spring-security

问题 I'm trying to make an ajax call to my Spring controller/action with POST method, and return an object from the server with @ResponseBody. The strange situation is that it stop working after add spring security layer, everything was working fine before. I will try to explain my moves to solve the problem and then show you the code/captures/etc. 1. After some research I found some answers telling the problem might be related with csrf mechanism, so I disabled it and still have the issue.

问题 I am trying to learn Grails along with the Spring Security plugin. I am using Grails 2.3.0 with springsecurity-RC2 plugin and following the guide on the Grails website. The issue I am running into is that the generated LoginController.groovy and LogoutController.groovy files from the s2-quickstart script are not being generated in the grails-app/controller, instead they are in target/work/springsecurity/grails-app/controller. This issue does not seem to occur in grails 2.1.5 but does in 2.2.4

问题 I am using Spring security feature in my application, but I found out that when the session expired, all the request ajax return the page login.jsp(not redirect, in http response, it puts all the html content) which is the login page of my webapp. I used a lot of ajax request in my app and the goal is return certain error code like 510 instead of the login page. <session-management session-authentication-strategy-ref="example" /> without invalid-session-url I tried to make invalid-session-url

问题 I have taken the Spring SAML example (see section 4.2 in this guide) which works with the Open source login page SSO, and tried to add support to use WSO2 Identity Server as an additional IDP service. To do this I changed the spring SAML sample project by adding a metadata xml file for IS, and added an entry for the IS metadata to the securityContext.xml. On running the spring application I now get presented with an option to login using IS, and I can successfully login in on WSO2 when I'm

问题 I have taken the Spring SAML example (see section 4.2 in this guide) which works with the Open source login page SSO, and tried to add support to use WSO2 Identity Server as an additional IDP service. To do this I changed the spring SAML sample project by adding a metadata xml file for IS, and added an entry for the IS metadata to the securityContext.xml. On running the spring application I now get presented with an option to login using IS, and I can successfully login in on WSO2 when I'm

问题 I want to use @Secured annotations for my controller actions. Since I have java based configuration I need to know how I can set the <security:global-method-security secured-annotations="enabled" /> option without the xml file. Upate 1: I addeed @EnableGlobalMethodSecurity(securedEnabled = true) to my security config class: @Configuration @EnableWebMvcSecurity @EnableGlobalMethodSecurity(securedEnabled = true) public class LIRSecurityConfig extends WebSecurityConfigurerAdapter { @Override

问题 I am using Spring Security's OAuth2 server implementation. I am trying to get the access_token from the servers' /oauth/token endpoint using the OAuth2 "Password" grant type by only supplying username and password and the client id without the client secret. This works fine as long as I provide the client id and the client secret in the Authorization header of my HTTP request like so: curl -u clientid:clientsecret http://myhost ... -d "grant_type=password&username=user&password=pw&client_id

问题 hi I'm trying to follow a simple example about doing a simple login form page that i found in this page http://docs.spring.io/autorepo/docs/spring-security/4.0.x/guides/form.html the problem is that i´m getting this error everytime that i try to login i get this error: Expected CSRF token not found. Has your session expired? When i get this error i press the back button in my explorer and try a second time to log in and when i do that i get this error: HTTP 403 - Invalid CSRF Token 'null' was

问题 I'm doing a little application that requires to login first. But for some 3rd party tool, I want to provide an API that doesn't require login. The login itself works fine, the API itself works, but I can't figure out how to tell Spring Security, that the API can be accessed without the need of authentication. I checked several topics here and on other websites and tried different versions, but none worked. Everytime I try to access the API, I get forwarded to the login form and have to login

问题 I have a Spring + Thymeleaf project with the following view code. <!DOCTYPE html SYSTEM "http://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring3-3.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3"> <head> <title>Contacts</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> </head> <body> <div id="content"> <h1>Welcome to the site!</h1> <p th:if="${loginError}"