spring-security

问题 I googled and tried lot of variants for some hours but without any success. Please help me to find a solution. Spring version: Spring 3.1 I have login page. Login page depends on URL parameter: /login?code=client1 or /login?code=client2 So client1 and client2 has different login pages. security.xml: <sec:form-login login-page="/login" default-target-url="/start" authentication-failure-url="/login"/> So if user make wrong authentication I show him /login page... But point is I have to show

问题 I have the following declared in my spring security configuration file (http://www.springframework.org/schema/security/spring-security-2.0.1.xsd): <form-login login-page="/login.html" /> What Spring Security does is redirect the user to that page if they don't have the correct authentication credentials. How can I get the url of the page the user was trying to get to? 回答1: Original request is represented by the SavedRequest object, which can be accessed as a session attribute named SPRING

问题 I am using spring boot, and I have enabled the global method security in WebSecurityConfigurerAdapter by @EnableGlobalMethodSecurity(prePostEnabled = true, order = Ordered.HIGHEST_PRECEDENCE) And Below is my controller code @PreAuthorize("hasAnyRole('admin') or principal.id == id") @RequestMapping(value = "/{id}", method = RequestMethod.PUT) public User updateUser(@PathVariable("id") String id, @Valid @RequestBody UserDto userDto) { ....} However, when a non-admin user try to do a PUT request

问题 I want to manually bypass the user from spring Security using the following code: User localeUser = new User(); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(localeUser ,null, localeUser .getAuthorities()); SecurityContext securityContext = SecurityContextHolder.getContext(); securityContext.setAuthentication(auth); // Create a new session and add the security context. HttpSession session = request.getSession(true); session.setAttribute("SPRING_SECURITY

问题 I want to manually bypass the user from spring Security using the following code: User localeUser = new User(); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(localeUser ,null, localeUser .getAuthorities()); SecurityContext securityContext = SecurityContextHolder.getContext(); securityContext.setAuthentication(auth); // Create a new session and add the security context. HttpSession session = request.getSession(true); session.setAttribute("SPRING_SECURITY

问题 I want to manually bypass the user from spring Security using the following code: User localeUser = new User(); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(localeUser ,null, localeUser .getAuthorities()); SecurityContext securityContext = SecurityContextHolder.getContext(); securityContext.setAuthentication(auth); // Create a new session and add the security context. HttpSession session = request.getSession(true); session.setAttribute("SPRING_SECURITY

问题 I want to manually bypass the user from spring Security using the following code: User localeUser = new User(); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(localeUser ,null, localeUser .getAuthorities()); SecurityContext securityContext = SecurityContextHolder.getContext(); securityContext.setAuthentication(auth); // Create a new session and add the security context. HttpSession session = request.getSession(true); session.setAttribute("SPRING_SECURITY

问题 Trying to test to see if a user is logged in I am using the following code: <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %> <sec:authorize access="isAuthenticated()"> YES, you are logged in! </sec:authorize> But I am getting the following erorr? javax.servlet.jsp.JspException: No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags. at org

问题 Can they work together? Some project sample would be great. I have a web-app on Spring3. And i need to implement NTLM. Spring stopped NTLM support in 3rd version. Is there any possibilities to implement it? Looking for a sample project. 回答1: They can be used together. Essentially what you want to do is hook into the SPNEGO protocol and detect when you receive an NTLM packet from the client. A good description of the protocol can be found here: http://www.innovation.ch/personal/ronald/ntlm

问题 How do I add the custom UserDetailsService below to this Spring OAuth2 sample? The default user with default password is defined in the application.properties file of the authserver app. However, I would like to add the following custom UserDetailsService to the demo package of the authserver app for testing purposes: package demo; import java.util.List; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org