spring-security

问题 I am very new to java spring security, and was following the Spring.io tutorial guide. As part of this, I edited the WebSecurityConfig class as required: @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/", "/home").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .permitAll() .and() .logout()

问题 Good Day. I've created a PrimeFaces 5 project (JSF 2.2) which makes use of Spring Security 4. I'm attempting to make use of p:dataTable control with single selection enabled, which through an ajax call, updates a p:pickList control. The problem is related with Spring Security. If I deactivate the security of the page where my page controls are located (admin.faces), the ajax behavior works fine. But if I activate security, I get 403 status codes and the pickList doesn't get updated. I must

问题 Good Day. I've created a PrimeFaces 5 project (JSF 2.2) which makes use of Spring Security 4. I'm attempting to make use of p:dataTable control with single selection enabled, which through an ajax call, updates a p:pickList control. The problem is related with Spring Security. If I deactivate the security of the page where my page controls are located (admin.faces), the ajax behavior works fine. But if I activate security, I get 403 status codes and the pickList doesn't get updated. I must

问题 I have searched for a couple of hours for a way to do this but couldn't find anything similar. I am new to Spring framework. I have created a small app with a login form but no registration form. In order to log in I used the in memory function of the Spring framework. Now I wanted to actually be able to add users to the DB and log in with the users that exist from the actual database without having to create a register form. So the best way to do that was to add a .sql file with the user

问题 I am implementing a SOAP client using Spring Boot for the below configuration to connect with third party web server. Below is my WS-security outgoing configuration used with SOAPUI Client. and timestamp and username configuration is as follows I have written Wss4jSecurityInterceptor for the above configuration which is as follows. @Configuration public class Config { private static final Logger LOGGER = LoggerFactory.getLogger(Config.class); @Bean public Jaxb2Marshaller marshaller() {

问题 I am trying a develop a spring boot rest API with JWT authorization using spring security. I want all of my request to go through the filter to validate the JWT token except for the /authenticate request which should generate the jwt token. But with the below code, the /authenticate request is also getting intercepted by the filter due to which its failing with 401. Please let me know what am I missing in the below code. JwtTokenFilter class @Component public class JwtTokenFilter extends

问题 I am trying a develop a spring boot rest API with JWT authorization using spring security. I want all of my request to go through the filter to validate the JWT token except for the /authenticate request which should generate the jwt token. But with the below code, the /authenticate request is also getting intercepted by the filter due to which its failing with 401. Please let me know what am I missing in the below code. JwtTokenFilter class @Component public class JwtTokenFilter extends

问题 I want to make a config file to configure TLS and Oauth2 in my SecureConfig.java The tls config: @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().authenticated().and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.NEVER); } The Oauth2.0 config: @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .requiresChannel() .anyRequest() .requiresSecure(); } What is the better way

问题 I want to make a config file to configure TLS and Oauth2 in my SecureConfig.java The tls config: @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().authenticated().and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.NEVER); } The Oauth2.0 config: @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .requiresChannel() .anyRequest() .requiresSecure(); } What is the better way

问题 There are two scenarios for 401 Unauthorized response: Token Expired (received from request header) When token expires, It send default spring security exception in response. Token not found (not received in request header) Custom Response It send custom response, using AuthExceptionEntryPoint class. How can i prepare same response into (1)Token Expired that i am sending in (2)Token not found? Following are the configuration: webSecuritycofig.xml <?xml version="1.0" encoding="UTF-8"?> <beans