spring-security

问题 hit a problem and think its a bug (?) in the grails spring security 3.1.1, and latest grails 3.2.6. i have installed the spring security plugin. from the command line console i did the following grails s2-quickstart org.softwood.security User Role --groupClassName=UserGroup to create a user, role, and UserGroup table as i want to use the allocate roles to groups feature. I then configured the domain classes a tad, and added a few users in the bootstrap to test it out like this def

问题 I have an app which allows users to sign in and then passes their sign in information to the app of their choice. All the apps are written in Java and use Struts2 and run on Websphere . What is the most secure way to pass in the sign in information? I can pass it in the URL using HTTPS but that still leaves the information available in the browser history. EDIT: The sign-in app actually calls a web service which registers the user which collects their personal information, verifies their

问题 We are using spring security for the authentication in our application. The login form has four parameters (four input text fields for username, organization, company and password). When wrong password is entered all the other input parameters are also cleared from the login form. How do we retain those values? We do not want user to enter the other details again if the authentication fails. 回答1: Are you using Spring MVC? If so it is very easy to do that if you use the spring form tags in jsp

问题 We are using spring security for the authentication in our application. The login form has four parameters (four input text fields for username, organization, company and password). When wrong password is entered all the other input parameters are also cleared from the login form. How do we retain those values? We do not want user to enter the other details again if the authentication fails. 回答1: Are you using Spring MVC? If so it is very easy to do that if you use the spring form tags in jsp

问题 I am creating a spring boot 2 OAuth2 client/server application. The authorization server successfully logins and redirects to the client, but when the client receives the redirect (http://localhost:8080/login/oauth2/code/xe?code=ACK4Ae&state=Jw-dCGYvJa6QV-fcoTGjgY-6FyUyJHa-HBjWdsp3HM4%3D) the client browser displays: Your login attempt was not successful, try again. Reason: [invalid_token_response] An error occurred parsing the Access Token response: The HTTP Content-Type header must be

问题 I am creating a spring boot 2 OAuth2 client/server application. The authorization server successfully logins and redirects to the client, but when the client receives the redirect (http://localhost:8080/login/oauth2/code/xe?code=ACK4Ae&state=Jw-dCGYvJa6QV-fcoTGjgY-6FyUyJHa-HBjWdsp3HM4%3D) the client browser displays: Your login attempt was not successful, try again. Reason: [invalid_token_response] An error occurred parsing the Access Token response: The HTTP Content-Type header must be

问题 I have a application made with spring-boot that uses OAuth2 from spring-security with the annotation @EnableOAuth2Sso . When I run the app locally it works perfectly but when I deploy to google app-engine. I get a Server Error 500. I think it has something to do with how my credentials are set because the error occurs at SocialTokenServicesConfiguration . When I remove the @EnableOAuth2Sso the app works when deployed. It's weird how the app can work with the OAuth2 locally but not when

问题 I need to implement SSO in my JAVA Web App with OpenID Connect. I already have experience in SSO with SAML 2.0 with WSO2 as Identity Provider. I am clear on the client part, and planning to implement the same with Spring Security. My question is, does it make sense to build my own Identity provider for OpenID Connect? For some reasons, I do not want to use any third party IDP (like WSO2). If yes, is there any library that can help? If no, what are the best IDP I can use for OpenIDConnect?

问题 Can we move mvc interceptors from individual context file to web-application context.xml Thus removing interceptor from individual module context? 回答1: You can put them in the web-context as follow: <mvc:interceptors> <bean class="com.package.TheInterceptor" /> <bean class="com.package.AnotherInterceptor" /> </mvc:interceptors> 来源： https://stackoverflow.com/questions/25258132/moving-mvc-interceptor-from-module-context-to-web-application-context

问题 I am trying to migrate some spring-webflux sample codes to kotlin. Currently I want to convert my Spring Data Mongo sample to kotlin. There is a User , the original Data Mongo version looks: @Data @ToString @Builder @NoArgsConstructor @AllArgsConstructor @Document class User implements UserDetails { @Id private String id; private String username; private String password; @Builder.Default() private boolean active = true; @Builder.Default() private List<String> roles = new ArrayList<>();