spring-security

问题 I'm using Spring Security (v3.1.3) for X.509 authentication in my web-application. Users and roles are stored in the Database, but I don't actually need to do it, as CNs of client certificates conform to "[ROLE] - [USERNAME]" schema, which means I already have username and role from the certificate itself. So how to eliminate the database without too much effort? Should I write my own implementation of user-service, which will populate UserDetails, or is there more graceful method? 回答1: Yes,

问题 My configuration of Spring Security is @Override public void configure(WebSecurity web) throws Exception { web .ignoring() .antMatchers("/resources/**"); // #3 } Taken from here. The documentation for ignorig says Allows adding RequestMatcher instances that should that Spring Security should ignore. ... Typically the requests that are registered should be that of only static resources. I would like to add some headers to files served from resources. E.g.: Strict-Transport-Security: max-age

问题 My configuration of Spring Security is @Override public void configure(WebSecurity web) throws Exception { web .ignoring() .antMatchers("/resources/**"); // #3 } Taken from here. The documentation for ignorig says Allows adding RequestMatcher instances that should that Spring Security should ignore. ... Typically the requests that are registered should be that of only static resources. I would like to add some headers to files served from resources. E.g.: Strict-Transport-Security: max-age

问题 I have a Spring Boot application utilizing spring-security-jwt and spring-security-oauth2. I've got a custom User object extending UserDetails and a Custom UserDetailsService returning this object from the loadUserByUsername method. But when I utilize the getPrincipal method of the Authentication object and try to Cast to my custom user object, it fails as the principal is returning a string vs my custom user object. My actual goal is to eliminate the trip to the persistence layer on every

问题 I have this problem implementing a custom login authentication using SpringBoot and SpringBoot-Security. I made a Bitbucket repository as reference for this thread (within CustomSecuringWeb branch). Before anything else, most of the comments here follows the Securing a Web Application tutorial. The thing is, I was curious as how could the authentication data is now from the database instead of just memory data (which is very common in production line applications). Throughout the process I

问题 I upgraded our authorization server from Spring Boot 1.5.13.RELEASE to 2.1.3.RELEASE, and now I can authenticate, but I can no longer access the site. Here is the resulting URL and error after the POST to /login. https://auth-service-test-examle.cfapps.io/oauth/authorize?client_id=proxy-service&redirect_uri=http://test.example.com/login&response_type=code&state=QihbF4 OAuth Error error="invalid_request", error_description="At least one redirect_uri must be registered with the client." To

问题 I am using Spring cloud Gateway with Spring security and Keycloak for Access management. I am having an issue getting the access token with spring cloud gateway as the token I am getting doesn't have all the parameters like what I get from the token endpoint in keycloak. When I hit the keycloak token endpoint with all the details: http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token { "exp": 1595310135, "iat": 1595309835, "jti": "0a78d67c-878c-468c-8d03-e003af0350c3", "iss"

问题 I have a Reactive Application with Spring Security integrated, it was created by spring initilizer with mainly thre3 packages(spring boot, spring security and webflux). I was trying to configure the session timeout by following configuration in application.properties : spring.session.timeout=1m after starting the application with mvn spring-boot:run , It can be accessed by http://localhost:8080 and it asked me to login(by default security setting). I can use the username user and the password

问题 I want to replace the default SessionManagementFilter with my own, but I'm running into this 17:31:32,901 ERROR [[/accounts]] Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Filter beans '<accountsSessionManageFilter>' and 'Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=;

问题 I'm currently creating a simple app for a school project, Spring Boot backend and AngularJS frontend, but have a problem with security that I can't seem to solve. Logging in works perfectly, but when I enter a wrong password the default login popup shows up, which is kind of annoying. I've tried the annotation 'BasicWebSecurity' and putting httpBassic on disabled, but with no result (meaning, that the login procedure doesn't work at all anymore). My security class: package be.italent.security