spring-security

问题 This is my Spring Boot 1.5.1 Actuator application.properties : #Spring Boot Actuator management.contextPath: /actuator management.security.roles=R_0 This is my WebSecurityConfig : @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Value("${logout.success.url}") private String logoutSuccessUrl; @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off

问题 Is there a way that I can create my own custom login page and send the data to login controller of spring security plugin. I currently see my code redirecting directly to the default login page of spring security plugin. 回答1: The 2.0 plugin comes with its own auth.gsp page, so if you create your own (either modify the plugin's or create your own) and put it in grails-app/views/login/auth.gsp it will be used. In 1.2.x the auth.gsp is in your app source, so edit it there. If you want to further

问题 I want to deal with Spring Security SAML. For this, I start to explore Spring Security SAML. At the beginning, I create an account at SSOCircle. Than I configurated of IDP metadata and generation of SP metadata (4.2.2 and 4.2.3). At entityId I set: <bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter"> <constructor-arg> <bean class="org.springframework.security.saml.metadata.MetadataGenerator"> <property name="entityId" value="http://idp

问题 Spring 3.1 Tomcat 6.* I'm working on making a Spring 3.1 webapp, authenticating with LDAP. I tested the LDAP credentials (username, password, ldap URL, search pattern ) with a JNDI styled Java program I wrote (quoted below ). That program worked, dumped all of the users attributes, including the password, which seems to be encrypted on the LDAP server. When I try to login with the same credentials in Spring 3.1 I get the error message "Bad Credentials". I got this message in the logs: DEBUG

问题 We have a Spring web application created using Spring MVC 3.0 In the same application, we have created RESTful web services using Springs's REST API. Now we need to secure those web services. How do we do this in spring? Can we use spring security for this? If not what are the other options? Thanks. 回答1: It really depends on the level of security you want to impose. You could just use simple web.xml based access control with realms, usernames and passwords. Security of your webservices is

问题 We already have an OAuth2 authorization server set up, so I need to create a corresponding resource server (separate server). We plan to use the Spring Security OAuth2 project. Their documentation for setting up a resource server: https://github.com/spring-projects/spring-security-oauth/wiki/oAuth2#resource-server-configuration token-services-ref should point to the token-handling bean. However it seems like the token handling is done by the server itself even though it is the resource server

问题 I try to make simple login codes with spring boot security. First, this is the application.properties codes which includes login query. server.error.whitelabel.enabled=FALSE spring.datasource.driver-class-name=com.mysql.jdbc.Driver spring.datasource.url=jdbc:mysql://localhost/test?characterEncoding=utf8&serverTimezone=UTC spring.datasource.username=root spring.datasource.password=password spring.queries.users-query=select user_name, password_hash, id from users where user_name=? spring

问题 Please give a hint in Spring Security, how can I check additional parameters during user login. For example, to check not only "username" and "password", but also if he confirmed his registration with email link; All data is stored in DB and i can get it easily with my implementation of UserDetailsService; But how to make the security service to pay attention to the additional parameter "isValidated"? I'm using Spring 3.2.0 now; 回答1: One way to achieve this is to create a custom

问题 Please give a hint in Spring Security, how can I check additional parameters during user login. For example, to check not only "username" and "password", but also if he confirmed his registration with email link; All data is stored in DB and i can get it easily with my implementation of UserDetailsService; But how to make the security service to pay attention to the additional parameter "isValidated"? I'm using Spring 3.2.0 now; 回答1: One way to achieve this is to create a custom

问题 I have created the Spring Authorization Server which issues JWT-s and a Resource Server which checks the JWT, its claims and permissions on the Authorization Server. To do so, I have followed this article. My question is why I need to send the Authorization header with HTTP Basic authorization and Base64 encoded username/password (ClientId:ClientSecret) in get token request? I have seen JWT implementations where only username and password are required. 回答1: It is part of the specification,