spring-security

问题 im developing a HelloWorld application in Spring nd it works fine. The problem comes when i add the spring security. I m guiding myself by the book Spring Security 3. When deploying drops this. abr 26, 2014 2:41:35 PM org.apache.catalina.util.LifecycleBase stop Información: The stop() method was called on component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/sample]] after stop() had already been called. The second call will be ignored. abr 26, 2014 2:41:35 PM org

问题 I'm adding Spring Security to my already up&running Spring MVC web app, but I haven't been able to play with it yet. I'm stucked with the configuration. I took this page as reference http://www.springbyexample.org/examples/simple-spring-security-webapp.html. The error I get and the other relevant code is the following: Error: GRAVE: Excepción enviando evento de contexto destruído a instancia de escuchador de clase org.springframework.web.context.ContextLoaderListener java.lang

问题 I'm adding Spring Security to my already up&running Spring MVC web app, but I haven't been able to play with it yet. I'm stucked with the configuration. I took this page as reference http://www.springbyexample.org/examples/simple-spring-security-webapp.html. The error I get and the other relevant code is the following: Error: GRAVE: Excepción enviando evento de contexto destruído a instancia de escuchador de clase org.springframework.web.context.ContextLoaderListener java.lang

问题 I have an application in which I use Spring Social Security for authentication and authorization. Unfortunately I am having some problems with mocking Spring Security. It seems that it does not work at all. I have a REST controller that returns 404 Not Found if the identifier of the entity it should return is not available. If the user is not logged in then any page redirects to the social login page of my app. I have read here that the @WithUserDetails annotation would suit me the best. So

问题 Using @EnableGlobalMethodSecurity(prePostEnabled = true) it seems that @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { } @PreAuthorized has no effect: @PreAuthorize("permitAll()") @RequestMapping(value = "/users/change-email", method = RequestMethod.GET) public void changeEmail() { // .. } I have also moved the annotation into the service layer with the same result: @PreAuthorize(

问题 I am using Spring 3.2 Milestone 1 to implement a service with long polling. However for some reason Spring Security (3.1.2) clears the SPRING_SECURITY_CONTEXT immediately after the first deffered result either expires (asynctimeout has been reached and tomcat responds with http.200) or some response is send back to the client. Using Spring Security 3.1.0 this only happens under certain circumstances (HTTPS and client is behind some hardware firewall) but with 3.1.2 it happens always (after

问题 If I understand correctly, when I configured Spring Security an instance of FilterSecurityInterceptor was created automatically. I would like to set the alwaysReauthenticate property to true , but I don't want to create my own FilterSecurityInterceptor or configure my own custom filter chain. Is there a way to do this? Update: May 01, 2012 Based on the comment below I came up with this code, which is working just as desired: public class ForceAuthCheckinator implements BeanPostProcessor {

问题 I have this implementation of a login function on my server following this post basically: @Transactional public void login(String userId, String password) { LOGGER.debug("Login for " + userId); User user = new User(userId, password, true, true, true, true, new ArrayList<GrantedAuthority>()); Authentication auth = new UsernamePasswordAuthenticationToken(user, password, new ArrayList<GrantedAuthority>()); try { auth = this.authenticationProvider.authenticate(auth); } catch

问题 I'm working with Spring-Security and I need to implement my own PermissionEvaluator (following the answer to my other question. However looking at the standard implementation AclPermissionEvaluator here I notice, that the DAO is set via the constructor. If I declare my custom PermissionEvaluator like this: <global-method-security secured-annotations="enabled" pre-post-annotations="enabled"> <expression-handler ref="expressionHandler"/> </global-method-security> <beans:bean id=

问题 I'm working on integrating Spring Security OAuth2 with JWT tokens into a Spring Boot project. My authentication server is configured similar to what is found in this sample project. When the OAuth2 client performs the POST on /oauth/token it is unable to create the access token. The specific error logged is: o.s.s.o.provider.endpoint.TokenEndpoint : Handling error: NoSuchBeanDefinitionException, No qualifying bean of type [org.springframework.transaction.PlatformTransactionManager] is defined