spring-security

问题 Using postman, I can get a list of users with a get request to: http://localhost:8080/users . But when I send a post request to the same address, I get a 403 error. @RestController public class UserResource { @Autowired private UserRepository userRepository; @GetMapping("/users") public List<User> retrievaAllUsers() { return userRepository.findAll(); } @PostMapping("/users") public ResponseEntity<Object> createUser(@RequestBody User user) { User savedUser = userRepository.save(user); URI

问题 I am new to spring. I am developing a REST api with spring webmvc. For Error Handling I got this link http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html#mvc-ann-rest-spring-mvc-exceptions I have tried to use ResponseEntityExceptionHandler in my project . but whenever my controller throws exception it never reaches to this ResponseEntityExceptionHandler. Following are my code snippet Controller @Controller @RequestMapping("/hello") public class HelloController {

问题 I am new to spring. I am developing a REST api with spring webmvc. For Error Handling I got this link http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html#mvc-ann-rest-spring-mvc-exceptions I have tried to use ResponseEntityExceptionHandler in my project . but whenever my controller throws exception it never reaches to this ResponseEntityExceptionHandler. Following are my code snippet Controller @Controller @RequestMapping("/hello") public class HelloController {

问题 There are multiple versions of the same questions around and none seem to address the issue. I would like to get online users from spring security. I understand we need to Autowire SessionRegistry and use it. But still, it doesn't work. Here is the code. Not sure whether it is due to custom Username, password authentication or due to custom password encoder or something else. Everything seems to be correct. Even getting the current logged in user's data works fine but not logged in user list.

问题 There are multiple versions of the same questions around and none seem to address the issue. I would like to get online users from spring security. I understand we need to Autowire SessionRegistry and use it. But still, it doesn't work. Here is the code. Not sure whether it is due to custom Username, password authentication or due to custom password encoder or something else. Everything seems to be correct. Even getting the current logged in user's data works fine but not logged in user list.

问题 I am implementing a REST API with Spring Boot and I am securing it with JWT and Oauth 2. I have no problems with authentication and producing an access token. When a user makes a request I want to access its JWT token from the controller. @RequestMapping(value = "/users", method = RequestMethod.GET) public List<AppUser> getUsers(OAuth2Authentication auth) { logger.info("CREDENTIALS:" + auth.getCredentials().toString()); logger.info("PRINCIPAL:" + auth.getPrincipal().toString()); logger.info(

问题 I am implementing a REST API with Spring Boot and I am securing it with JWT and Oauth 2. I have no problems with authentication and producing an access token. When a user makes a request I want to access its JWT token from the controller. @RequestMapping(value = "/users", method = RequestMethod.GET) public List<AppUser> getUsers(OAuth2Authentication auth) { logger.info("CREDENTIALS:" + auth.getCredentials().toString()); logger.info("PRINCIPAL:" + auth.getPrincipal().toString()); logger.info(

问题 I am implementing a REST API with Spring Boot and I am securing it with JWT and Oauth 2. I have no problems with authentication and producing an access token. When a user makes a request I want to access its JWT token from the controller. @RequestMapping(value = "/users", method = RequestMethod.GET) public List<AppUser> getUsers(OAuth2Authentication auth) { logger.info("CREDENTIALS:" + auth.getCredentials().toString()); logger.info("PRINCIPAL:" + auth.getPrincipal().toString()); logger.info(

问题 I have the /actuator/ Endpoints (in my case manage ) on Port 6565. Is it possible to disable Security in Spring Boot 2 only for a specific port? At the moment I can only exclude certain paths from security. That would be insecure if I now run Enpoints under the main application port 1337 under /manage/. In the past we used management.security.enabled: false or was that path related too? @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

问题 I am trying to learn Spring Security right now and I have seen many different examples using this. I know what CSRF is and that Spring Security enables it by default. The thing that I am curious about to know is this kind of customization. .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) .and() .authorizeRequests(request -> { request .antMatchers("/login").permitAll() .anyRequest() ....more code What kind of customization does .csrf().csrfTokenRepository