spring-security

问题 On Grails 2.0.3, I installed Spring Security Core and created the User, UserRole and Role objects as per the tutorial: http://blog.springsource.org/2010/08/11/simplified-spring-security-with-grails/ All went fine until I decided to add a second datasource in preparation for accessing objects from a different database. DataSource.groovy looks like this: test { dataSource_product { dbCreate = "update" url = "jdbc:mysql://localhost/products" pooled = true driverClassName = "com.mysql.jdbc.Driver

问题 Can spring boot applications be made with openJDK instead of Oracle jdk? Are there any limitations? 回答1: Yes, no problem reported so far. I'm using openJDK 1.8.0.xx and spring boot 1.5.9 来源： https://stackoverflow.com/questions/49448866/does-spring-boot-application-support-openjdk

问题 I'm using spring OAuth2 and JWT tokens to secure an application. I am extending org.springframework.security.core.userdetails in order to add some additional attributes to the token which can then be used to perform authorization ones an endpoint is called. public class CustomUser extends User { private Set<String> bookIds; public CustomUser(String username, String password, Collection<? extends GrantedAuthority> authorities) { super(username, password, authorities); } public CustomUser

问题 Java 11, Spring Boot 2.1.3, Spring 5.1.5 I have a Spring Boot project in which certain endpoints are guarded by an API key. This works just fine at the moment with this code: @Component("securityConfig") @ConfigurationProperties("project.security") @EnableWebSecurity @Order(1) public class SecurityJavaConfig extends WebSecurityConfigurerAdapter { private static final Logger LOG = LoggerFactory.getLogger(SecurityJavaConfig.class); private static final String API_KEY_HEADER = "x-api-key";

问题 I have requirement for our application where we need to implement Spring SAML within our app to enable federated SSO for one customer. However we need to maintain existing login flow using spring-security for other customer. So my question is can we have two security mechanism for an web application so that it will be treated as multi-tenancy. Can i implement OAuth and SAML in same application. thanks in advance.. 回答1: Yes, you can combine your existing password authentication with SAML. See

问题 I'd like to track when users are logging in to my application. I have some code that I would like to execute right after the user is authenticated. The problem is, I can't figure out where this should be called. Does spring-security have a way to call a method after authentication? 回答1: probably will be usefull for someone... In case of Spring 3, configure security: <security:http use-expressions="true" auto-config="true"> <security:intercept-url pattern="..."/> <security:form-login

问题 We're using spring security 3.0.5, Java 1.6 and Tomcat 6.0.32. In our .xml config file we've got: <form-login login-page="/index.html" default-target-url="/postSignin.html" always-use-default-target="true" authentication-failure-handler-ref="authenticationFailureHandler"/> and our authenticationFailureHandler defined as: <beans:bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler"> <beans:property name=

问题 We're using spring security 3.0.5, Java 1.6 and Tomcat 6.0.32. In our .xml config file we've got: <form-login login-page="/index.html" default-target-url="/postSignin.html" always-use-default-target="true" authentication-failure-handler-ref="authenticationFailureHandler"/> and our authenticationFailureHandler defined as: <beans:bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler"> <beans:property name=

问题 I have the following spring security configuration snippet: http .authorizeRequests() .antMatchers("/tokens").hasIpAddress("10.0.0.0/16") .... This works, but I would also like to grant access to "/tokens" from 127.0.0.1 . I was hoping something along the lines of the following would work, but it doesn't: http .authorizeRequests() .antMatchers("/tokens").hasIpAddress("10.0.0.0/16").hasIpAddress("127.0.0.1/32") .... 回答1: http .authorizeRequests() .antMatchers("/tokens").access( "hasIpAddress(

问题 I am new to spring security. While analyzing the below code change, I could not comprehend why "#post" is used instead of "post" ? Why is the word "post" prefixed with a "#"? post is an object. @PreAuthorize("hasPermission(#post, 'MANAGER') or hasRole('ROLE_MODERATOR')") + @PreAuthorize("hasPermission(#post, 'write') or hasRole('ROLE_MODERATOR')") public void updateFullyPost(Post post) throws AppException; I referred to spring security documentation and found the below. hasPermission(Object