spring-security

问题 I have a simple rest API which works with database. It worked properly until I added the security part. Now it gives HTTP 405 Not Allowed on the POST and DELETE requests. I have no idea why. The GET requests work properly. So here is the controller class: @Controller public class MarkerController { private Logger logger = Logger.getLogger(MarkerController.class.getName()); @Autowired private MarkerServiceInterface markerService; @RequestMapping(value="/markers", method=RequestMethod.GET)

问题 It seems like Spring isn't routing/authorizing HTTP POST requests correctly. When I send a HTTP POST request I always get "405 Method Not Allowed" response and this in the log file: org.springframework.web.servlet.PageNotFound - Request method 'POST' not supported The controller allows POST for the URL: @RequestMapping(value = "/mypostreq", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE) @Secured("ROLE_USER") public String mypostreq(@RequestBody String callBody,

问题 I'm trying to make a simple forum just to get the hang of the Spring Security and MVC frameworks. For simplicity's sake, let's I have a JSP to view a forum post, which looks like the following: <body> ... Title: ${forumPost.title} <br> Author: ${forumPost.author.name} <br> Message: {forumPost.message} <br> <security:authorize ifAnyGranted="ROLE_ADMIN"> Edit: <a href="/edit">Edit</a> </security:authorize> ... </body> My problem is: not only should an Administrator be able to edit this post,

问题 Using Spring Boot 1.3.1, I am having problems with @AuthenticationPrincipal . This is my controller: @RestController @RequestMapping("/api/user") public class UserController { @RequestMapping("/") public UserDto user(@AuthenticationPrincipal(errorOnInvalidType = true) User user) { return UserDto.fromUser(user); } } This is my custom User class: @Entity() @Table(name = "app_user") public class User extends AbstractEntity<UserId> implements Serializable { // ------------------------------

问题 I am using Spring Security 3.0 with JSPs. I have created a RequireVerificationFilter that redirects unverified users to a "verify your email" page. I added the filter to the spring security filter stack in last place like so: Bean definition in my app-config.xml: <bean id="requireVerificationFilter" class="com.ebisent.web.RequireVerificationFilter" /> Filter added to spring security filter list in my security-config.xml: <custom-filter ref="requireVerificationFilter" after="LAST" /> The

问题 I am using Spring Security 3.0 with JSPs. I have created a RequireVerificationFilter that redirects unverified users to a "verify your email" page. I added the filter to the spring security filter stack in last place like so: Bean definition in my app-config.xml: <bean id="requireVerificationFilter" class="com.ebisent.web.RequireVerificationFilter" /> Filter added to spring security filter list in my security-config.xml: <custom-filter ref="requireVerificationFilter" after="LAST" /> The

问题 I'm trying to secure a spring-boot web application using spring security and spring-security-cas (SSO with Jasig CAS). I'm facing a too many redirects error when trying to access a protected resources. The project is available here Do you see any error in my configuration? Thanks in advance redirect loop error screenshot 回答1: Finally found out the error: In SpringSecurity 4.x, CasAuthenticationFilter's defaultFilterProcessesUrl path is changed. So Change '/j_spring_cas_security_check' to '

问题 In the configuration of my template engine I would like to add SpringSecurityDialect() like: @Bean public TemplateEngine templateEngine() { SpringTemplateEngine engine = new SpringTemplateEngine(); engine.addDialect(new SpringSecurityDialect()); engine.setEnableSpringELCompiler(true); engine.setTemplateResolver(templateResolver()); return engine; } However eclipse is telling me: The type org.thymeleaf.dialect.IExpressionEnhancingDialect cannot be resolved. It is indirectly referenced from

问题 I have an application and use a controller mapping of spring to load images to my users. (InputStream, response, etc). In my controller I set headers to cache-control, baseaded on files, etc. But there's always pragma: no-cache and Cache-Control:"max-age=0" inside all requests, and that's replace my response settings. I was trying everything to solve this, but nothing works. I already read all page and try everything I found about that: http://docs.spring.io/autorepo/docs/spring-security/3.2

问题 Hi I am now using spring security. It works fine. But if login failed, no error message display. I am wondering how can I display error message? I have configured the ResourceBundleMessageSource in my applicationContext.xml <!-- Spring security error message config --> <bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource"> <property name="basenames"> <list> <value>messages</value> </list> </property> </bean> And my security-config.xml <?xml version=