spring-security

问题 sorry in advance if the question is previously asked, but I have not been able to find an answer. I am trying to setup Spring Cloud Gateway to act as a OAuth2 client to authenticate/login users via a Keycloak Authentication server. I have been able to achieve this using the following code snipet: Security Config: @Configuration @EnableWebFluxSecurity @EnableReactiveMethodSecurity public class SecurityConfig { private final GatewayAuthenticationSuccessHandler

问题 sorry in advance if the question is previously asked, but I have not been able to find an answer. I am trying to setup Spring Cloud Gateway to act as a OAuth2 client to authenticate/login users via a Keycloak Authentication server. I have been able to achieve this using the following code snipet: Security Config: @Configuration @EnableWebFluxSecurity @EnableReactiveMethodSecurity public class SecurityConfig { private final GatewayAuthenticationSuccessHandler

问题 Basically I'm trying to access a bearer-only endpoint from a client app which is using a "KeycloakRestTemplate". I did follow this guidelines 1:1 (it is in German) : https://blog.codecentric.de/2017/09/keycloak-und-spring-security-teil-1-einrichtung-frontend/ My problem is that when I see the logs, the authentication on the side of the bearer only endpoint seems successful, as shown bellow: Found [1] values in authorization header, selecting the first value for Bearer. o.k.a

问题 In the browser I can see CSRF token in URL which I want to avoid. http://localhost:8080/......./new?someval=val&CSRFToken=1975f761-fb40-4146-ad02-29ba9d5b3cdd The root cause is we are using FORM tag with http method GET. This is being used as some hidden parameters we want to pass to controller for some processing. How to avoid CSRF token in URL. Because I dont want to remove form as it is already tested and will be a testing impact. 回答1: I had the same issue and I changed the submission's

问题 I encountered a problem when integrating spring security with spring boot.After Overwriting the WebSecurityConfigurerAdapter, I can't redirect to the successful page(wlecome.ftl) when I've accessed the login page.It's aways redirect to the login page(index.ftl) without error logs. Is there anyting I missed?Help is aways appreciated,thanks! SecurityConfig.java @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfig extends

问题 I am using Spring Boot 2.2.0 with azure-active-directory-b2c-spring-boot-starter 2.2.0. I managed to secure a Thymeleaf web page with that (following their tutorial). Now, I want to have a REST API that is secured in the same way, as the actual application will be a mobile app that does REST calls to my Spring Boot backend. I already figured out how to get a token with the password grant flow using: POST https://<my-tenant-id>.b2clogin.com/<my-tenant-id.onmicrosoft.com/oauth2/v2.0/token?p=B2C

问题 I am trying to build a spring boot application and wanted to leverage the Actuator features, but I want to secure the end points of Actuator /health,/shutdown etc. I have the below configurations which does not seem to work. I.e., application never prompts for credentials or when hit from post man does not give 403. I tried various ways, even the one from spring documentation. Can any one please help with this. Again this is spring boot 2.1.x. I know there is a configuration that can be made

问题 I have the below spring configuration :- static SessionRegistry SR; @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/", "/forgotPwd", "/resetPwd").permitAll() .anyRequest().authenticated().and().formLogin().loginPage("/login") .defaultSuccessUrl("/home").failureUrl("/login?error").permitAll() .successHandler(authenticationSuccessHandler) // autowired or defined below .and().logout() .logoutRequestMatcher(new

问题 I have a requirement to get the details of the current user who has been loggedIn. To get the details, we can use the SecurityContextHolder.getContext() and extract the details. According to, SecurityContextHolder, SecurityContext and Authentication Objects By default, the SecurityContextHolder uses a ThreadLocal to store these details, which means that the security context is always available to methods in the same thread of execution . Using a ThreadLocal in this way is quite safe if care

问题 I'm trying to consume a rest web service in spring integration project. This web service is secured with oauth2 (authorization code).Any idea how to achieve this? I tried using OAuth2RestTemplate but it gave me an error: org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval Below is my code. import java.util.Arrays; import org.springframework.security.oauth2.client.token.AccessTokenRequest; import org