spring-security

问题 I'm using Spring-Security 3.2.4 and Spring Boot 1.1.0 (and it's related dependencies versions 4.X). I'm writing a web application that will be run in an embedded tomcat. I'm trying to add two additional filters(not related to Spring security) that one of them will be invoked before the Spring-Security-FilterChainProxy and the other one will be invoked after the Spring-Security-FilterChainProxy. My Spring-Security configuration files: @Configuration @EnableWebMvcSecurity public class

问题 I'm using Spring-Security 3.2.4 and Spring Boot 1.1.0 (and it's related dependencies versions 4.X). I'm writing a web application that will be run in an embedded tomcat. I'm trying to add two additional filters(not related to Spring security) that one of them will be invoked before the Spring-Security-FilterChainProxy and the other one will be invoked after the Spring-Security-FilterChainProxy. My Spring-Security configuration files: @Configuration @EnableWebMvcSecurity public class

问题 I'm using Spring-Security 3.2.4 and Spring Boot 1.1.0 (and it's related dependencies versions 4.X). I'm writing a web application that will be run in an embedded tomcat. I'm trying to add two additional filters(not related to Spring security) that one of them will be invoked before the Spring-Security-FilterChainProxy and the other one will be invoked after the Spring-Security-FilterChainProxy. My Spring-Security configuration files: @Configuration @EnableWebMvcSecurity public class

问题 Is it possible to use JSON Web Encryption(JWE) with Spring Security OAuth2 JWT ? Right now I have a following JwtAccessTokenConverter : @Bean public JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter() { @Override public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) { DBUserDetails user = (DBUserDetails) authentication.getUserAuthentication().getPrincipal(); final Map<String, Object>

问题 I'm using SpringMVC with Thymleaf and Spring-Security. I want to load a page using Thymleaf template and I can load my static resources. I want to load for example a picture located in : static/img/theme/logo.png from template.html Here is what I have : result template.html : body> div layout:fragment="content"> a href="">img src="../static/img/theme/logo.png" alt="Logo"> h1>Hello /div> /body> MvcConfig.java @Configuration public class MvcConfig extends WebMvcConfigurerAdapter { @Override

问题 I have one Authorization server and one resource server. I am creating access token at authorization server and try to use it at Resource server using RemoteTokenServices in oauth2 which hits '/oauth/check_token' internally to authorization server, where it only checks for token existence and its expiry. But it does not check for roles/scopes against endpoint given vs roles/scopes against access_token. @FrameworkEndpoint public class CheckTokenEndpoint { @RequestMapping(value = "/oauth/check

问题 i'm using spring security and AspectJ to log application's behavior. I need to capture a successful login and log it. My spring security configuration: <security:http auto-config="true" authentication-manager-ref="authenticationManager" use-expressions="true"> <security:intercept-url pattern="/login" access="permitAll"/> <security:intercept-url pattern="/loginFailed" access="permitAll"/> <security:intercept-url pattern="/viewUserAccounts" access="hasRole('ROLE_ANTANI')" /> <security:intercept

问题 I am trying to make a web application that we can get an access token in 'password' grant type by just call some http basic request For example When I call http://localhost:8080/demo4ssh-security-oauth2/oauth/token?client_id=mobile_1&client_secret=secret_1&grant_type=password&username=zhangsan&password=123456 I can get the following token {"access_token":"4219a91f-45d5-4a07-9e8e-3acbadd0c23e","token_type":"bearer","refresh_token":"d41df9fd-3d36-4a20-b0b7-1a1883c7439d","expires_in":43199,

问题 I can use Spring Security ACL with permissions on entity but I'd like to know how to test if a user has access to the "create" (bit 2) permission on a class. Something like : aclPermissionEvaluator.hasPermission(auth, clazz, "create") Could someone help me? Thanks in advance 回答1: You can use Spring's SpEL annotations, e.g. @PreAuthorize , and override the hasPermission method of the PermissionEvaluator interface. If you're using bitwise permission masks, and the user's permissions (as an int

问题 first post here, hope im doing right. In a project, we have a scenario where we have a single web application with multiple entities. Currently, the login is managed via default JDBC Spring Security provider, working fine. For a new requirement, we need that each entity can have their own login method (currently 2 methods would be available, the JDBC one, which is the current one, and the second method would be authentication via SAML, with each entity defining their own IdP, but this is