spring-security

问题 I got stuck trying to add authentication from database. Here is error log: 23-Dec-2015 08:24:32.819 SEVERE [localhost-startStop-1] org.springframework.web.context.ContextLoader.initWebApplicationContext Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityConfig': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: org

问题 I implemented oAuth2 authorization server using Spring Boot version 1.5.2.RELEASE. The authorization server supports implicit flow. With the WebSecurityConfig below the login form (http://localhost:8200/login) works well. @Configuration public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private JpaUserDetailsService userDetailsService; @Bean @Override public UserDetailsService userDetailsServiceBean() throws Exception { return userDetailsService; } @Bean public

问题 I am using Spring security SAML 1.0.3 Release version. I figured out a problem that if we upload a certificate for the IDP it does not get reflected in the Spring SAML. The problem seems to be with MetadataCredentialResolver where there is a cache Map Map<MetadataCacheKey, SoftReference<Collection<Credential>>> cache; It is picking the certificate from the cache and hence the newer uploaded cert is ignored. Is there a way I can reset the cache? 回答1: I think the way to get rid of cache is to

问题 I’m trying to migrate JHipster from using Zuul to Spring Cloud Gateway. JHipster uses Eureka to look up routes and I believe I’ve configured Spring Cloud Gateway correctly to look up routes and propagate the access token to them. Here’s my config: spring: cloud: gateway: default-filters: - TokenRelay discovery: locator: enabled: true lower-case-service-id: true route-id-prefix: /services/ httpclient: pool: max-connections: 1000 The problem I’m experiencing is the access token is not sending

问题 Project: spring-security 5.2 I'm using servlet environment to do service-to-service oauth (like from @Scheduled ). I'm doing password grant for service account (corporate, don't ask me to change this, it's given). This is possibly very long running service. Works fine, but I'm wondering what happens if refresh token becomes invalid (revoked, authrization service restart). From what I understand the RefreshTokenOAuth2AuthorizedClientProvider will fail with exception (the refresh token has been

问题 Why i am getting this error while using GrantedAuthority . 1 CustomUserDetails class. public class CustomUserDetails extends User implements UserDetails { public CustomUserDetails(final User user) { super(user); } @Override public Collection<? extends GrantedAuthority> getAuthorities() { return getRoles().stream().map( r -> { new SimpleGrantedAuthority(r.getRole().name()); } ).collect(Collectors.toList()); } Role class. @Entity(name = "ROLE") public class Role { @Id @Column(name = "ROLE_ID")

问题 I am new to Spring Security OAuth2 using version 2.0.10.RELEASE implementation. I developed code using 'InMemoryTokenStore' and I'm impressed with the way it works (it creates access_token , 'refresh_token' etc..), but I don't have enough understanding on how it works yet. Can anyone please help to know / provide understanding on how it works? Is 'InMemoryTokenStore' the safest implementation from hacking perspective? I also see there are many implementation provided by OAuth2 like

问题 I'm setting up a Resource Server with Spring Boot and to secure the endpoints I'm using OAuth2 provided by Spring Security. So I'm using the Spring Boot 2.1.8.RELEASE which for instance uses Spring Security 5.1.6.RELEASE . As Authorization Server I'm using Keycloak. All processes between authentication, issuing access tokens and validation of the tokens in the Resource Server are working correctly. Here is an example of an issued and decoded token (with some parts are cut): { "jti": "5df54cac

问题 I'm setting up a Resource Server with Spring Boot and to secure the endpoints I'm using OAuth2 provided by Spring Security. So I'm using the Spring Boot 2.1.8.RELEASE which for instance uses Spring Security 5.1.6.RELEASE . As Authorization Server I'm using Keycloak. All processes between authentication, issuing access tokens and validation of the tokens in the Resource Server are working correctly. Here is an example of an issued and decoded token (with some parts are cut): { "jti": "5df54cac

问题 I have the simplest oauth2 client: @EnableAutoConfiguration @Configuration @EnableOAuth2Sso @RestController public class ClientApplication { @RequestMapping("/") public String home(Principal user, HttpServletRequest request, HttpServletResponse response) throws ServletException { return "Hello " + user.getName(); } public static void main(String[] args) { new SpringApplicationBuilder(ClientApplication.class) .properties("spring.config.name=application").run(args); } } I also have the