ...
0
votes
0answers
19 views

Spring Security Angular Csrf token

i have configured spring security but still unable to send post request via angular: @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() ...

http://mssss.yulina-kosm.ru