spring-security

问题 I'm using spring security 3.1.4 and i would like to limit the number of session per user to 1 but if someone tries to log in it will close the old session and open a new one (instead of not allowing to log in) how can i do this? EDIT: this is what i added to the xmls: web.xml <listener> <listener-class> com.net.filter.session.SessionListener </listener-class> </listener> SessionListener extends HttpSessionEventPublisher security.xml <security:intercept-url pattern="/**" access=

问题 I have 2 applications: Spring Application 1 is client and resource server. Spring Application 2 is authorization server. User will be able to login in Application 1 and access its resources. And I want to implement the following flow: User enter his credentials in login form -> Application 1 will get token from Application 2 using user credentials and its clientId with password grant type -> Access resources of Application 1 with token. The question is if Spring Security 5 supports password

问题 Spring AOP runs everything through proxies which sadly can't be everywhere. For this reason Spring Security's annotations @PreAuthorize , @PostAuthorize , @PreFilter and @PostFilter (also @Secured ) will not be taken into consideration when calls are not going through said proxies. Proxies are created only for singletons ( @Bean s) so We are greatly limited when We want to secure methods on specific objects (such as JPA @Entities ) that are not beans. Proxies also won't be called within

问题 I am writing a RESTful web service ( Jersey running on Tomcat ) that needs to authenticate users' email address, and possibly access their Google Calendar. The plan is that users will be redirected to login to Google via OAuth2 . My web service is already protected by Spring Security . It works fine with basic authentication (i.e. hard-wired list of users and passwords.) If I try to access any of the protected resources I am prompted to login. Now I am trying to wire in Spring Security OAuth2

问题 I am trying to set up multiple WebsecurityConfigurerAdapter for my project where the spring boot actuator APIs are secured using basic auth and all other endpoints are authenticated using JWtAuthentication. I am just not able to make it work together, only the config with the lower order works. I am using Spring Boot 2.1.5.RELEASE Security Config One with JWT Authenticator @Order(1) @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { private static final String[]

问题 I have a Java JSF 2, Spring 3, Hibernate 4 Java EE Application which uses a third party library to authenticate the users. I imported the required CA certs into my JVM, added the third library to the project and configured in web.xml. The library reads the users details from smart card. This whole setup is working and users are taken to the home page by the third party library. Here are my requirements to secure the application. Check one more time if the user exist in the application

问题 I try to understand how the RequestMatcher, AntMatcher and so on are working. I read some posts and understand the basics. Actually I have this simple basic config: @Override protected void configure(HttpSecurity http) throws Exception { http.requestMatchers() //1 .antMatchers("/login", "/oauth/authorize") //2 .and() //3 .authorizeRequests() //4 .anyRequest() //5 .authenticated() //6; I really dont understand the points 1,2 and 3. From my understanding this means requests of /login and /oauth

问题 I'm just creating simple app using spring mvc, gradle, spring security, spring data jpa. Now I would like to test how spring security works, but I have a problem. First I show you little code then I will mention about my problem. Structure: Person.java package com.test.business; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; import javax.persistence.Table; @Entity @Table(name = "person") public class Person { @Id @Column(name = "id") private int

问题 I am a newbie regarding Spring & Spring Security Frameworks and trying to secure a Java EE 7 REST App running on latest stable Glassfish build using Spring Security v3.1.4. Everything is fine but i cannot manage to make 'global-method-security' work ! Here are my configs, any help would be greatly appreciated. web.xml: <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/spring/*.xml </param-value> </context-param> <filter> <filter-name>filterChainProxy<

问题 I am a newbie regarding Spring & Spring Security Frameworks and trying to secure a Java EE 7 REST App running on latest stable Glassfish build using Spring Security v3.1.4. Everything is fine but i cannot manage to make 'global-method-security' work ! Here are my configs, any help would be greatly appreciated. web.xml: <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/spring/*.xml </param-value> </context-param> <filter> <filter-name>filterChainProxy<