spring-security

问题 I have Swagger set up and working for all of the controllers listed in my application. However, I want it to pick up the Spring Security Logout Endpoint and I cannot find a way to get it to work. As you can see from code snippet below I am specifying a logoutUrl for a user to invalidate their session. I've tried class level annotation markings and method level, but no luck. Any ideas? @Override public void configure(HttpSecurity http) throws Exception { http.addFilter(someFilter()); http

问题 I have two different security configurations for my application. One OAuth2SecurityConfiguration and the other is LdapSecurityConfiguration . In OAuth2SecurityConfiguration I have following security configuration with 2 filteres: @Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .exceptionHandling() .authenticationEntryPoint(authenticationEntryPoint) .and() .authorizeRequests() .antMatchers(OAUTH_ENDPOINT).permitAll() .anyRequest().authenticated()

问题 I see this response when I try to add new post after authorization by admin. I have Basic authorization which based on spring boot security: @Configuration @EnableWebSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter { //...declared fields @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .passwordEncoder(passwordEncoder()) .withUser("user") .password("userpass") .roles("USER") .and()

问题 I see this response when I try to add new post after authorization by admin. I have Basic authorization which based on spring boot security: @Configuration @EnableWebSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter { //...declared fields @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .passwordEncoder(passwordEncoder()) .withUser("user") .password("userpass") .roles("USER") .and()

问题 I see this response when I try to add new post after authorization by admin. I have Basic authorization which based on spring boot security: @Configuration @EnableWebSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter { //...declared fields @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .passwordEncoder(passwordEncoder()) .withUser("user") .password("userpass") .roles("USER") .and()

问题 Currently I´m trying to integrate JWT Authentication in an existing Spring Boot Webflux Project. As a template I used this medium article: https://medium.com/@ard333/authentication-and-authorization-using-jwt-on-spring-webflux-29b81f813e78. If I put the Annotation @EnableWebFluxSecurity inside my WebSecurityConfig the following error occurs: The bean 'conversionServicePostProcessor', defined in class path resource [org/springframework/security/config/annotation/web/configuration

问题 Currently I´m trying to integrate JWT Authentication in an existing Spring Boot Webflux Project. As a template I used this medium article: https://medium.com/@ard333/authentication-and-authorization-using-jwt-on-spring-webflux-29b81f813e78. If I put the Annotation @EnableWebFluxSecurity inside my WebSecurityConfig the following error occurs: The bean 'conversionServicePostProcessor', defined in class path resource [org/springframework/security/config/annotation/web/configuration

问题 My application has currently two types of users: Admin or Normal user. The application has several projects: 100 or more. Per project the user has a different role like project owner, client, etc... I'm now figuring out the best way to put those subroles in place. Because in my services I want to use PreAuthorise("hasRole('OWNER')") so that only the right people can execute an update or whatever. What I was trying now was giving every project a list of users that are working on it with a

问题 My application has currently two types of users: Admin or Normal user. The application has several projects: 100 or more. Per project the user has a different role like project owner, client, etc... I'm now figuring out the best way to put those subroles in place. Because in my services I want to use PreAuthorise("hasRole('OWNER')") so that only the right people can execute an update or whatever. What I was trying now was giving every project a list of users that are working on it with a

问题 Using postman, I can get a list of users with a get request to: http://localhost:8080/users . But when I send a post request to the same address, I get a 403 error. @RestController public class UserResource { @Autowired private UserRepository userRepository; @GetMapping("/users") public List<User> retrievaAllUsers() { return userRepository.findAll(); } @PostMapping("/users") public ResponseEntity<Object> createUser(@RequestBody User user) { User savedUser = userRepository.save(user); URI