spring-security

问题 I have a stateless Spring application, so I have no use for sessions. I would like to disable everything that has to do with sessions. I have a context.xml Tomcat config, where I have added this: <Manager pathname="" /> Source^: http://tomcat.apache.org/tomcat-6.0-doc/config/manager.html I have also added this to every http block in my spring security xml file: create-session="stateless" disable-url-rewriting="true" Even with these things done, if I manually delete my JSESSIONID cookie, any

问题 If I keep remember-me element in security.xml file and startup a server then I got following error. No UserDetailsService registered....... If I remove this remember-me element then it works fine. How to get rid of this error... <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"

问题 I am using my own MVC implementation and I am not sure, whether the Spring Security isn't designed specifically for the Spring MVC implementation. Is it still okay to use it? It is not clear to me, which parts of Spring Security I should use and which I don't need to. I suppose I don't need the URL filters as I need to validate the access specifically on the URL parameters in my controllers (for instance to check whether User is the owner of the Article ). Something like: if (request.getUser(

问题 I am making a web with Angular 5 and I am getting this error every time I try to do a GET request. I've read tons of tons of answers here and none of them working for me. As I've read it's because I am adding custom headers to this request which needs to be done because I am using Spring Security which I think is causing the problem. This is my current Spring Security config which I've made out of reading questions but still not working, I don't know if I am doing something wrong in it:

问题 I can't get sec:authorize hasRole() to work with the role hierarchy. If I have a user with role ROLE_BOSS which is the parent of ROLE_WORKER, then is false for some reason. In my service classes @PreAuthorize("hasRole('ROLE_WORKER')") does work however. I assumed they both used the same evaluator, so why doesn't the taglib work? Thanks for the help. JSP: <sec:authorize access="hasRole('ROLE_BOSS')"> <p>This shows up.</p> </sec:authorize> <sec:authorize access="hasRole('ROLE_WORKER')"> <p>This

问题 I have the following situation: we have several webapplications, all using Spring Security to do authentication/authorization. We want to create a webservice that will be used by all those webapplications. Communication will hapen over https. I want the security context of the webapp to propagate to the webservice, so that @Secured annotations on methods in the webservice implementation work correctly. I've looked at spring ws security, and have succesfully implemented authentication using

问题 I have the strange problem that after I logged in, I can make one request and after that every following request throws a Spring AuthenticationCredentialsNotFoundException . I have no idea why this is the case. In my LoginService I use my injected AdminAuthenticationProvider to log the user in: public class LoginService { private AuthenticationProvider adminAuthenticationProvider; public LoginService(DSLContext ctx, AuthenticationProvider adminAuthenticationProvider) { this

问题 I'm trying to test this sample application (https://github.com/deeprot/spring-saml-adfs), its a simple Spring SAML Sample application, with my environment, so, I have this error: SEVERE: Servlet.service() for servlet [default] in context with path [/spring-security-saml2-sample] threw exception java.lang.RuntimeException: Key with alias XXXX doesn't have a private key I'm imported the CER file of the IDP system in my KeyStore, but, I dont have a private key for this CER. Any idea? The LOG:

问题 Based on this example https://spring.io/guides/tutorials/spring-boot-oauth2/ I have implemented application with SSO throught Social Networks. In order to improve this approach and store access/refresh tokens in my database I have added oauth_client_token table: CREATE TABLE IF NOT EXISTS oauth_client_token ( token_id VARCHAR(255), token BLOB, authentication_id VARCHAR(255), user_name VARCHAR(255), client_id VARCHAR(255), PRIMARY KEY(authentication_id) ); and extended ClientResources class in

问题 Based on this example https://spring.io/guides/tutorials/spring-boot-oauth2/ I have implemented application with SSO throught Social Networks. In order to improve this approach and store access/refresh tokens in my database I have added oauth_client_token table: CREATE TABLE IF NOT EXISTS oauth_client_token ( token_id VARCHAR(255), token BLOB, authentication_id VARCHAR(255), user_name VARCHAR(255), client_id VARCHAR(255), PRIMARY KEY(authentication_id) ); and extended ClientResources class in