spring-security

问题 I'm using Spring 3.0.3 with Spring Security. So, I have fairly lenient restrictions on an app I'm making. I only want to make sure that a person can log in and be authenticated in order to view the app. I don't want to grant roles to every potential user of this app (could be in the 10s of thousands). So, it's been fine to use: <security:intercept-url pattern="/**" access="isFullyAuthenticated()" requires-channel="https"/> But now I want to be able to restrict people from using the app if I

问题 I'm trying to authenticate and then query our corporate LDAP using Spring LDAP and Spring security. I managed to make authentication work but when I attempt to run search I always get the following exception In order to perform this operation a successful bind must be completed on the connection After much research I have a theory that after I authenticate and before I can query I need to bind to connection. I just don't know what and how? Just to mention - I can successfully browse and

问题 I'm trying to authenticate and then query our corporate LDAP using Spring LDAP and Spring security. I managed to make authentication work but when I attempt to run search I always get the following exception In order to perform this operation a successful bind must be completed on the connection After much research I have a theory that after I authenticate and before I can query I need to bind to connection. I just don't know what and how? Just to mention - I can successfully browse and

问题 Im using SpringSecurity 2.0-RC2 and want users to give the possibilty to change their passwords while they are online. My User domain class has the following def beforeInsert() { encodePassword() } def beforeUpdate() { if (isDirty('password')) { encodePassword() } } protected void encodePassword() { password = springSecurityService.encodePassword(password) } To check whether the user was enterering the correct current password i was doing the following in a controller: if

问题 I'm trying to build the front-end part of a project with Angular and a basic REST backend that also handles security. I have very basic knowledge of Spring but haven't really worked with Spring Security. I'm trying to find a way to build a simple REST backend that is secured. I have searched online a lot and the main thing i found was this tutorial: https://spring.io/guides/tutorials/spring-security-and-angular-js/ . After reading it I still don't understand how I should get started. Also,

问题 I am new to Spring Security, so I made a small webapp in order to try it and find a configuration that will be useful for the project I am working on. I am forcing my login page to be accessed via HTTPS, and I need to switch back to HTTP after logging in. In other words: Login page: HTTPS only Other pages: HTTP only I tried several ways but I cannot make it work as I said above. I read the Spring Security FAQ and I see that there is no "natural" way of doing what I want, but I have been asked

问题 I am new to Spring Security, so I made a small webapp in order to try it and find a configuration that will be useful for the project I am working on. I am forcing my login page to be accessed via HTTPS, and I need to switch back to HTTP after logging in. In other words: Login page: HTTPS only Other pages: HTTP only I tried several ways but I cannot make it work as I said above. I read the Spring Security FAQ and I see that there is no "natural" way of doing what I want, but I have been asked

问题 i am trying to implement oauth2 username password flow on spring security but i cant find any documentation and sample code i am going over sparklr and tonr insode oauth2 samples how can i implement it oauth2 2 legged how can i disable login form <form-login authentication-failure-url="/login.jsp" default-target-url="/index.jsp" login-page="/login.jsp" login-processing-url="/login.do" /> <logout logout-success-url="/index.jsp" logout-url="/logout.do" /> <anonymous /> <custom-filter ref=

问题 Is it possible to combine authoryzation and authentication by login basic and by oauth2 in one application? My project is based on jhipster project with simple spring security session login, now i need add oauth2 security for mobile app and it's look like it is not possible. Now i have situation when work one of them, oauth2 ok if WebSecurityConfigurerAdapter had bigger order number than ResourceServerConfiguration. That's mean if oauth security filter is first. I read a lot in stackoverflow

问题 We recently upgraded our application to Spring 3.0 and Spring Security 3.0. Apart of the additional work we want to do is to separate the backend from the front end for various reasons. We plan to use Spring's transparent RMI solution for exposing our services to our front end. However, the way things are designed today both the front and back end's rely on the spring SecurityContext to protect services etc from unauthorized users. From what I understand, the SecurityContext is per JVM? If