security-context

问题 One thing that I've always hated more than just about anything in MS SQL Server is the way that security works. The security context constantly switches if you look at the server funny and it's often very hard (for me anyway) to predict or debug. In dealing with an issue today, I though, "I wish I could just add a line to my code that would display the security context that SQL Server is using when this code runs." Does such a command exist? For example, SELECT security_context() To be a

问题 In my spring application, I would like that a SecurityContext always holds an Authentication . If it's not a regular UsernamePasswordAuthenticationToken , it will be a PreAuthenticatedAuthenticationToken describing the "system user." This has reasons within different system function which requires a user. To avoid a special treatment if there is no user context, I merely want to add the system context. IMHO, this has also to do with the single responsibility principle. To achieve this, I can

问题 I did exactly the answer from this post but the token property is null and the user is correctly logged in and the route is behind a firewall. Also, I am injecting the SecurityContext in other services and it works fine. services.xml : <service id="tc.extensions.relation_helper" class="TC\CoreBundle\Extensions\RelationHelperExtension"> <argument type="service" id="security.context" /> <tag name="twig.extension" /> </service> My extension: class RelationHelperExtension extends Twig_Extension {

问题 I did exactly the answer from this post but the token property is null and the user is correctly logged in and the route is behind a firewall. Also, I am injecting the SecurityContext in other services and it works fine. services.xml : <service id="tc.extensions.relation_helper" class="TC\CoreBundle\Extensions\RelationHelperExtension"> <argument type="service" id="security.context" /> <tag name="twig.extension" /> </service> My extension: class RelationHelperExtension extends Twig_Extension {

问题 I use such code for authentication: @PreAuthorize("isAnonymous()") @RequestMapping(value = "/login", method = RequestMethod.POST) public String doLogin(HttpServletRequest request) { try { Authentication req = new UsernamePasswordAuthenticationToken(request.getParameter("name"), request.getParameter("password")); Authentication result = authenticationManager.authenticate(req); SecurityContextHolder.getContext().setAuthentication(result); logger.debug("Success login"); logger.debug

问题 I'm seeing some strange behaviour when using stateless token-based authentication on a rest API written using Spring Boot. The client includes a JWT token with each request, and a custom filter I've written that extends GenericFilterBean adds an Authentication object based on the claims in the token to the security context using the following : SecurityContextHolder.getContext().setAuthentication(authentication); And clears the context after processing the request by doing :

问题 I developing a stateless REST API that makes use of token based authentication, where I'm manually adding an Authentication object to the security context by calling SecurityContextHolder.getContext().setAuthentication(authentication) from within a custom security filter. I've been experiencing problems with the context not being set correctly which I believe is due to this : Storing the SecurityContext between requests In an application which receives concurrent requests in a single session,

问题 How to start a thread in the security context of a different user? When a process starts a thread normally the security context is also passed but how to launch a thread in a different security context with the principal of a different user? 回答1: I believe that you can just set the CurrentPrincipal as first operation of the thread code after the thread has started, and only then begin to execute the code which is supposed to run with the other principal. This should take care of any .NET role

问题 I'm still playin with Wildfly-9.0.1.Final and JAAS (see my previous question Wildfly and JAAS login module) in a web application that use a BASIC auth-method . While my custom login module works I got some problems about authorization. I use a RESTeasy RESTFul web service with annotation to test, here is the code: package it.bytebear.web.mongo; import it.bytebear.web.mongo.jaas.MongoModuleCallbackHandler; import it.bytebear.web.mongo.model.User; import java.security.Principal; import java

问题 So i have following code: SecBuffer input_buffers[2]; SecBuffer output_buffers[2]; ULONG context_attributes; /* we need to try and perform the second (next) step of the init */ input_buffers[0].cbBuffer = tls_io_instance->received_byte_count; input_buffers[0].BufferType = SECBUFFER_TOKEN; input_buffers[0].pvBuffer = (void*)tls_io_instance->received_bytes; input_buffers[1].cbBuffer = 0; input_buffers[1].BufferType = SECBUFFER_EMPTY; input_buffers[1].pvBuffer = 0; SecBufferDesc input_buffers