spring-security

问题 I'm using Spring security to secure some endpoints in my REST service. here's the security configuration class: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true, prePostEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { // Other methods @Override protected void configure(HttpSecurity http) throws Exception { http .cors() .and() .csrf() .disable() .exceptionHandling() .authenticationEntryPoint(this

问题 I'm using Spring security to secure some endpoints in my REST service. here's the security configuration class: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true, prePostEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { // Other methods @Override protected void configure(HttpSecurity http) throws Exception { http .cors() .and() .csrf() .disable() .exceptionHandling() .authenticationEntryPoint(this

问题 I'm using Spring security to secure some endpoints in my REST service. here's the security configuration class: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true, prePostEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { // Other methods @Override protected void configure(HttpSecurity http) throws Exception { http .cors() .and() .csrf() .disable() .exceptionHandling() .authenticationEntryPoint(this

问题 In a reactive spring webflux service, I have the endpoints configured to be protected by OAuth2 resource server. When I first launch the server, it validates the Bearer tokens properly but after about 30 seconds, the exact same requests begin failing with the following error: error="invalid_token" error_description="This iss claim is not equal to the configured issuer" error_uri="https://tools.ietf.org/html/rfc6750#section-3.1" I've verified that the token is valid and that the iss claim

问题 In a reactive spring webflux service, I have the endpoints configured to be protected by OAuth2 resource server. When I first launch the server, it validates the Bearer tokens properly but after about 30 seconds, the exact same requests begin failing with the following error: error="invalid_token" error_description="This iss claim is not equal to the configured issuer" error_uri="https://tools.ietf.org/html/rfc6750#section-3.1" I've verified that the token is valid and that the iss claim

问题 As to not reveal confidential information, the provider will be replaced by $PROVIDER . The authorization works, but instead of redirecting me to the index, it redirects me to /error . Steps to reproduce Start the application Go on any page, it will redirect me to http://localhost/oauth_login which displays a link login . Click on the link login (which links to http://localhost/oauth2/authorization/$PROVIDER ) Get redirected to http://localhost/error The error page displays the following (I

问题 Is it possible to configure Spring Boot to allow Oauth2 grant types password and authorization_code on the same URL. For example /boot I have done basic authorization configuration as below security: oauth2: client: accessTokenUri: http://UAA/oauth/token userAuthorizationUri: http://UAA/oauth/authorize clientId: ****** clientSecret: ****** resource: userInfoUri: http://UAA/userinfo However all endpoints protected by this configuration use form login and redirect to UAA authorization URL even

问题 My question is a duplicate of Custom annotation with spring security but it went unanswered and I believe there should be a simple solution to the problem. Basically instead of doing: @PreAuthorize("hasPermission(T(fully.qualified.Someclass).WHATEVER, T(fully.qualified.Permission).READ") I would like to do: @PreAuthorize(Someclass.WHATEVER, Permission.READ) or possibly some custom annotation that will wire up easily with spring security This seems much cleaner to me and I would like to be

问题 I have a spring mvc (3.2.5) application with spring security (3.2). I configured my SecurityConfig.class with this method : @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/*").permitAll().and() .formLogin().successHandler(successHandler) .defaultSuccessUrl("/") .failureHandler(failureHandler).failureUrl("/login?error=true") .permitAll().and().logout() .permitAll(); http.authorizeRequests().antMatchers("/resources/**").permitAll()

问题 I am developing an Android app that needs to authenticate with a server application. The server application is a Spring Boot app that uses Spring Security. The server app uses a custom authentication provider to set the Granted Authorities for the user. This is the code that I am using to retrieve the idToken: FirebaseToken firebaseToken = null; try { FirebaseApp app = FirebaseUtil.getFirebaseApp(); firebaseToken = FirebaseAuth.getInstance(app).verifyIdTokenAsync(authenticationToken