spring-security

问题 I am using spring security, java in application. When the session gets expired, I need to show an alert that the session is over. The box should have an ok button which, when clicked, I want to redirect to login page.where should i put max time out and display alert message after time out. 回答1: Assuming that the session timeout timer is reset once a new page is loaded, you can simply use a JavaScript timeout: setTimeout(function() { if(confirm('session timeout')) location.href = 'login.html';

问题 I want to configure Spring Security to enable both BASIC and DIGEST authentication for the same set of URL's, but it's unclear whether or not this is possible. I see that I need to enable multiple AuthenticationEntryPoint instances to set the appropriate HTTP headers, but I don't see any built in classes to accomodate this. DelegatingAuthenticationEntryPoint comes close, but ultimately it only selects one entry point. I implemented a custom AuthenticationEntryPoint that calls the commence

问题 I want to configure Spring Security to enable both BASIC and DIGEST authentication for the same set of URL's, but it's unclear whether or not this is possible. I see that I need to enable multiple AuthenticationEntryPoint instances to set the appropriate HTTP headers, but I don't see any built in classes to accomodate this. DelegatingAuthenticationEntryPoint comes close, but ultimately it only selects one entry point. I implemented a custom AuthenticationEntryPoint that calls the commence

问题 I am using spring security in my spring boot rest app. Get requests are working fine but POST/PUT/DELETE request are giving "403 Forbidden". Below is my code snippet. UI is in Angular 6 @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserService userService; @Override protected void configure(HttpSecurity http) throws Exception { CustomAuthorizationFilter

问题 I would like to use SpEL to handle method level security. I run into an issue where the data passed to the method is not enough to determine if a user has access. Here is an example @RequestMapping(value = "/{id}", method = RequestMethod.DELETE) @ResponseStatus(HttpStatus.NO_CONTENT) @PreAuthorize("@securityService.isAllowedAccessByCurrentUser(#.id)") public void delete(@PathVariable("id") final Long id) { service.delete(id); } Here, the id variable is the ID of some object. To get the owner

问题 This was my previous SO question Spring Injection not working in different service class @Service("securityService") @Transactional public class SecurityService implements UserDetailsService { protected static Logger logger = Logger.getLogger("service"); @Autowired public RegistrationDAO registrationDAO; public String test(){ logger.debug(registrationDAO.findUserByID(1) ); return "test"; } In above code registrationDAO is not properly injected and give null pointer exception but Now i have

问题 I'm trying to adapt the Spring Security SAML sample application to use a test IDP (provided to me by someone else) instead of ssocircle. Clicking on the "SAML Login" correctly redirects me to the SSO login page of the IDP but after login and redirection back to the sample app I get an exception (apparently during artifact resolution) at the root of which is: org.opensaml.ws.message.decoder.MessageDecodingException: Error when sending request to artifact resolution service. at org

问题 I am using ldap authentication for my Spring boot project and LDAP is succesfully configured as I am able to authenticate existing users but while I am creating a new user it shows error: org.springframework.ldap.odm.core.impl.InvalidEntryException: Can't get Id field from Entry org.springframework.ldap.core.DirContextAdapter I don't know how to generte ID authmatically. Also, I am not able to understand difference between: ldapTemplate.bind(DirContextAdapter obj) ldapTemplate.create

问题 I'm building a self-contained jar with the maven shade plugin (an uberjar) and I get warnings for all the spring-security-crypto classes: [WARNING] We have a duplicate org/springframework/security/crypto/bcrypt/BCrypt.class in ***\.m2\repository\org\springframework\security\spring-security-crypto\3.1.0.RELEASE\spring-security-crypto-3.1.0.RELEASE.jar [WARNING] We have a duplicate org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.class in ***\.m2\repository\org\springframework

问题 I'm using Grails v2.4.2 with spring-security-rest, spring-security-core, and spring-security-ui plugins. I've written a custom UserDetailsService to make the username case-insensitive. All I am doing is simply trying to override UserDetails loadUserByUsername(String username, boolean loadRoles) throws UsernameNotFoundException My com.example.core.CaseInsensitiveUserDetailsService class is defined as: class CaseInsensitiveUserDetailsService extends GormUserDetailsService { /** * Make The