Questions tagged [spring-security]

Spring Security is the Spring Framework's application security solution. Spring security can be used to secure URLs and method invocations. It is widely used to secure standalone web applications, portlets and increasingly REST applications.

0
votes
0answers
12 views

Why is my UserPasswordAuthenticationtToken not being able to be authenticated after Creating a new user?

I'm learning to experiment with Spring Security , and i need some advice and help with the Authentication part. I have implemented a registration form that has the @ModelAttribute of type user and ...
0
votes
0answers
9 views

How to customize the response of a request without a request header?

I can not find where to customize the spring response if the user makes a request without the authentication header. I want respond to the user that the request was made without the header: Normal ...
0
votes
0answers
15 views

“AlreadyBuiltException: This object has already been built” when building “springSecurityFilterChain”

I'm developing a Spring Boot application with Spring Security, and could not get it working in any way. I want to use Spring Security 5, but at this point I don't even know what version I am trying ...
2
votes
1answer
28 views

Spring Boot not returning username using CustomAuthenticationProvider

I have been following Baeldung's Spring 2FA tutorial to implement 2FA. I have created a CustomAuthenticationProvider as instructed, however it's not behaving as expected. The odd thing is that after ...
0
votes
1answer
20 views

Error on @Autowired in custom UserDetails class

data source configuration @Configuration @MapperScan("com.su.api.db.mapper") public class DataConfig { @Bean public DataSource dataSource() { SimpleDriverDataSource dataSource = ...
-1
votes
0answers
11 views

org.springframework.security.core.userdetails.UsernameNotFoundException cannot be cast to org.springframework.security.core.userdetails.UserDetails

public class AppLoginFailureHandler implements AuthenticationFailureHandler { @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, ...
3
votes
1answer
46 views

How can I access JWT claims in Spring API handler methods using Webflux?

I am adding a WebFilter to perform JWT authentication inside of SecurityWebFilterChain. We encode a lot of non-auth related information in the JWT that is needed by many of our API endpoints, so I ...
0
votes
0answers
10 views

How to use ldap authentication without spring boot

I am using spring mvc without spring boot. Currently we are using jdbc Authentication and now we want to use ldap Authentication. I have searched in google but finds all the examples with spring boot. ...
0
votes
2answers
47 views

After adding a Spring Security dependency, the page loads 10 seconds [on hold]

I have a simply Spring Boot application - The really clear project, but after adding a Spring Security dependency, the page loads 10 seconds. Where is the problem? I've been fighting for 2 days and ...
0
votes
1answer
28 views

How can I design the security to have a centralized authenticator using Spring? [on hold]

I want a centralized authenticator for various App. This authenticator must allow me to login with Facebook, Google and with a form (using my local DB). Can I use Oauth2 for Google, Git and Facebook ...
-1
votes
0answers
13 views

How to differentiate same user with multiple access at same time using spring security OAuth2? [on hold]

I have some API for accessing multiple platforms at the same time, I have use Spring Boot with spring security OAuth2 .In my case when I login through the portal and same time I login in application ...
-2
votes
0answers
25 views

Best way to send password to server from Front End [duplicate]

I am trying to develop a simple spring boot application. I want to authenticate users using role and password. When I send username and password from my Angular app using AJAX calls, the password is ...
0
votes
0answers
11 views

How to display login?logout page of spring by angular?

I have a problem when I do log out by post to logout rest of spring, I got status 302 about redirecting to login?logout, but I cannot display this page. I'm using spring default HttpSecurity ...
0
votes
0answers
16 views

Spring Boot Swagger change url for basic auth

I'm searching for a solution to configure a different url for basic auth. I have implemented an auth service where I do all the basic auth spring security stuff with a database. I also implemented ...
0
votes
2answers
19 views

How to tune authenticationEntryPoint behaviour Spring Security

I have Spring Boot 2 based Security Gateway performing OAuth2 authentication sitting before GUI app and back-end. It is configured like @Configuration @EnableOAuth2Client @EnableWebSecurity public ...
1
vote
1answer
23 views

How to fix 403 forbidden in Spring security and Spring data JPA with Jersey rest

I am getting 403 Forbidden from rest api which is using Spring Security's JDBC Authentication. I have written simple restful api using Jersey with Spring boot and tried to implement Spring Security ...
1
vote
1answer
18 views

Facebook Spring OAuth2User does not contain email

I'm trying to implement the signup phase with Facebook of my Spring webapp using Spring OAuth2. I'm following this guide https://www.callicoder.com/spring-boot-security-oauth2-social-login-part-2/ but ...
0
votes
0answers
10 views

GrantedAuthoritiesMapper can't grant authority with oauth2

Overview I configured Spring Security as below. Check user has ROLE_ADMIN at /api/** Grant ROLE_ADMIN to all user I intended that request to localhost:8080/api/** succeed but actually access was ...
0
votes
0answers
7 views

Is it possibile to separate authentication part (using google, facebook and local in my DB) with the authorization part?

I started from this spring example: https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_github and I want to authenticate in this way and then authorize the user already ...
-1
votes
0answers
7 views

how can spring security authentication return a status code?

Please i want spring security to return an http status code and not the login form when a user who is not authenticated tries to acess a url which requires authentication. Is there a way I can go by ...
0
votes
0answers
10 views

Using both classic login page and Oauth2 in same project [duplicate]

My spring-boot project consist both web pages and api endpoints. I want secure my web pages with basic spring security in memory authentication. Moreover, I want to use Oauth2 for /api/** endpoints ...
0
votes
1answer
16 views

Testing Method Security, how to test @PreAuthorize(“#user.id != authentication.principal.id”)?

I am trying to test a method in my UserController named update which looks like the following: @RequestMapping(path ="/update", method = RequestMethod.PUT) @PreAuthorize("#user.id != authentication....
0
votes
0answers
17 views

How to mock user in Spring Security only for part of the test?

I have an integration test that calls two endpoints. I would like to have mock user for first endpoint but not for the second. When I put @WithMockUser then mock user is added for the whole context of ...
0
votes
0answers
17 views

Using different authentication methods for different clients

I have 2 clients and I want to have them to have different authentication logic one is for corporate clients and one is for residential. Meaning the SampleClientId should go and authenticate the user ...
0
votes
0answers
18 views

How can logout Instagram after got token in java

I read Instagram API doc and i got code , then used code to get access token and user data as show in below code final RestTemplate restTemplate = new RestTemplate(); final HttpHeaders ...
0
votes
0answers
20 views

why do i have to handle authorization code grant manually in spring boot oauth

I have created an authorization server using spring boot which stores user details and client details in a database. and the client application that I created stops with the authorization_code at ...
0
votes
0answers
17 views

Spring OAuth2 SSO preflight request handling

I am studying Spring OAuth and got some troubles with CORS and preflight requests, probably someone could help me. As a base I took example project from "Cloud Native Java" book: https://github.com/...
0
votes
1answer
36 views

How to fix authentication postgresql error? [on hold]

I added spring security to my application, previously I used spring security with inMemoryAuthentication, after that i choose to change it to database authentication. Now i have problem with not ...
0
votes
0answers
16 views

How to use wildcard in the middle in Spring Security pathMatchers?

I would like to permit access to any id in my path. Problem is that id is in the middle of my path: .pathMatchers("/devices/{id}/register").permitAll() Is there any way to specify such wildcard in ...
0
votes
0answers
9 views

How do I implement OpenID connect in a Spring Security Authorization Server?

I've got an Authorization Server running using Spring boot security and spring-security-oauth2-autoconfigure shim jar. I would like to implement the openid scope and provide identity tokens back to ...
2
votes
0answers
20 views

Create a Vaadin Request Handler that handles the request before Spring Security gets a chance

So we're aiming to migrate an application from Thorntail to Spring Boot. One issue is that we're using Vaadin 8 for legacy reasons. The app provides password-less login suport (as in login-by-link). ...
0
votes
1answer
18 views

How to submit jwt token to Spring Security with ReactJs?

I have secured my API-endpoints of my Spring Boot Application with Spring Security. On login, I generate a new jwt token and submit it to the user. On data requests, I expect the user to submit the ...
0
votes
0answers
15 views

Spring Security can't implement two authentication mechanisims that work in parallel

I want to implement the following the scenario with spring security. SCENARIO: In my application there is a user model which has the role "ROLE_USER". Now I want to offer a login to my application ...
0
votes
1answer
40 views

SpringBoot 2.1.5.RELEASE - Thymeleaf - Login Page

I have a basic SpringBoot 2.1.5.RELEASE app. Using Spring Initializer, JPA, embedded Tomcat, Thymeleaf template engine, and package as an executable JAR file. I had this Thymeleaf template that works ...
0
votes
1answer
37 views

How to authenticate user if I have token? [on hold]

What I have? Spring, Spring Boot. I have spring security and roles. Some pages are public, some pages are private. I have login page to authenticate users. I can generate valid token. I have User ...
0
votes
1answer
47 views

How can I test my JwtAuthentication class using JUnit & Mockito? [on hold]

I can test my JwtTokenAuthenticationFilter class. How can I write the test cases of this class using Mockito & JUnit? I can Only test this class. I don't understand how I can mock the class. ...
0
votes
0answers
15 views

Java Spring can not forward request

I have a spring boot application with spring security implemented. Here I use two different auth mechanisms. One with a form for browser login and one only with basic auth for mobile login. These a ...
0
votes
0answers
11 views

How does spring sso authentication with oauth2 work?

I've set up 2 oauth2 client Spring Boot 2 web applications running on different ports and an authorization server. If I authenticate on one web application, I can then go and access a secured ...
0
votes
0answers
44 views
+50

How to configure Grails 3 + Spring Security to use multiple entry points, user domains

I'm having difficulty correctly configuring spring security in a Grails 3 experiment (https://github.com/davebrown1975/grails-multientrypoint-security) to utilise 2 distinct User domains, in this case ...
0
votes
2answers
33 views

How to redirect, with Spring Security, a logged user to his front page and a non logged one to a different one

I'm doing a Spring web-application project as a final project for school. We use SpringBoot with Hibernate and an H2 database. In order to authenticate and authorize, we use Spring Security. We also ...
0
votes
0answers
19 views

Migrating spring j_spring_security_check to login

Following the tutorial: https://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html I have replaced in my login.jsp: <form name="login" action="<c:...
0
votes
1answer
12 views

How to bypass the authentication process of Ldap while accessing in-memory database

I have developed a login page where a user can be a user from active directory(LDAP) or a local user from file based H2 database or a user from configuration file whose credentials are already stored ,...
0
votes
1answer
18 views

Spring Security Filter order per url

I have two filters that process my httpRequest and adds headers and data. I want to apply my filters in a certain order of execution. So I ve tried : @Component @Order(1) public class FirstFilter ...
0
votes
0answers
15 views

Configure communication between multiple OAuth2 authorization servers and a single resource server

I'm currently setting up a single resource server that will be validating access tokens from various authorization servers. Spring security (using the Okta security starter with this as well) seems ...
-1
votes
0answers
19 views

adding spring-boot-starter-security makes calls Unauthorized

Why when I add spring-boot-starter-security to my dependencies I got Unauthorized calls for my calls ? The dependency: <dependency> <groupId>org.springframework.boot</...
0
votes
0answers
19 views

AclClassIdUtils : Unable to obtain the class id type

I have integrated configuration code for ACL on a permission level for my entities. Everything works fine and it even checks if a user holds a particular permission and denies/allows access based on ...
2
votes
1answer
38 views

Spring Method Security causes Null values for autowired objects

I've played a bit with spring securities method security and got a very strange behavior. I have several controller classes and the methods are annotated with @PreAuthorize to restrict access for ...
0
votes
0answers
20 views

get client user id(windows login id) in spring without browser login authentication

I am new to the spring framework, currently developing the web application. this application should automatically take the client's windows user id without any browser authentication(while accessing ...
0
votes
0answers
14 views

Login using ldap from reactjs app failing

I am trying to login from my Reactjs Application to Spring boot ldap(Authentication). Though it's working but sometimes I am getting 401 Authentication error but in catch block which is weird. ...
0
votes
0answers
29 views

How to make multiple WebSecurityConfigurerAdapters work together?

I have two configuration files in two different projects First one: @Configuration @Order(2) public class SecurityConfig { /**адрес сервера LDAP*/ @Value("${ldap.server}") private ...

http://mssss.yulina-kosm.ru