spring-security

问题 I'm trying to add method level security to my open source project using annotations and spring-security. The problem I'm now facing are findAll methods especially the ones for Paging (eg. returning a page). Using @PostFilter works on Lists (but I personally believe its not a good idea to filter in application and not database) but completely fails on paging queries. This is problematic because I have an Entity containing List<Compound> . There are different implementations of compound and a

问题 I have a basic SpringBoot app. using Spring Initializer, embedded Tomcat, Thymeleaf template engine, and package as an executable JAR file. I want to secure a controller: @Controller @RequestMapping("/company") @RolesAllowed({"ROLE_ADMIN"}) @PreAuthorize("hasRole('ADMIN')") @Secured("ADMIN") public class CompanyController { } I know that there are different options, but I don't really know which I should use 回答1: Security Annotations All of @PreAuthorize , @RolesAllowed and @Secured are

问题 I am relatively new to the Spring Framework and Spring security. I have used a custom authentication scheme, HTML: <form action="j_spring_security_check"> <input type="text" name="j_username" value="abc"/> <input type="text" name="j_password" value="abc"/> <input type="text" name="myCustom1" value="pqr"/> <!-- maybe type="hidden" --> <input type="text" name="myCustom2" value="pqr"/> <!-- maybe type="hidden" --> </form> and the corresponding code: public class CustomAuthenticationProvider

问题 I use Spring Security 3 in my JSF2 webapp. I have a security rule to provide session timeouts: <session-management invalid-session-url="/faces/paginas/autenticacion/login.xhtml?error=1" /> So that when the session has expired and the user clicks on any link, he is redirected to the login page. In this page I check for the error param, and show a message to the user saying the session has expired. But I have 2 problems: (1) When I startup the app the first time (it tries to show the home page)

问题 In a spring-boot with security enabled web app, I'm getting the following error when performing a GET request which contains an encoded slash http://172.16.62.11:8080/customers/emails/BceGjcCovvKn5VM5eEeoG%2FgIr9bh1FpiC0Ofl3umGqU%3D/foo org.springframework.security.web.firewall.RequestRejectedException: The requestURI cannot contain encoded slash. Got /customers/emails/BceGjcCovvKn5VM5eEeoG%2FgIr9bh1FpiC0Ofl3umGqU%3D/foo at org.springframework.security.web.firewall.DefaultHttpFirewall

问题 Being new to spring annotations, I need a clarification for the below code. @PostFilter("hasPermission(filterObject, 'READ') or hasRole('ROLE_ADMIN')") public List<User> getUsers(String orderByInsertionDate, Integer numberDaysToLookBack) throws AppException ; So this means that the list of users returned by getUsers will only contain those elements which have full "READ" access to the calling object or the calling object has role as "ROLE_ADMIN" . Thanks. 回答1: @PreFilter and @PostFilter are

问题 I have written a HTML 5 application that uses AngularJS and interfaces with a Java REST backend running on Tomcat. I use Spring Security to handle login and security. When the user enters the website he is forwarded to a login page which creates a session and redirects to the index page. The REST calls that loads further data from the server then uses that session to authenticate. If there is no session in place, I fallback to basic authentication over HTTP, such that it is possible to invoke

问题 I inject spring security in 2 controllers like this: class ClassName{ def springSecurityService and in some methods I do: def user = springSecurityService.getCurrentUser() as Employee In one controller springSecurityService works and return the current user, but in the other controller I get this exception: groovy.lang.MissingPropertyException: No such property: springSecurityService for class: DUMMY What may I do wrong? EDIT: the controllers: this is part of the good one: class

问题 I'm creating a REST web service using spring and I need to implement login/logout functions in it. The url for the functions should be something like .../api/login and .../api/logout. The username and password will be past using a POST method. I have a services layer below the REST web service. In the service layer i have the "login" and "logout" functions' code. I want to use spring security to save the logged in user in the context of spring. I found several answers but nothing gives a

问题 I'm stuck in this issue for a long time. I want to use @Secure to add Access Control to my controller ArticleController.java like this: @RequestMapping(headers = "Accept=application/json") @ResponseBody @Secured("ROLE_ADMIN") public ResponseEntity<String> listJson() { HttpHeaders headers = new HttpHeaders(); headers.add("Content-Type", "application/json; charset=utf-8"); List<Article> result = Article.findAllArticles(); return new ResponseEntity<String>(Article.toJsonArray(result), headers,