spring-security

问题 I am using Grails spring security core plugin version 3.0.3. The debug statements when configuring the spring security core framework are printed twice and the filter chain is also initialized twice WARN grails.plugin.springsecurity.SpringSecurityCoreGrailsPlugin - Configuring Spring Security Core ... Configuring Spring Security Core ... WARN grails.plugin.springsecurity.SpringSecurityCoreGrailsPlugin - ... finished configuring Spring Security Core ... finished configuring Spring Security

问题 How can I deny a second log in (with same or different user) to a already authenticated HTTP session? For Form-Login I found following work-arounds: Redirect in Controller Redirect in View Restrict the login page But these work-arounds are not perfect, because I can still access the login-processing-url and execute a second log in. That is a problem for all authentication mechanisms without a login page, like HTTP Basic Authentication and Kerberos. My Java Configuration: @Configuration

问题 After a successful SAML authentication : AuthNRequest;SUCCESS;0:0:0:0:0:0:0:1;https://localhost:8443/saml/metadata;http://www.okta.com/exkdwf3hodKFkefLO0h7;;; The browser is redirected back into an endless loop. I've sat with a debugger stepping through Spring code and looks like it is erroring out in BasicAuthenticationFilter calling SAMLAuthenticationProvider which doesn't support UsernamePasswordAuthenticationToken and throws an exception which in turn sends the browser into an endless

问题 I have errors with OAuth2. I need to retrieve a token to start working with this tool, to protect my resources. I want to integrate it to all my requestmappings. I´ll add the error for authorize and token endpoints. I hope somebody have managed oauth2... many thanks! My OauthServerConfig: @Configuration public class OAuth2ServerConfigAuthorizationServerConfiguration { private static final String RESOURCE_ID = "restservice"; @Configuration @EnableResourceServer protected static class

问题 I understand how and what happens when we use MODE_THREADLOCAL and MODE_INHERITABLETHREADLOCAL in Spring Security Strategy. What I don't understand is, why would someone use MODE_THREADLOCAL over MODE_INHERITABLETHREADLOCAL. Is there a memory impact with using one over the other. If so, is it significant enough? What is a typical business/functional usecase for using MODE_INHERITABLETHREADLOCAL? Any performance different with using one over the other? 回答1: The memory impact of using the two

问题 Closed . This question is opinion-based. It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing this post. Closed 6 years ago . I am working on spring based rest service and looking for the wy to validate custom request header for some methods and not the others. Could You advice what is the best way to achieve this please? Is it possible to achieve it e.g. via custom annotations?: @RequestMapping

问题 In our project JWT token validation and other authorization related logics are done in ZUUL gateway. If zuul succesfully validated the token it will proceed the request to the corresponding microservice In that case, How can i send Principal to other microservices, when JWT authorization has been done from ZUUl gateway . I can of course fetch the token using @RequestHeader(value="Authorization") in controllers of other services. But in order to use @Preauthorize(id,principal) kind

问题 I'm integrating Active Directory authentication in an existing Spring web app. At the moment user details are stored in a DB table and I implemented a custom UserDetailsService to authenticate users. Following several tutorials I implemented Active Directory support via ActiveDirectoryLdapAuthenticationProvider in my application, and it basically works, but I need something more specific. Instead of mapping AD groups to application roles, I need to map AD users to existing users in my web app

问题 With the version of spring-boot 2.0.0.M4 I have this issue: Description: Field userRepository in webroot.websrv.auth.service.JwtUserDetailsServiceImpl required a bean named 'entityManagerFactory' that could not be found. Action: Consider defining a bean named 'entityManagerFactory' in your configuration. [WARNING] java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at ... Caused by: org.springframework.context.ApplicationContextException:

问题 I used this tutorial to implement a custom authentication manager. Login and logout works fine. Now I want to use spring security remember-me authentication. As far as I know, remember-me requires a userDetailService. So I implemented a custom userDetailService . On the login page I added a checkbox with name _spring_security_remember_me . But, remember-me doesn't work. The remember-me cookie is not set after succesful login. I think this is a configuration problem or do I need to implement a