spring-security

问题 i am trying to integrate spring security with struts1.2 (using LDAP) in a simple application i have applicationContext-security.xml <beans xmlns="http://www.springframework.org/schema/beans" xmlns:s="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www

问题 Would it be possible to turn off password encoding in Spring Security? If so, how? 回答1: It's a really really bad idea in general, but if you have a use case for it then it is doable. Override the passwordEncoder bean in grails-app/conf/spring/resources.groovy : import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder beans = { passwordEncoder(PlaintextPasswordEncoder) } 来源： https://stackoverflow.com/questions/8465016/spring-security-no-password-encoding

问题 I want to check for different authentication methods for different endpoints. Methods i want to use are x509 and jwt. I need to use only x509 for certain endpoint and use JWT for all other requests. Here's my web security configuration: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Configuration @Order(1) public static class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter{

问题 I'm having trouble finding which package contains @EnableWebSecurity in Spring Security 3.1.3. I've added core, config, web and ldap security packages, but the annotation remains unavailable. Has it been replaced by another annotation? 回答1: I think java config support is not yet released with Spring Security, but available as a separate module in spring-security-javaconfig. See instructions in the linked page about how to include the jar into your maven build. 回答2: I faced the same problem

问题 Taking the suggestion provided here, I've implemented my own RoleVoter classes that extends RoleVoter and the additional check I need to add is that the User, Role, and Organization all line up based on the Organization I have stored in the session. I have the following UserRole class: class UserRole implements Serializable { User user Role role Organization organization .... } And this is my OrganizationRoleVoter class: class OrganizationRoleVoter extends RoleVoter { @Override public int

问题 I have an entity which looks like: @Audited @Data @MappedSuperclass @EntityListeners(AuditingEntityListener.class) public abstract class BaseEntity { public static final long UNSAVED = 0; @Id @GeneratedValue private long id; @CreatedDate @Column(name = "created_at", updatable = false) private ZonedDateTime createdAt; @CreatedBy @OneToOne(fetch = FetchType.EAGER) @JoinColumn(name = "created_by") private User createdBy; @LastModifiedDate private ZonedDateTime updatedAt; @OneToOne(fetch =

问题 I have an entity which looks like: @Audited @Data @MappedSuperclass @EntityListeners(AuditingEntityListener.class) public abstract class BaseEntity { public static final long UNSAVED = 0; @Id @GeneratedValue private long id; @CreatedDate @Column(name = "created_at", updatable = false) private ZonedDateTime createdAt; @CreatedBy @OneToOne(fetch = FetchType.EAGER) @JoinColumn(name = "created_by") private User createdBy; @LastModifiedDate private ZonedDateTime updatedAt; @OneToOne(fetch =

问题 I'm trying to follow this tutorial for spring-security-kerberos I have a keytab with one principal in it: ktutil: rkt http-web.keytab ktutil: l slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 3 HTTP/aulfeldt.hta.nightly@WAD.ENG.HYTRUST.COM This keytab was generated on a the win 2k8 domain controller with this command: ktpass /out http-web.keytab /mapuser aulfeldt-hta-nightly@WAD.ENG.HYTRUST.COM /princ HTTP/aulfeldt.hta.nightly@WAD.ENG

问题 I'm trying to follow this tutorial for spring-security-kerberos I have a keytab with one principal in it: ktutil: rkt http-web.keytab ktutil: l slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 3 HTTP/aulfeldt.hta.nightly@WAD.ENG.HYTRUST.COM This keytab was generated on a the win 2k8 domain controller with this command: ktpass /out http-web.keytab /mapuser aulfeldt-hta-nightly@WAD.ENG.HYTRUST.COM /princ HTTP/aulfeldt.hta.nightly@WAD.ENG

问题 I have manage to create REST API with spring mvc. My purpose was about to protect a resource with JWToken. Now i am trying to write three Test : 1. Get the Token with granted user/password Authentication Fail => test:OK 2. Get the Token with not granted user/password Authentication success => test:OK 3. Get the protected resource without providing the Token => test:fail because my rest service give the protected resource .... Here is my REST controller: @Component @RestController