spring-security

问题 Whenever I try to entityManager.flush() I get the error mentioned on title. That is interesting that all my models have been created properly on MySql during application start up. I have read several questions with similar exception and basically all of them point to use/change @Transaction somehow. Any suggestion or even a scratch idea about what to check will be highly appreciated. I don't think it is really relevant but let me inform btw: I am using WebSphere Liberty Profile + MySql. where

问题 Whenever I try to entityManager.flush() I get the error mentioned on title. That is interesting that all my models have been created properly on MySql during application start up. I have read several questions with similar exception and basically all of them point to use/change @Transaction somehow. Any suggestion or even a scratch idea about what to check will be highly appreciated. I don't think it is really relevant but let me inform btw: I am using WebSphere Liberty Profile + MySql. where

问题 In my spring boot application, After successful login I set the authentication details (with user roles in authorities) in the context // Perform the authentication Authentication authentication = authenticationManager.authenticate( new UsernamePasswordAuthenticationToken( authenticationRequest.getUsername(), authenticationRequest.getPassword() ) ); SecurityContextHolder.getContext().setAuthentication(authentication); But when I try to access the roles again in other parts of the code with

问题 I would want to set an absolute time out for the expiration for my sessions and not need it to be calculated based on lastAccessedTime. I have seen the issue https://github.com/spring-projects/spring-session/issues/922 . But my case is different from this case. With setting the expires time as absolute time in redis I can make sure the session does not cling for longer than I want in redis but also ensure session exists in the redis for the amount of time I require it to stay there even if

问题 My goal is to authenticate the WebSocket CONNECT frame. I wish to be able to initialize Authentication user = ... by using X-Auth-Token . TL:DR I use the X-Auth-Token header. How the current authentication works: User hit POST /login endpoint with Form Data username and password . The response header will contain the key X-Auth-Token . If you hit any REST endpoint with X-Auth-Token the server will recognize the user. The issue is how to get Authentication from X-Auth-Token in the WebSocket

问题 I am trying to make a simple request from angular to spring. I used bare bone spring web and spring security and simple angular(9) request. Let me share my Java and Angular code. Java Code @RestController @CrossOrigin(origins = "http://localhost:4200") public class Main { @RequestMapping("/hello") public Map<String,Object> home(){ Map<String, Object> model = new HashMap<String, Object>(); model.put("id", UUID.randomUUID().toString()); model.put("content", "Hello from Backend"); return model;

问题 I am spinning trying to figure it out what is wrong in my case. I need to decrypt request from client. Keystore should be correct as I have tested with spring WS and there is works (but i can not use spring WS due to soapAction which clicent can not provide in header). This is my WSS4JStaxInInterceptor: @Bean public WSS4JStaxInInterceptor wss4JStaxInInterceptor() throws Exception { Properties properties; Crypto crypto = CryptoFactory.getInstance(wss4jInProperties()); WSSSecurityProperties

问题 I've created a form that sends the data to my backend, which persists it into the database This works well as long as I have .permitAll() on my antMatcher, but when I try to secure it so that only admins can make that call (admin role in the DB is ROLE_ADMIN), it returns a 401 Unauthorized Access with no message. I've tried .hasRole("ADMIN") .hasRole("ROLE_ADMIN") .hasAuthority("ADMIN") .hasAuthority("ROLE_ADMIN") None of them works. My request looks like this (posting for the headers): My

问题 If I use a token I can access the user page fine http://localhost:8901/auth/user. but if I try to get only the signup/registration "api call" supposed to be accessible by anyone I get : "Full authentication is required to access this resource". I tried the following httpSecurity .csrf() .disable() .authorizeRequests() .antMatchers("/registration") .permitAll() .and() .authorizeRequests() .anyRequest() .authenticated() .and() .httpBasic(); then tried to see if I could enable everything but

问题 With this architecture, i created a configServer that point to git repository where all my configurations are stored Now, i want to secure this configurations because it contains a critic information (as servers, passwords, ...etc.) So, to do that i fount this By adding the dependency spring-boot-starter-security to the configServer, then defining user, password in the application.properties my configuration's files are now protected by Basic Authentication Now, i must share my user/password