spring-security

问题 I try to use WebClient with oauth2 in spring webflux. I fetch a token from an url access token and i set it into the webclient. but i do not like to fetch this access token in every call of other secured endpoints. Means that i want to fetch it only in the first time during the instanciation of the webclient and when the access token expire. Here is the code that i am using : @Configuration public class OauthEmployeConfig{ /** ** ... String baseUrl, String accessUrl for the access token url *

问题 Spring security in the servlet stack ( web ) allows you to customize the OAuth2 login redirection endpoint base uri in the Oauth2 authorization code grant flow as given here. I am trying to do the same for the reactive stack with Spring webflux. The github issue here mentions an authorizationRequestResolver and authenticationMatcher on the Oauth2LoginSpec that can be used to customize the base uri but I am unable to figure out how. Can someone please help me out with the configuration? 回答1:

问题 I have a spring boot app which provides HTML page service via / and also rest api via /api . The former requires login via a Login form and the later requires HTTP basic auth, and hereby, I configure two HttpSecurity section as follows: @Configuration @Order(1) public static class ApiSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.antMatcher("/api/**") .cors().and().csrf().disable()

问题 In my current spring-boot, I am trying sign in the user using an external OAuth2 server. The problem right now is that when I execute the application, after the authorization being successful, the user should be redirected back to the application. When this happens, I got an error. My application.properties file: spring.security.oauth2.client.registration.mercadolivre.provider=mercadolivre spring.security.oauth2.client.registration.mercadolivre.client-id=... spring.security.oauth2.client

问题 I have a Spring Boot + Spring Security application with RedhatSSO (Keycloak) as OIDC provider. This application is deployed on Openshift which assings it a route like this: http://my-app.cloud.mycompany.com/ . The application has this context path: /my-app . When I access a protected resource using the application's Openshift route address, http://my-app.cloud.mycompany.com/my-app/someProtectedResource , I am redirected to the Keycloak login page https://sso.mycompany.com where I login and I

问题 I have a Spring Boot + Spring Security application with RedhatSSO (Keycloak) as OIDC provider. This application is deployed on Openshift which assings it a route like this: http://my-app.cloud.mycompany.com/ . The application has this context path: /my-app . When I access a protected resource using the application's Openshift route address, http://my-app.cloud.mycompany.com/my-app/someProtectedResource , I am redirected to the Keycloak login page https://sso.mycompany.com where I login and I

问题 In my usecase I don't have a User DB table to authenticate the user password. I am using HMAC signature which client sends in API request. On server side I calculate the same HMAC signature and just need to match them for successful authentication. So I was thinking on using DaoAuthenticationProvider which Spring Security provides, without writing own custom provider class. Following are all the files I have. My Spring boot application does not build when I @Autowired private

问题 I am working on a Spring boot project which uses Hazelcast as Cache. I am using the community edition of that. I have couple of questions, I wanted to know whether there is minimal provision provided in community edition for security features. I know that we can provide unique group name so other nodes cannot join the cluster. But is there any other way?. I also tried with hazelcast.application.validation.token but it is not working. What is the correct way to check with this property. Also,

问题 I'm trying to set up small web application in spring using bootrap and thymeleaf. I have no idea what's going on, because I have already one user in databe and I'm trying to log on it. When I pass wrong credentials is okey and spring-security doesn't pass me futher. But, when I pass corrent credentials, there is a NumberFormatException exception thrown from spring-security-core saing that it cannot parse my password to double. Password is hashed by BCrypt, but even when it wasn't hashed I had

问题 How to get a session cookie and the CSRF token from jhipster then use them in your calls to the API from mobile app. I am using HTTP session authentication. JHipster configuration, a .yo-rc.json file generated in the root folder { "generator-jhipster": { "jhipsterVersion": "3.0.0", "baseName": "vconnect", "packageName": "com.zenfact.vconnect", "packageFolder": "com/zenfact/vconnect", "serverPort": "8080", "authenticationType": "session", "hibernateCache": "ehcache", "clusteredHttpSession":