spring-security

问题 I have a controller which has User CRUD operations. @Controller public class UserController { // @TODO need to check whether userId == authUser.id or authUser is admin?? // @PreAuthorize("hasRole('ROLE_ADMIN) or ...???...") @PostMapping("/user/{id}/edit") public boolean editUser(@PathVariable("id") long userId, @RequestBody User newUserObj, @CurrentUser authUser) { // I don't like to always call a helper function from here // check(authUser.getId() == userId); return userService.edit(userId,

问题 I am writing my rest apis using spring boot. And I am trying to maintain user's session on redis server. Redis is up and running on the default port 6379 . I have used the lettuce jar to make connection to the redis server. But seems like my session is not being set on redis server. I try to get the session object set using uuid, and it return something like this 127.0.0.1:6379> get 02978830-2f35-47b7-a367-1f48e40d0ea0 (nil) From redis cli, I am able to set and get the key values. 127.0.0.1

问题 I am writing my rest apis using spring boot. And I am trying to maintain user's session on redis server. Redis is up and running on the default port 6379 . I have used the lettuce jar to make connection to the redis server. But seems like my session is not being set on redis server. I try to get the session object set using uuid, and it return something like this 127.0.0.1:6379> get 02978830-2f35-47b7-a367-1f48e40d0ea0 (nil) From redis cli, I am able to set and get the key values. 127.0.0.1

问题 I am writing my rest apis using spring boot. And I am trying to maintain user's session on redis server. Redis is up and running on the default port 6379 . I have used the lettuce jar to make connection to the redis server. But seems like my session is not being set on redis server. I try to get the session object set using uuid, and it return something like this 127.0.0.1:6379> get 02978830-2f35-47b7-a367-1f48e40d0ea0 (nil) From redis cli, I am able to set and get the key values. 127.0.0.1

问题 I have a website based on spring boot, spring-security, thymeleaf, I also use ajax in some cases. Issue: I am using form login security in spring security. In the browser, after I login I can consume rest API (GET), but using ajax it returns 403 even if my ajax request contains session id in cookies. Security Config: @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/admin/**").hasRole("ADMIN") .antMatchers("/rest/**").hasRole(

问题 How do I fire my method on authentication success? I wanted to update my database column 'last login date'. Looked around on google but still can't understand how it should be done. Here is my spring-security.xml <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema

问题 How do I fire my method on authentication success? I wanted to update my database column 'last login date'. Looked around on google but still can't understand how it should be done. Here is my spring-security.xml <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema

问题 I was trying to enable Spring boot admin server for my application. The default settings work perfectly fine but when I attempt to enable security, I am getting following error: APPLICATION FAILED TO START Description: The bean 'conversionServicePostProcessor', defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class], could not be registered. A bean with that name has already been defined in class path resource [org

问题 I'm trying to integrate external oauth 2 authentication server and resource server. Their configuration requires some additional custom parameters: state - should be uuid, TimeStamp, accessType, also clientSecret should be signed using a combination of all previous params as data. We are using Spring boot, spring security 5.1, Camunda. The catch is I can't directly add params to URI calling method setUserAuthorizationUri cause this method is called only once during initialization 回答1: The

问题 I have a custom logout filter called six times. Twice as soon I try to access the application, twice when I enter username/password and click on 'Login' and then twice again when I click on 'logout'. What am I doing wrong? Configuration: <http auto-config="true" use-expressions="true"> <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN_FUNCTIONS')" /> <intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> <form-login login-page="/login" authentication-success-handler-ref=