spring-security

问题 I use spring boot with actuator and I add security configuration: management.port=8088 management.address=127.0.0.1 management.security.enabled=true security.user.name=admin security.user.password=secret management.security.role=SUPERUSER curl -u admin:secret http://127.0.0.1:8088/metrics is OK but with Chrome (http://127.0.0.1:8088/metrics): {"timestamp":1506692938036,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource.","path":"/metrics"}

问题 I am attempting to add BASIC authentication to a RESTful web service that I have created using Jersey/JAX-RS and Tomcat Apache 7.0. In the future I want to deploy this web service on WebSphere so I have chosen to use Spring Security (ver 2.5.6) for my project. My problem is this: though I believe my various xml files are correct and I have added spring.jar to my classpath I am getting the following error when starting the server. SEVERE: Error configuring application listener of class org

问题 How do you configure Spring Security Rest Plugin for Grails 3.x (currently I'm using Grails 3.1.0 RC2). The plugin page says to "Add compile :spring-security-rest:${version} to your BuildConfig.groovy ," but BuildConfig.groovy has been removed from Grails 3.x edit: the docs on the plugin page have been updated 回答1: SO I got this working. First off, the documentation located [here][1] is much more up to date. You need to add the following to build.gradle build.gradle dependencies { //Other

问题 Here is my current setup: I'm exposing a WebClient bean with oauth2 filter: @Configuration class OAuthConfiguration { @Bean("authProvider") fun webClient( clientRegistrationRepository: ClientRegistrationRepository, authorizedClientRepository: OAuth2AuthorizedClientRepository, clientHttpConnector: ClientHttpConnector ): WebClient { val oauth = ServletOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrationRepository, authorizedClientRepository) oauth.setDefaultClientRegistrationId(

问题 I have multiple User Roles in my Java application. Here is my code: private String userAccess[] = new String[]{"/dashboard/**"}; private String dataAccess[] = new String[]{"/dashboard/**", "/data/**"}; private String adminAccess[] = new String[]{"/dashboard/**", "/data/**", "/admin/**"}; @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .authorizeRequests() .antMatchers(publicResources).permitAll() .antMatchers(userAccess).hasRole("USER")

问题 I have 3 different table and every table have users information. (Maybe same username but different password) Also, have 3 different URL for authorization. Is it possible to use multiple UserDetailsService with one configuration and during authorization control which table to use? Here is my configuration code but I can't control which table to use during authorization: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) @Import

问题 I've been using ReactiveAuthenticationManager in Spring Security + Webflux. It is customised to return an instance of UsernamePasswordAuthenticationToken which from what I can tell is an what I should be receiving when I call ReactiveSecurityContextHolder.getContext().map(ctx -> ctx.getAuthentication()).block() . As as far as I can tell I am unable to access the authentication context through both: SecurityContextHolder.getContext().getAuthentication(); or ReactiveSecurityContextHolder

问题 I have configured CAS 4 / Spring Security / Active Directory and able to authenticate successfully. But I have difficulty in to retrieve roles and later use that for authorisation. I have the roles available after the authentication in CAS but I want to pass this to the service (web app) so that it can be used to check the authorisation (for eg. hasRole('ROLE_EDITOR') ) I think I am making some configuration mistake in the below beans which I investigating further. I have shown these

问题 I am trying to do salted password hashing in my Grails + Spring Security application. I have used the tutorials on the Grails site, and also ones I found randomly on the Internet. At the moment, I have everything set up according to this tutorial. However I run into a problem when deploying the application with the following bean declaration in resources.groovy : saltSource(cq.MySaltSource) { userPropertyToUse = CH.config.grails.plugins.springsecurity.dao.reflectionSaltSourceProperty } It

问题 I use spring security, spring, hibernate and jsf authentication work correctly but it always redirects me to the page home.jsf I want to manage the access of users after authentication I want to manage the access of users after authentication if authority = ROLE_ADMIN redirect ves homeadmin.jsf if authority = ROLE_RH redirect ves homerh.jsf if authority = ROLE_EXCUTIVE redirect ves homeex.jsf if authority = ROLE_MANAGER redirect ves homem.jsf if authority = ROLE_GP redirect ves homegp.jsf The