spring-security

问题 I have some spring-boot application (it exposes rest api). The mentioned REST API is secured by spring-security . Everything is fine, however now I need to set context for servicing request. Setting context is about choosing datasource in depends on user context. The key is that RoutingDataSource need to use this context. (This context must be set directly after authenticating request due to other causes, I have also other thread which use RoutingDataSource, but no invoked by request (no user

问题 Is it possible to have to have UserDetailsService implementations in a single web application ? To be more precise, my requirement is I have a Servlet which listens to http POST requests which needs to authenticated against a one type of user(lets say UserType 1), the Http POST request contains some fields that I could used to authentication user(user id, and some Hash String). Upon successful authentication user is again forwarded to another login page where again authentication happens this

问题 I'm using AngularJS and spring security in a web application. We were using the basic authentication and now we are trying to put in place SAML for SSO login. As we are using Java based annotation I tried to follow this example, I just added the securityConfig part to my application with also loadUserBySAML service. I also configured my ADFS service in active directory and generated the federationmetadata.xml file, however, I wasn't able to generate the metadata.xml file. When I try http:/

问题 We have a react application which used get that data from spring boot webservice. Both is deployed in a same server(tomcat). But we only need Kerberos authentication for webservice call from the React application. Anyone can open the React application but when it navigate then it calls to the webservcie to get the data. So if we configure the spring to support spnego kerberos spring sso, is it possible that browser will automatically pass( from React app, as react run on the browser) the

问题 In my pom.xml I am getting the following error. The reason why I have <version>2.0.3</version> is to use Spring 2 NTLM authentication. org.springframework.beans.factory.BeanDefinitionStoreException: Unexpected exception parsing XML document from ServletContext resource [/WEB-INF/applicationContext.xml]; nested exception is java.lang.NoSuchMethodError:org.springframework.aop.config.AopNamespaceUtils. registerAutoProxyCreatorIfNecessary(Lorg/springframework/beans /factory/xml/ParserContext;Lorg

问题 I have a situation, I am using Spring MVC (jsp, controllers, service, dao) and session based authentication. But now few urls I am using as a RESTful Web service for integration purpose. For those requests only, I need to use token (for eg JWT) based authentication. So, is there any possibility that I can use both type of authentication within same project. 回答1: is there any possibility that I can use both type of authentication within same project. Yes you can. By having two authentication

问题 I have a situation, I am using Spring MVC (jsp, controllers, service, dao) and session based authentication. But now few urls I am using as a RESTful Web service for integration purpose. For those requests only, I need to use token (for eg JWT) based authentication. So, is there any possibility that I can use both type of authentication within same project. 回答1: is there any possibility that I can use both type of authentication within same project. Yes you can. By having two authentication

问题 Please what is the compatible release version for Spring Security for Spring 3.2.8 release ? 回答1: There is little dependancy between Spring Security versions and Spring Framework versions. I have already used Spring Security 3.1.x with Spring Framework 3.1.x and 3.2.x. If you have no reason to do differently (portability of code) you should choose the more recent General Available version that is compatible with your other components. Doc for latest GA (4.0.1) says that it builds against

问题 I have enabled Spring Security headers. My code is like this: <security:headers disabled="false"> <security:content-security-policy policy-directives="script-src 'self' 'unsafe-inline' 'unsafe-eval'" /> <security:cache-control disabled="true"/> </security:headers> By default X-FRAME-OPTIONS is DENY . But some requests I should enable X-FRAME-OPTIONS as SAMEORIGIN . How to do? 回答1: You can use a DelegatingRequestMatcherHeaderWriter, see Spring Security Reference: 20.2.3

问题 I want to pass some parameters with login details to spring security such as some item id. then after i want to redirect to page according to the user type. For this i am using custom filter to send additional parameter. And to redirection i am using authentication-success-handler-ref . My problem is, I am geting position conflict as i am using along with custom filter . Please help me out to do my task. Here is my configuration <http use-expressions="true"> <intercept-url pattern="/login"