spring-security

问题 I have a following tables User table -username -password -mobile OTP -mobile -otpCode -expiry WebSecurityConfig http.authorizeRequests().anyRequest().hasAnyRole("ADMIN", "USER") .and() .authorizeRequests().antMatchers("/login**").permitAll() .and() .formLogin().loginPage("/login").loginProcessingUrl("/loginAction").permitAll() .and() .logout().logoutSuccessUrl("/login").permitAll() .and() .csrf().disable(); When I attempt login. Spring Security checks User table for username and password . My

问题 I'm currently working on a Oauth2 implementation with Spring Security, and I found many documentations that use ResourceServerConfigurerAdapter along with the WebSecurityConfigurerAdapter . I hope someone can tell me the differences between the two configurations because I really get confused in which configure(HttpSecurity http) method to use since both classes offer one. I've found some similar questions here in stackoverflow but there are not clearly answered. 回答1: From reading the

问题 I'm trying to create a Spring Boot REST application that has to make a remote REST call to another Spring Boot application protected by OAuth2 (with grant type client_credentials). The first application is using the Reactive WebClient to make the call to the second OAuth2 REST application. I've configured the the WebClient with grant_type "client_credentials" (see code below) public WebClient messageWebClient( ClientRegistrationRepository clientRegistrations, OAuth2AuthorizedClientRepository

问题 I am updating user's information like first name and last name and I am getting first name and last name in all the pages for welcome message . I have two controllers one for ajax request mapping and the other for normal request mapping. Normal request mapping controller have this method. In this controller all page navigation is present and some request mapping which are not ajax calls private String getPrincipalDisplay() { GreenBusUser user = null; String userName = ""; Object principal =

问题 I am updating user's information like first name and last name and I am getting first name and last name in all the pages for welcome message . I have two controllers one for ajax request mapping and the other for normal request mapping. Normal request mapping controller have this method. In this controller all page navigation is present and some request mapping which are not ajax calls private String getPrincipalDisplay() { GreenBusUser user = null; String userName = ""; Object principal =

问题 I am updating user's information like first name and last name and I am getting first name and last name in all the pages for welcome message . I have two controllers one for ajax request mapping and the other for normal request mapping. Normal request mapping controller have this method. In this controller all page navigation is present and some request mapping which are not ajax calls private String getPrincipalDisplay() { GreenBusUser user = null; String userName = ""; Object principal =

问题 My service to create Acl is like this: @Autowired JdbcMutableAclService aclService; public void createAcl(AclDTO aclDTO) throws ClassNotFoundException { ObjectIdentity oi = new ObjectIdentityImpl(getClass().getClassLoader().loadClass(aclDTO.getClassPath()), aclDTO.getObjectIdentityId()); Sid sid = new PrincipalSid(aclDTO.getSid()); Permission p = getPermission(aclDTO.getPermissionDesc()); // Create or update the relevant ACL MutableAcl acl = null; try { acl = (MutableAcl) this.aclService

问题 My service to create Acl is like this: @Autowired JdbcMutableAclService aclService; public void createAcl(AclDTO aclDTO) throws ClassNotFoundException { ObjectIdentity oi = new ObjectIdentityImpl(getClass().getClassLoader().loadClass(aclDTO.getClassPath()), aclDTO.getObjectIdentityId()); Sid sid = new PrincipalSid(aclDTO.getSid()); Permission p = getPermission(aclDTO.getPermissionDesc()); // Create or update the relevant ACL MutableAcl acl = null; try { acl = (MutableAcl) this.aclService

问题 As I see Spring Security OAuth2.x project was moved to Spring Security 5.2.x. I try to implement authorization and resource server in new way. Everythin is working correctly except one thing - @PreAuthorize annotation. When I try to use this with standard @PreAuthorize("hasRole('ROLE_USER')") I always get forbidden. What I see is that the Principal object which is type of org.springframework.security.oauth2.jwt.Jwt is not able to resolve authorities and I have no idea why. org.springframework

问题 As I see Spring Security OAuth2.x project was moved to Spring Security 5.2.x. I try to implement authorization and resource server in new way. Everythin is working correctly except one thing - @PreAuthorize annotation. When I try to use this with standard @PreAuthorize("hasRole('ROLE_USER')") I always get forbidden. What I see is that the Principal object which is type of org.springframework.security.oauth2.jwt.Jwt is not able to resolve authorities and I have no idea why. org.springframework