spring-security

问题 I have used spring security 3.0.7 and I am implementing concurrency control in my project. But it is not working. I have used <security:session-management> <security:concurrency-control error-if-maximum-exceeded="true" max-sessions="1"/> </security:session-management> Even I tried solution from spring security reference but it didn't work out. Here is my configuration file content : <session-management session-authentication-strategy-ref="sas"/> </http> <beans:bean id="concurrencyFilter"

问题 I am studying Spring Cloud and Spring OAuth2 by decomposing the three interconnected apps in this GitHub sample. When I open up the /oauth/revoke-token endpoint in the authserver app and then call it from the ui app with a http://localhost:9999/uaa/logout , the debug log for the authserver app gives the following error message while rejecting the logout request: Request 'OPTIONS /logout' doesn't match 'POST /logout What specific changes need to be made to the code in the sample GitHub apps in

问题 i have a method secured with spring security as follows: @PreAuthorize("hasRole('add_user')") public void addUser(User user) ; and if a user with no enoguh permissions is trying to invoke it , an accessDenied exception is thrown: org.springframework.security.access.AccessDeniedException: Access is denied this is what's expected, but the question is, why the defined access-denied-handler in security.xml configuration file is not working : <access-denied-handler error-page="accessDenied"/> I

问题 Can anyone paste simple steps to integrate Spring security and CAS over here for single sign on and single sign out. Note I dont want any role based access.I have a web application which is already integrated with spring security. Now I was trying to perform SSO with CAS,but I am getting this error sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target This is my current spring security.xml <?xml version="1.0" encoding="UTF-8"?>

问题 Can anyone paste simple steps to integrate Spring security and CAS over here for single sign on and single sign out. Note I dont want any role based access.I have a web application which is already integrated with spring security. Now I was trying to perform SSO with CAS,but I am getting this error sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target This is my current spring security.xml <?xml version="1.0" encoding="UTF-8"?>

问题 Okta is an IdP for SAML logins. I have a super-admin user of Okta. I try to use Spring's saml-sample project as my SP (service-provider). When I configure it (spring-saml-sample) in the Okta system, I need to supply some data on my SP, such as "post back URL", "recipient" and "audience restriction". After sniffing in Okta's docs, I found this: Audience Restriction – This is the entity id of the Service Provider. It will be provided by the SP and must match exactly. Consult the SP

问题 SEVERE: Servlet.service() for servlet [dispatcher] in context with path [/SecuritySpring] threw exception java.lang.IllegalArgumentException: Failed to evaluate expression 'ROLE_USER' at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:14) at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:36) at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter

问题 I am a newbie to Spring Security 3. I am using roles for users to login. I want to add some session value after a user is authorized into the application. Maybe I need some filter so that it redirects to my method which adds some session value. I have configured my security.xml file but I am not sure whether I am doing right things. Any examples in that direction would help. Which Filter Class should I use? How should I configure security.xml file? <custom-filter ref="authenticationFilter"

问题 I'm trying to integrate the Spring Saml library in a sample webapplication, using Shibboleth as IDP. I'm able to load the login page, to login and to show the index page. The problem is that when I click on other links the webapp redirect me to the login page, then the IDP recognizes me and redirects to the requested page (if the network is fast it's very difficult to see this). It's like I'm not logged in for Spring security. I checked the log and I found this: org.springframework.security

问题 I have SPRING METHOD security fully configured for my web application. (with PRE/POST annotations enabled). However recently I encountered a strange issue with them. Summary as follows: Summary of POJOS // User Class public class User { int id; String name; // getters and setters } // Group Class public class Group { int id; String name; // getters and setters } // GroupMembership class public class GroupMembership { private int id; private User user; private Group group; // getters and