spring-security

问题 I have to access one https rest web service(https://example.com) for which certificate has been provided by the client which contains 2 .cer files. I have created keystore.jks and truststore.jks files and imported the .cer files to jks file . by using the below command keytool -genkeypair -alias abcd -keyalg RSA -sigalg garegar -keysize 2048 -storetype jks -keystore keystore.jks -validity 365 -storepass changeit keytool -import -alias abcd -trustcacerts -file free/ca_bundle.cer -keystore

问题 I am using java based spring security configuration in my spring boot application. When user clicks on logout link, user is redirected to the login page. Here, in this case, I need to pass a custom parameter in the logout success url. e.g. when I logout, app is redirected to http://localhost:8080/app/login But I want it to have a parameter like below http://localhost:8080/app/login?idletimeout=true I have created my custom LogoutSuccesshandle for this. I get the param value in the handler and

问题 Using Spring Security 5 oauth I successfully ran through the whole authentication/authorization cycle using Google as OAuth provider, but I am stuck if I use an OAuth provider that I made myself, running on a different application. I'm using the following 2 dependencies: <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-oauth2-client</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-oauth2

问题 I have remember-me implemented in my spring boot app, as I can see cookie is created correctly after login, with proper expiration time etc. But this cookie doesnt survive app restart on my Tomcat server. Scenario is simple. User login with remember me and cookie is available in browser. Then we do app redeploy in Tomcat and now, when user refreshes the app in browser window, he is logged out and cookie is deleted from browser. Shouldn't the cookie survive this and allow automatic login even

问题 Ok guys, I hope you can help me, this is my last attempt. I am quite new to this spring security world and I cant get this to work. I tried many things, followed many tutorials and nothing. The problem is as you saw in the title, make a custom user details service to work. It just not logs in, It appears that the customuserdetailsservice is not being called, as the sysouts are not showing in the console... It works as a charm with spring security in memory features. Below are my codes. Spring

问题 I am trying to implement authentication and authorization in the spring boot(2.2.4) app using spring security(spring-security-starter). Use Case: Based on the username I want to redirect the user for the specific authentication provider If username ends with 'mit.com' Authenticate User using database (I am using hibernate)- For this, I can use spring's UserDetailService If username ends with 'einfochips.com' Authenticate User using SAML 2.0 protocol- Using identity provider like Okta,

问题 I am completely new to spring boot and trying to write Unit test cases but stuck completely and not able to understand how Authentication works. Controller class @PostMapping (path = "/createConcept") @ApiOperation(value = "Composite object with conceptCO with added roles", response = ConceptCO.class) public ConceptCO createConcept( @RequestBody final ConceptFormVO conceptFormVO, @ApiIgnore Authentication authentication ) { ConceptDTO conceptDTO = new ConceptDTO(); BeanUtils.copyProperties

问题 I have spring security + CORS enable into a project that is made with spring webFlux. My problem here is that we accept for example requests from: http://localhost:4200. How I can make that CORS will accept reqs from http://*.localhost:4200 like http://a.localhost:4200, http://b.localhost:4200 ? My CORS config looks like: @Bean @Order(Ordered.HIGHEST_PRECEDENCE) public CorsWebFilter corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();

问题 i have a problem, when i first login i will get {"timestamp":1481719982036,"status":999,"error":"None","message":"No message available"} but second is ok.And if i clear the cache.I fail,too. this is primary code: @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private DataSource dataSource; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth

问题 I'm trying to fix a remember-me related problem. This function was built manually, without Spring Security. Here are some details. I wanted to use Spring Security to implement remember-me functionality, but... We don't have user related data in our DB. The data is only accessible with a 3rd party API. And the API returns the data via cookies. And I don't know how to use this with Spring Security. I'm working on a legacy server without Spring Security. Maybe a bit late to implement Spring