spring-security

问题 Faced a problem with caching during authorization, I can't figure it out. So that during authorization every time a request is not made to the database, I want to cache the method. At the first request with an empty cache, everything is fine and until the cache is deleted after a time. But while the cache is there, I get 401, because o.s.s.c.bcrypt.BCryptPasswordEncoder: Empty encoded password, the password is empty every time. How to be in such a situation? @Override @Transactional public

问题 To check multiple roles has the method level access I have used @PreAuthorize annotation to check the role @PreAuthorize("hasRole(\"" + AuthoritiesConstants.USER + "\",)" ) How to check multiple roles using @PreAuthorize annotaion? 回答1: You can create a custom annotation to validate many roles and conditions. P.e.: @Retention(RetentionPolicy.RUNTIME) @PreAuthorize("hasRole(T(com.bs.dmsbox.api.constants.RoleConstants).ROLE_AGENT) " + "|| hasRole(T(com.bs.dmsbox.api.constants.RoleConstants)

问题 I want to use the fullcalendar library, using gulp and yarn this is the generated link tag: But I'm getting this error in the console : Refused to apply style from 'http://localhost/bower_components/fullcalendar/dist/fullcalendar.css' because its MIME type ('application/json') is not a supported stylesheet MIME type, and strict MIME checking is enabled. Why I'm getting this and how can I solve it? 回答1: In my case, I found out that I had a typo in css file name. Thus I was trying to import an

问题 I use Spring Boot and Spring Security to create my web project. I want to disable CSRF protection for a specific URL pattern to provide API for Android devices. Using How to disable CSRF in Spring Security 4 only for specific URL pattern through XML configuration and the first method of Spring Boot: enable the CSRF check selectively only for some requests, I wrote the following config: package com.hnu.tutorial.configs; import org.springframework.boot.autoconfigure.security.SecurityProperties;

问题 I use Spring Boot and Spring Security to create my web project. I want to disable CSRF protection for a specific URL pattern to provide API for Android devices. Using How to disable CSRF in Spring Security 4 only for specific URL pattern through XML configuration and the first method of Spring Boot: enable the CSRF check selectively only for some requests, I wrote the following config: package com.hnu.tutorial.configs; import org.springframework.boot.autoconfigure.security.SecurityProperties;

问题 I use org.springframework.security.core.Authentication which has a method: Collection<? extends GrantedAuthority> getAuthorities(); I want to mock it as below: when(authentication.getAuthorities()).thenReturn(grantedAuthorities); with authorities collection: Collection<SimpleGrantedAuthority> grantedAuthorities = Lists.newArrayList( new SimpleGrantedAuthority(AuthoritiesConstants.USER)); And I am using org.springframework.security.core.authority.SimpleGrantedAuthority which extends

问题 I use org.springframework.security.core.Authentication which has a method: Collection<? extends GrantedAuthority> getAuthorities(); I want to mock it as below: when(authentication.getAuthorities()).thenReturn(grantedAuthorities); with authorities collection: Collection<SimpleGrantedAuthority> grantedAuthorities = Lists.newArrayList( new SimpleGrantedAuthority(AuthoritiesConstants.USER)); And I am using org.springframework.security.core.authority.SimpleGrantedAuthority which extends

问题 I have a Spring Boot web application exposing few rest endpoints. I wanted to know how we can enable basic authentication only for selected rest endpoints. Let's say I want only /employee/{id} request to be authenticated and ignore all the other rest endpoints. I am using the following code. My question is will the antMatcher only authenticate the request specified? Currently its enabling authentication for all rest endpoints: @Configuration @EnableWebSecurity public class WebSecurityConfig

问题 I have a Spring Boot web application exposing few rest endpoints. I wanted to know how we can enable basic authentication only for selected rest endpoints. Let's say I want only /employee/{id} request to be authenticated and ignore all the other rest endpoints. I am using the following code. My question is will the antMatcher only authenticate the request specified? Currently its enabling authentication for all rest endpoints: @Configuration @EnableWebSecurity public class WebSecurityConfig

问题 I have a Spring Boot web application exposing few rest endpoints. I wanted to know how we can enable basic authentication only for selected rest endpoints. Let's say I want only /employee/{id} request to be authenticated and ignore all the other rest endpoints. I am using the following code. My question is will the antMatcher only authenticate the request specified? Currently its enabling authentication for all rest endpoints: @Configuration @EnableWebSecurity public class WebSecurityConfig