spring-security

问题 I've got a web app that uses spring security. I'm wanting to redirect the user back to the same page they were on before log out when they log out. Is there an easy way to do this? 回答1: You can add a new filter in the filter chain of the spring security. That new filer will be applied to the /logout URL. When going trough this filter you can save the current page in a field variable. And when returning through the filter. You can redirect the request to the saved URL. I think this can help.

问题 I am using Spring Secutiry framework in web-application. I have installed an SSL certificate and able to get to my application via https . Now, when I added requires-channel="https" attribute to all intercept-url directive the server responses: Error 310 (net::ERR_TOO_MANY_REDIRECTS) to many connections The spring runs this code every time: 64050 [http-bio-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - / at position 1 of 12 in additional filter chain; firing Filter:

问题 I've been trying to update my project to Spring Security 4.0.0. I think I've read the migration guide quite extensively but even if I can successfully login and navigate through the pages, I get 403 errors on every Ajax requests. Everything is working fine with 3.2.7. This is my "manual login" configuration file: <b:beans xmlns:b="http://www.springframework.org/schema/beans" xmlns="http://www.springframework.org/schema/security" xmlns:p="http://www.springframework.org/schema/p" xmlns:xsi=

问题 I have created custom login form for my spring boot app. In my form integration test, I want to check that received cookies contain JSESSIONID and XSRF-TOKEN . But, I received only XSRF-TOKEN . Here is my test: @RunWith(SpringJUnit4ClassRunner.class) @SpringApplicationConfiguration(classes = Application.class) @WebAppConfiguration @IntegrationTest("server.port:0") public class UserIT { @Autowired private WebApplicationContext context; @Autowired private FilterChainProxy

问题 I am trying to write an application using Spring 3.1.2-Release . App server is Tomcat 7 . When I start the server I get this error : SEVERE: Exception starting filter springSecurityFilterChain org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:553) at org.springframework.beans.factory.support

问题 I am implementing spring security with oauth2 and jwt. the below is my login function function doLogin(loginData) { $.ajax({ url : back+"/auth/secret", type : "POST", data : JSON.stringify(loginData), contentType : "application/json; charset=utf-8", dataType : "json", async : false, success : function(data, textStatus, jqXHR) { setJwtToken(data.token); }, error : function(jqXHR, textStatus, errorThrown) { alert("an unexpected error occured: " + errorThrown); window.location.href= back+'/login

问题 Hi I have implemented Spring security in my spring boot web application with JWT filters. But the default authentication is happening at url http://localhost:8080/login . How to change /login to some url I need like /rest/auth/login ? My WebSecurity class is @EnableWebSecurity public class WebSecurity extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Autowired private BCryptPasswordEncoder bCryptPasswordEncoder; public WebSecurity(

问题 I currently have a server implementation where a javascript front-end connects through the socketio protocol used by Netty-Socketio. The implementation works wonderfully with one flaw. From what I gather, the only way to make the websocket channel aware of the security context of the user is to pass up the JSESSIONID in the handshake, which means putting it on the client page. There is no way this is secure right? It would also mean that since we use an HTTPONLY header (Even more reason this

问题 I'm using Spring Security to secure a webapp. The URLs are secured like this: <security:http entry-point-ref="authenticationEntryPoint"> <security:intercept-url pattern="/" access="ROLE_ANONYMOUS" /> <security:intercept-url pattern="/assets/**/*" access="ROLE_ANONYMOUS" /> ... <security:intercept-url pattern="/**" access="ROLE_USER" /> <security:anonymous granted-authority="ROLE_ANONYMOUS" /> </security:http> I have a filter that needs to redirect the user to a special page under certain

问题 Good morning, I've created a simple Spring Boot WebSocket application. Right now I would like to set some security to it. I've trying some examples but I cannot get it worked. I'm getting error: web browser: >>> CONNECT ${_csrf.headerName}:${_csrf.token} accept-version:1.1,1.0 heart-beat:10000,10000 <<< ERROR message:Failed to send message to ExecutorSubscribableChannel[clientInboundChannel]; nested exception is org.springframework.security.web.csrf.MissingCsrfTokenException\c Could not