spring-security

问题 Good day, I am using spring security to restrict user, and i am using mongodb. I have created UserDetail and userDetail Services. her is my webSecurity config. @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Bean public UserDetailsService mongoUserDetails() { return new CustomUserDetailsService(); } @Bean public DaoAuthenticationProvider authProvider() { DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();

问题 I am getting this run-time error: java.lang.NoSuchMethodError: org.springframework.core.annotation.AnnotationUtils.clearCache()V And part of stack trace: Caused By: java.lang.NoSuchMethodError: org.springframework.core.annotation.AnnotationUtils.clearCache()V at org.springframework.context.support.AbstractApplicationContext.resetCommonCaches(AbstractApplicationContext.j ava:915) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:575) at

问题 I tried to test Spring WebFlux with traditional Web Security( @EnableWebSecurity ). I used the Tomcat intead of Netty. I got the follow error message. *************************** APPLICATION FAILED TO START Description: The bean 'springSecurityFilterChain', defined in class path resource [org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfiguration.class], could not be registered. A bean with that name has already been defined in class path

问题 I'm dwelling with this problem... I have a Spring Boot application wit a S2S communication. I have a @RestController method which should accept POST request. This is the controller @RestController public class PaymentRestController { @PostMapping("/util/paymentResponse") public void savePaymentResponse(@RequestParam boolean transaction_status, @RequestParam String usedToken, @RequestParam String transaction_message, @RequestParam String authCode, @RequestParam String transactionCode,

问题 I researched this and found this Answer on SO. I do however have the complementary question to this one: I have a set of filters, that i want to be applied to ALL requests, EXCEPT special cases (eg.: all paths except /mgmt/** and /error/**). This cannot be done using the same method presented in the linked answer, as I would add the filters to the default http-security Object, which would then apply for the special cases too. is there a thing like "negative matchers", allowing me to do

问题 I have a problem that each user can retrieve other users data from URL. For instance, I have a rest api like this: @GetMapping("/getFindByPersonId/{perId}") @Timed public List<ComboVahedAmoozeshi> getFindBySkhsIdCombo(@PathVariable Long perId){ return comboVahedAmoozeshiRepository.getFindBySkhsIdCombo(perId); } After authorization, each user can change id and get other users data like the image below: Is there any suggestion to restrict each user to don`t have access to call the method? Or

问题 We are developing an application that uses OAuth 2 for two use cases: Access to backend microservies (using client_credentials ) Authenticating the application's users (using authorization_code , so redirecting the users to Keycloak for login, roughly configured like shown in the tutorial). While authenticating our users, we receive part of the information from the auth server (such as login) and the other part can be found in a local user table. What we like to do is to create a Principal

问题 I am trying to get indexname dynamically in @Document(indexName="Something",type="type") I have tried using below code: @Document(indexName="#{systemProperties['databaseName'] }", type = "dbtype") but at runtime when I am sending two request from UI to get the data from ES from different indexes,it is not working properly. what should I do to solve this issue? 回答1: A workaround is, to work with NativeSearchQuerries. There you can set the index to whatever you like: NativeSearchQuery query =

问题 I've generated a Spring Boot web application using Spring Initializer, embedded Tomcat, Thymeleaf template engine, and package as an executable JAR file. Technologies used: Spring Boot 2.0.0.M6 , Java 8, maven Here my security config @Override protected void configure(HttpSecurity http) throws Exception { final List<String> activeProfiles = Arrays.asList(env.getActiveProfiles()); if (activeProfiles.contains("dev")) { http.csrf().disable(); http.headers().frameOptions().disable(); } http

问题 I am currently moving from an xml-based configuration of spring security to a java based one. I need to setup a custom WebAuthenticationDetails via Java. Is there a way to do that? In XML, I would just set that authenticationDetailsSource of the UsernamePasswordAuthenticationFilter. Relevant sample below <http entry-point-ref="loginUrlAuthenticationEntryPoint"> <custom-filter ref="rememberMeFilter" position="REMEMBER_ME_FILTER"/> <custom-filter ref="loginFilter" position="FORM_LOGIN_FILTER"/>