spring-security

问题 I try to implement spring security, but I have many roles and privileges, then I want to add the roles dynamically to each other resources. Like it: @Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); //PageRequest p = new PageRequest(0, 1000); List<RolePrivilegeConfig> rolePrivilegesConfig=rolePrivilegeConfigService.findAll(); for (RolePrivilegeConfig rolePrivilegeConfig : rolePrivilegesConfig) { http.authorizeRequests() .antMatchers("/login")

问题 I have the task to implement a accessibility to an Active Directory Federation Services (SSL) with a LDAP behind. At first I have to to say that my experience in ADFS and SAML is very small. I have decide to take the Spring Security SAML Extension to implement this feature. I download and install the SAML extension for the Spring Security project from GIThub: https://github.com/spring-projects/spring-security-saml I found in the official documentation http://docs.spring.io/spring-security

问题 I am working on Spring Security Java-based configuration. I have created my own MyAuthenticationProvider which I want to register in the ProviderManager (single instance of AuthenticationManager ). I have found that ProviderManager has a list of providers to which I can register my single MyAuthenticationProvider . Here is the part of my Configuration: @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired public void configureGlobal

问题 I read some stuff about oauth2 protocol and its concepts like: resource owner resource server authorization server grant types and etc.. Does spring-social use oauth2 protocol? For example if I want to have social login with facebook, what is the role of facebook, appTest,... in oauth2 terms? UPDATE After a considerable amount of searching i found https://www.credera.com/blog/ecommerce/spring-social-alternative-oauth. but i'm still confused about oauth2 concepts authorization server, resource

问题 I am using spring-security 5.2 and in the configuration I write the following http.csrf().disable().authorizeRequests() .antMatchers("/login*", "/js/**", "/css/**", "/vendors/**", "/images/**").permitAll() .antMatchers("/**").authenticated(); The application url is like http://localhost:8080/myApp The problem is when I call the application url the authentication entry point is not invoked. Only when I modify the last line to something like .antMatchers("/main*").authenticated(); and then call

问题 I am using spring-boot-1.5.10 and spring-boot-starter-security. In my microservice, I am exposing API's to the external world and internal microservices. so I would like to 2-kind of security. one for external calls and other for internal calls. I have referred this URL and tried to implement multiple security adapters in my application. But no luck it's always picking the internal one instead of external one, Please find the security adapter for your reference, @EnableWebSecurity public

问题 I am using spring-boot-1.5.10 and spring-boot-starter-security. In my microservice, I am exposing API's to the external world and internal microservices. so I would like to 2-kind of security. one for external calls and other for internal calls. I have referred this URL and tried to implement multiple security adapters in my application. But no luck it's always picking the internal one instead of external one, Please find the security adapter for your reference, @EnableWebSecurity public

问题 My Project has ExtJs as Front end and Spring boot as backend. ExtJs will call spring boot which will respond with JSON. I wanted to prevent clickjacking attack in my project. I have a simple html script, which will just load the website in an iframe.If the website is loaded within iframe, then it means it is not secure.I have added the following flags X-Frame-Options: DENY and Content-Security-Policy: frame-ancestors 'none'; in spring boot REST API response to prevent that.But even then, it

问题 In my spring boot app I want to add link to logout. In template welcome.html: <!DOCTYPE HTML> <html xmlns:th="http://www.thymeleaf.org"> <head> <meta charset="UTF-8"/> <title th:text="${appName}">Template title</title> <body> <h1>Welcome to <span th:text="${appName}">Our App</span></h1> <h2>Dictionaries:</h2> <p><a href="/categories">Categories</a></p> <p><a href="/users">Users</a></p> <p><a href="/logout">Logout</a></p> </body> </html> In my SecurityConfiguration import org.springframework

问题 In my spring boot app I want to add link to logout. In template welcome.html: <!DOCTYPE HTML> <html xmlns:th="http://www.thymeleaf.org"> <head> <meta charset="UTF-8"/> <title th:text="${appName}">Template title</title> <body> <h1>Welcome to <span th:text="${appName}">Our App</span></h1> <h2>Dictionaries:</h2> <p><a href="/categories">Categories</a></p> <p><a href="/users">Users</a></p> <p><a href="/logout">Logout</a></p> </body> </html> In my SecurityConfiguration import org.springframework