spring-security

问题 I have setup Spring Security in my Spring MVC based web application. However due to some external system restriction, I want the user roles to be in lowercase. But when testing locally using In Memory Users, the application allows access only when authenticated user has roles in UPPER_CASE, and gives 403 as soon as I change the roles to lowercase. Is there an such restriction to have roles only in upper-case. I can't find any mention of it in docs ? I also found out about attribute lowercase

问题 I want to use a slightly customized rememberme functionality with spring security (3.1.0). I declare the rememberme tag like this: <security:remember-me key="JNJRMBM" user-service-ref="gymUserDetailService" /> As I have my own rememberme service I need to inject that into the RememberMeAuthenticationFilter which I define like this: <bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> <property name="rememberMeServices"

问题 I am implementing Spring Security SAML with One Login. I have set all the configuration files and meta data is set. I am able to get login work and logout is working if I logoff from the same application I logged in. In this scenario from SAML IDP I get LogoutResponse and Spring Security is able to parse and process it. http://localhost:8080/web/saml/SingleLogout?SAMLResponse=.............. Problem is when I login in two applications, currently I login to One Login admin console, there is a

问题 Is there a way to do that without using a POST request to "j_spring_security_check"? 回答1: I needed the same thing (in my case I wanted to log in a user after they created a new account), so I dug around in the generated RegistrationService and found this is how it is done: import org.springframework.security.providers.UsernamePasswordAuthenticationToken as AuthToken import org.springframework.security.context.SecurityContextHolder as SCH class UserService { /** The authentication provider. */

问题 I would like to implement LDAP authentication for a web application using Spring Boot. Here is my WebSecurityConfig class: @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest() .authenticated() .and() .formLogin(); } @Configuration protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter {

问题 I have a Grails application that is successfully using the latest spring-security-core:2.0-RC4 and spring-security-ldap:2.0-RC2 . Users can login perfectly using grails.plugin.springsecurity.ldap.search.base setting for LDAP login authentication. There is a different setting for the rememberMe userDnBase (mapper) and that setting is: grails.plugin.springsecurity.ldap.rememberMe.usernameMapper.userDnBase The LDAP authentication grails.plugin.springsecurity.ldap.search.base is set to ou=people

问题 This is in continuation of the question, Multiple WebsecurityConfigurerAdapter, I was able to successfully make two WebsecurityConfigurerAdapter work with two different security configurations. Now there are few microservices which have been upgraded to SpringBoot 2 with reactive webflux framework. Here too I want to do the same, where all apis are secured with jwt token and actuator apis are secured using basic auth. Here is my code ActuatorSecurityConfig @ConditionalOnWebApplication(type =

问题 I am using Spring Boot 2.1.1.RELEASE ( spring-security-oauth2 - 2.3.4.RELEASE ). I would like to create a filter with precedence after TokenEndpoint#postAccessToken call. Why ? 'cause in that filter I want to take the token from the tokenStore and add it as a cookie to the response. I would expect that, this will give me what I want: @Override protected void configure(HttpSecurity http) throws Exception { http .(...) .addFilterAfter(new MyFilter(), BasicAuthenticationFilter.class); } But it

问题 im developing a HelloWorld application in Spring nd it works fine. The problem comes when i add the spring security. I m guiding myself by the book Spring Security 3. When deploying drops this. abr 26, 2014 2:41:35 PM org.apache.catalina.util.LifecycleBase stop Información: The stop() method was called on component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/sample]] after stop() had already been called. The second call will be ignored. abr 26, 2014 2:41:35 PM org

问题 im developing a HelloWorld application in Spring nd it works fine. The problem comes when i add the spring security. I m guiding myself by the book Spring Security 3. When deploying drops this. abr 26, 2014 2:41:35 PM org.apache.catalina.util.LifecycleBase stop Información: The stop() method was called on component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/sample]] after stop() had already been called. The second call will be ignored. abr 26, 2014 2:41:35 PM org