spring-security

问题 After successful login spring redirects to /error page with the following content { "timestamp" : 1586002411175, "status" : 999, "error" : "None", "message" : "No message available" } I'm using spring-boot 2.2.4 My config: spring.mvc.view.prefix=/WEB-INF/views/ spring.mvc.view.suffix=.jsp spring.mvc.servlet.load-on-startup=1 spring.mvc.throw-exception-if-no-handler-found=true spring.resources.add-mappings=false @Configuration public class DispatcherContextConfig implements WebMvcConfigurer {

问题 AppConfiguration class package com.access6; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import com.access6.model.Customers; import com.access6.model.Role; @Configuration

问题 We have some endpoints, that are secured and before to access them we're verifying that the jws is correctly. In order to do that, we've defined a SecurityContext that actually persist the Auth pojo and to manipulate it downstream into the controller. The SecurityWebFilterChain config looks like that: @Bean public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) { return http.csrf().disable() .formLogin().disable() .logout().disable() .httpBasic().disable()

问题 We have some endpoints, that are secured and before to access them we're verifying that the jws is correctly. In order to do that, we've defined a SecurityContext that actually persist the Auth pojo and to manipulate it downstream into the controller. The SecurityWebFilterChain config looks like that: @Bean public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) { return http.csrf().disable() .formLogin().disable() .logout().disable() .httpBasic().disable()

问题 I followed this guide Spring boot security + JWT in order to learn how to secure an application using spring boot security and jwt and i am calling the /authenticate api to test login functionality. @PostMapping(value = "/authenticate") public ResponseEntity<?> createAuthenticationToken(@RequestBody User authenticationRequest) throws Exception { authenticate(authenticationRequest.getUsername(), authenticationRequest.getPassword()); final UserDetails userDetails = userDetailsService

问题 I'm implementing JWT auth in my application. Everything works fine, but when I run my already existing @WebMvcTests and check for the returned status code, they all fail with an "Actual :403". This is one of my current test suites: @WebMvcTest(controllers = UserController.class) @ContextConfiguration(classes = {JwtServiceImpl.class}) // custom filter dependency class UserControllerTest { /** * Mocked bean because it's a dependency of the SecurityConfiguration */ @MockBean private

问题 What is the difference between spring-security-oauth2 and spring-security-oauth2-core in spring? Is spring-security-oauth2 substituted by spring-security-oauth2-core? spring-security-oauth2 release link : http://repo.spring.io/release/org/springframework/security/oauth/spring-security-oauth2/ spring-security-oauth2-core release link http://repo.spring.io/release/org/springframework/security/spring-security-oauth2-core/ 回答1: Yes there is a big difference. spring-security-oauth2 (Spring

问题 I am having issues with Single LogOut in CAS. I am using CAS server 4.2.3 and Spring 3.2. My client casified applications are configured on spring security. Followed the following documentation, http://docs.spring.io/spring-security/site/docs/3.2.9.RELEASE/reference/htmlsingle/#cas-singlelogout I have 2 cas client web application. When I logout from one of the cas client web application, and refresh the page in the 2nd cas client application which I already logged in (in the same browser in a

问题 have a little trouble with keycloack and spring security. Here the pom: <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>my.world</groupId> <artifactId>having-fun</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>jar</packaging> <name>having-fun<

问题 I am using Spring Security Oauth2 to secure my Spring Boot REST app. I want to process some operation after a user login success and failure. The problem is each time I send a request with the user bearer token, AuthenticationSuccessEvent is published even the user is already authenticated. This handler is always called: @Async @EventListener( { AuthenticationSuccessEvent.class } ) public void listenAuthenticationSuccessEvent( AuthenticationSuccessEvent event ) { AbstractAuthenticationToken