spring-security

问题 The following line doesn't let me visit GET: /api/topics without a bearer token. It works if I apply a token. Am I missing something? Isn't permitAll supposed to do that? .antMatchers("/api/topics/**").permitAll() By the way, I tried with /api/topics** and it didn't work as well. Error: { "error": "unauthorized", "error_description": "Full authentication is required to access this resource" } Result without a token (the broken part). I want it to let me through. Result with a token. It works

问题 I'm trying to implement custom response message using this code: @Component public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException ex) throws IOException { ErrorDetail errorDetail = ErrorDetail.NOT_FOUND; ErrorResponse errorEntry = new ErrorResponse(); errorEntry.setTitle(errorDetail.getTitle()); errorEntry.setCode(errorDetail.getErrorCode()); HttpStatus

问题 I need to access currently logged-in user details (id or email address) in Controller. This is how I am trying to do so right now, and this doesn't work. ApplicationUser is an @Entity in database. UserDetailsService: @Service public class UserDetailsServiceImpl implements UserDetailsService { private ApplicationUserRepository applicationUserRepository; public UserDetailsServiceImpl(ApplicationUserRepository applicationUserRepository) { this.applicationUserRepository =

问题 I'm trying to implement custom response message using this code: @Component public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException ex) throws IOException { ErrorDetail errorDetail = ErrorDetail.NOT_FOUND; ErrorResponse errorEntry = new ErrorResponse(); errorEntry.setTitle(errorDetail.getTitle()); errorEntry.setCode(errorDetail.getErrorCode()); HttpStatus

问题 So, what I'm trying to achieve is role-based authorization using JWT token. This is tutorial that I'm extending: https://auth0.com/blog/implementing-jwt-authentication-on-spring-boot/ Now, my problems starts there: if (user != null) { This is a place where I need to fetch user from database and load its roles. This is not working, and null pointer exception is thrown. I'm sure that there is user in database, and I'm sure that UserService is working - I am using it in different place and works

问题 I need your help for a special usecase, I searched on the internet but didn't found anything that would mach my case. I'm new to keycloak so it may be something easy to do but I failed to resolve it : I have two apps with spring boot security which are connected to the same keycloack. Front-end of both was generated by JHIPSTER. Let's call them app1 and app2. 1st case : I'm connected to app1 and app2 from the same browser, it works well, I can request app1 from app2. 2nd case : I'm connected

问题 I need your help for a special usecase, I searched on the internet but didn't found anything that would mach my case. I'm new to keycloak so it may be something easy to do but I failed to resolve it : I have two apps with spring boot security which are connected to the same keycloack. Front-end of both was generated by JHIPSTER. Let's call them app1 and app2. 1st case : I'm connected to app1 and app2 from the same browser, it works well, I can request app1 from app2. 2nd case : I'm connected

问题 I want to use Spring Boot Security in my project by creating a simple login screen but i get these error even i define a bean for BCryptPassworrdEncoder. The full error is Field bCryptPasswordEncoder in com.mahmut.demoemployee.application.dao.Imp.UserDaoImp required a bean of type 'org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder' that could not be found. Here is my codes. package com.mahmut.demoemployee.application.dao.Imp; //Some imports @Component public class UserDaoImp

问题 I am looking to implement role based security for my REST service. I am using spring-data-rest and have configured a JpaRepository as such: @Repository @RestResource(path = "changesets", rel = "changesets") public interface ChangesetRepository extends JpaRepository<Changeset, Long> { } I would like to attach a @PreAuthorize annotation to the inherited Page<T> findAll(Pageable pageable) method so that a GET requires a specific role. Is there a way to do that? Do I need to provide a custom

问题 I am looking to implement role based security for my REST service. I am using spring-data-rest and have configured a JpaRepository as such: @Repository @RestResource(path = "changesets", rel = "changesets") public interface ChangesetRepository extends JpaRepository<Changeset, Long> { } I would like to attach a @PreAuthorize annotation to the inherited Page<T> findAll(Pageable pageable) method so that a GET requires a specific role. Is there a way to do that? Do I need to provide a custom