spring-security

问题 I've implemented ajax login/logout in my client code against a backend running spring-security. What I need to know is how to tell whether or not the user is logged in. For instance: User logs in. This returns a 200 from the POST to /login. I could set some variable to track state on the client side. User refreshes browser. Now the state is lost. So, I want to know if there's some way from the client to check whether or not the user is authenticated and logged in purely from the client. Is

问题 For a url like @RequestMapping(value = "/users/{userId}/update/password", method = RequestMethod.PUT) how to be sure the connected user can modify only its password and not the one of other user... actually, i have protection on url... but it's not enough to prevent this case http.authorizeRequests().antMatchers("/rest/users/**").hasRole("USER"); 回答1: I soppuse you have a authentication over /rest/users/**. You can get current user with the following code. YourUserPrincipalDto dto =

问题 We're trying to enable Servlet's 3.0 "async-supported" in our Spring application: Added in web.xml (async-supported)true(/async-supported) for all servlets and filters. Rewrote the request handling code as ** request.getAsyncContext().start(new Runnable() { @Override public void run() { handleRequest(servlet, request, response); } }); ** This causes two problems: Spring Security authentication is lost when running the asynchronous code. There is no EntityManager/session/... any more either.

问题 I've been struggling with this for a few days now but I think it has something to do with Amazon's AWS. I want to enforce SSH/HTTPS, so that if a user inadvertanly goes to HTTP:// myaddress.com they will be redirected to HTTPS:// myaddress.com. I have added this to my config.groovy file: environments { production { // force all traffic over HTTPS in production grails.plugins.springsecurity.secureChannel.definition = [ '/**': 'REQUIRES_SECURE_CHANNEL' ] } The problem is that when I upload to

问题 I'm rolling back from Spring Security 3.1.0.m1 to 3.0.5 but I'm using the security="none" and that's not in the 3.0.5 schema. Anyone know how I accomplish the same thing in 3.0.5? <http security="none" pattern="/javax.faces.resource/**" /> <http security="none" pattern="/services/rest-api/1.0/**" /> <http security="none" pattern="/preregistered/*" /> 回答1: Use attribute filters="none". Please also see Intercept-URL element 回答2: You'll need to consolidate the multiple <http> elements into a

问题 I have a little problem with Spring Security and my public Rest service (only I use POST) My RestController is : @RestController @RequestMapping(value="/public/rest/status") Public class DoSomeThing { @RequestMapping(method=RequestMethod.GET) public String getStatus(){ return "OK"; } @RequestMapping(method=RequestMethod.POST) public String setON(){ return "Done"; } } and my Spring Security is : @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class

问题 I have a Spring Boot app using CAS WebSecurity to make sure that all incoming non authenticated requests are redirected to a common login page. @Configuration @EnableWebSecurity public class CASWebSecurityConfig extends WebSecurityConfigurerAdapter { I want to expose health endpoints through actuator, and added the relevant dependency. I want to bypass the CAS check for these /health URL which are going to be used by monitoring tools, so in the configure method, I have added : http

问题 I have been trying to create a rest api secured with Spring security For the architecture details kindly see this link: Spring Security with REST architecture But, during my implementation I am facing following issues like : Exception starting filter springSecurityFilterChain My application implementation is like : @EnableWebMvc @Configuration @ComponentScan({ "com.ws.service.*" }) public class AppConfig extends Application { ... } CustomJDBCDaoImpl public class CustomJDBCDaoImpl extends

问题 I have developed a simple Spring boot and spring security for form login with the below configuration @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Bean public BCryptPasswordEncoder bCryptPasswordEncoder() { return new BCryptPasswordEncoder(); } @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/resources/**", "

问题 Hi I'm working on an application with Java as it's server-side language and for the client-side I'm using Ajax. But I'm fairly new to ajax applications so I needed some opinions on the issue I've faced. I'm using Spring Security for my authentication and authorization services and by reading spring forums I've managed to integrate Spring Security with Ajax application in a way that ajax requests can be intercepted and relevant action be taken. Here's the issue: What is the best way to let the