spring-security

问题 what is recommended way to create custom pages OAuth Approval page: I have to completely override the stuff on the page, need to add styles, branding etc. What is the right way to achieve that? Where could I see the source of the default page to use it as a starting point? I also need to override the /login page but I think the approach of overriding it is going to be pretty much the same. 回答1: The recommended way is to provide a normal Spring MVC @RequestMapping for the "/oauth/confirm

问题 what is recommended way to create custom pages OAuth Approval page: I have to completely override the stuff on the page, need to add styles, branding etc. What is the right way to achieve that? Where could I see the source of the default page to use it as a starting point? I also need to override the /login page but I think the approach of overriding it is going to be pretty much the same. 回答1: The recommended way is to provide a normal Spring MVC @RequestMapping for the "/oauth/confirm

问题 Has anyone successfully configured Spring Boot OAuth2 with ADFS as the identity provider? I followed this tutorial successfully for Facebook, https://spring.io/guides/tutorials/spring-boot-oauth2/, but ADFS doesn't appear to have a userInfoUri. I think ADFS returns the claims data in the token itself (JWT format?), but not sure how to make that work with Spring. Here is what I have so far in my properties file: security: oauth2: client: clientId: [client id setup with ADFS]

问题 I have Spring Boot (1.2.1.RELEASE) application that serves OAuth2 (2.0.6.RELEASE) authorization and resource server in one application instance. It uses custom UserDetailsService implementation that makes use of MongoTemplate to search users in MongoDB. Authentication with grant_type=password on /oauth/token works like a charm, as well as authorization with Authorization: Bearer {token} header while calling for specific resources. Now I want to add simple OAuth confirm dialog to the server,

问题 I am trying to execute my springboot application by running the jar created with maven and getting below exception which is not getting resolved after so many attempts.Any help or pointers would be appreciated. Thanks in advance. Please find below exception trace. 2016-01-28 11:35:42.034 INFO 3732 --- [ main] Application : Starting Application on DFWLW72RTG262 with PID 3732 (C:\project\RestSpringBoot\target\springboot-0.0 .1-SNAPSHOT.jar started by vaigupta in C:\project\RestSpringBoot\target

问题 To get a basic security feature working, I added following starter package to my pom.xml <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> And added following two properties to application.properties: security.user.name=guest security.user.password=tiger Now when I hit my homepage, I get the login box and login works as expected. Now I want to implement the ‘logout’ feature. Basically, when user clicks on a link, she

问题 To get a basic security feature working, I added following starter package to my pom.xml <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> And added following two properties to application.properties: security.user.name=guest security.user.password=tiger Now when I hit my homepage, I get the login box and login works as expected. Now I want to implement the ‘logout’ feature. Basically, when user clicks on a link, she

问题 I am implementing custom 'AuthenticationProvider'. If not authenticated I am throwing exception inside 'authenticate' function as shown below. public class DelegatingLdapAuthenticationProvider implements AuthenticationProvider { private ActiveDirectoryLdapAuthenticationProvider primaryProvider; private List<ActiveDirectoryLdapAuthenticationProvider> secondaryProviders = new ArrayList<>(); public DelegatingLdapAuthenticationProvider() { } @Override public Authentication authenticate

问题 I am trying to do a really simple basic authentication with Spring Security. I have configured the namespace properly and there are no Exceptions in the server. In my "servlet.xml" I have got the next for Spring Security: <security:http> <security:http-basic></security:http-basic> <security:intercept-url method="POST" pattern="/**" access="ROLE_USER" /> </security:http> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider> <security:user-service>

问题 I have the following classes public abstract class BaseCotroller { @RequestMapping("/m") public String m() { ... } @RequestMapping("/n") public String n() { ... } } @PreAuthorize("hasRole('ROLE_ADMIN')") @RequestMapping("/a") public class ACotroller extends BaseController { @PreAuthorize("hasRole('ROLE_ADMIN')") @Override public String m() { return super.m(); } } @PreAuthorize gets applied for m, but not for n, though it should as @PreAuthorize is specified at the class level. Or do I missed