spring-security

问题 What is the correct way to add my custom implementation of UserDetailsService (which uses Spring Data JPA) to Spring Boot app? public class DatabaseUserDetailsService implements UserDetailsService { @Inject private UserAccountService userAccountService; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = userAccountService.getUserByEmail(username); return new MyUserDetails(user); } } public interface UserRepository extends

问题 How to handle UsernameNotFoundException ? In spring security when username not found the UserDetailsService implementation throws a UsernameNotFoundException . For example like this: @Override @Transactional public UserDetails loadUserByUsername(java.lang.String username) throws UsernameNotFoundException { logger.info("Load user by username: {}", username); User user = userRepository.findUserByUsername(username).orElseThrow( () -> new UsernameNotFoundException("User Not Found with -> username

问题 How to handle UsernameNotFoundException ? In spring security when username not found the UserDetailsService implementation throws a UsernameNotFoundException . For example like this: @Override @Transactional public UserDetails loadUserByUsername(java.lang.String username) throws UsernameNotFoundException { logger.info("Load user by username: {}", username); User user = userRepository.findUserByUsername(username).orElseThrow( () -> new UsernameNotFoundException("User Not Found with -> username

问题 In non reactive applications we could do SecurityContextHolder.getContext().setAuthentication(authentication); to authenticate a request programmatically. What would be the equivalent with Webflux? public class ReactiveServiceAuthenticationFilter implements WebFilter { private final ReactiveAuthenticationManager authenticationManager; public ReactiveServiceAuthenticationFilter(ReactiveAuthenticationManager authenticationManager){ this.authenticationManager = authenticationManager; } @Override

问题 I'm creating a project using SpringBoot2 and VueJS. I'm using a custom JWT token for authorisation. When the user logs in I set a cookie in the response "AUTH_TOKEN=tokenValue". I expected that every call from VueJS (using fetch ) would pass that cookie to SpringBoot, but not all endpoints get the cookie. When I test SpringBoot with RestTemplate and with Postman the cookie is passed just fine and the endpoint works. When I use the VueJS website, the cookie is only passed to endpoints that

问题 Sample project available on Github I have successfully configured two Spring Boot 2 application2 as client/resource servers against Keycloak and SSO between them is fine. Besides, I am testing authenticated REST calls to one another, propagating the access token as an Authorization: Bearer ACCESS_TOKEN header. After starting Keycloak and the applications I access either http://localhost:8181/resource-server1 or http://localhost:8282/resource-server-2 and authenticate in the Keycloak login

问题 I'm implementing OAuth2 authorization using Spring Boot. I have already Authorization Server and Resource Server, now I want to access resources from Resource Server using client_credentials grant type. I'm little confused about it, because in Resource Server I have to add client_id and client_secret . But why Resource Server really need it? As I understand this concept client should get from Authorization Server using client credentials his access token. And then send this access token to

问题 I'm implementing OAuth2 authorization using Spring Boot. I have already Authorization Server and Resource Server, now I want to access resources from Resource Server using client_credentials grant type. I'm little confused about it, because in Resource Server I have to add client_id and client_secret . But why Resource Server really need it? As I understand this concept client should get from Authorization Server using client credentials his access token. And then send this access token to

问题 I'm implementing OAuth2 authorization using Spring Boot. I have already Authorization Server and Resource Server, now I want to access resources from Resource Server using client_credentials grant type. I'm little confused about it, because in Resource Server I have to add client_id and client_secret . But why Resource Server really need it? As I understand this concept client should get from Authorization Server using client credentials his access token. And then send this access token to

问题 I updated an already existing application from Spring Boot 1.3 to 2.0.1. This application makes use of the Actuator and exposes a REST-style API. In Boot 1.3 the API could be used without authentication and the actuator endpoint was configured to be password protected: security.user.name=foo security.user.password=bar security-user.role=ADMIN I updated this like documented in the configuration changelog and renamed the entries from security.user.name to spring.security.user.name and alike.