spring-security

问题 I am currently moving from an xml-based configuration of spring security to a java based one. I need to setup a custom WebAuthenticationDetails via Java. Is there a way to do that? In XML, I would just set that authenticationDetailsSource of the UsernamePasswordAuthenticationFilter. Relevant sample below <http entry-point-ref="loginUrlAuthenticationEntryPoint"> <custom-filter ref="rememberMeFilter" position="REMEMBER_ME_FILTER"/> <custom-filter ref="loginFilter" position="FORM_LOGIN_FILTER"/>

问题 I found this however oauth as client doesn't work exactly the same in Spring Boot 2.1/Security 5.1, as far as I know Oauth no longer requires an additional module. I was able to do facebook/okta login without the Oauth2 module, and got close with Google; this is the config for google I came up with. spring.security.oauth2.client.registration.google.client-id=10240000000-k88NNNNNNN.apps.googleusercontent.com spring.security.oauth2.client.registration.google.client-secret=fsjflsajfldajflsajf

问题 I found this however oauth as client doesn't work exactly the same in Spring Boot 2.1/Security 5.1, as far as I know Oauth no longer requires an additional module. I was able to do facebook/okta login without the Oauth2 module, and got close with Google; this is the config for google I came up with. spring.security.oauth2.client.registration.google.client-id=10240000000-k88NNNNNNN.apps.googleusercontent.com spring.security.oauth2.client.registration.google.client-secret=fsjflsajfldajflsajf

问题 I found this however oauth as client doesn't work exactly the same in Spring Boot 2.1/Security 5.1, as far as I know Oauth no longer requires an additional module. I was able to do facebook/okta login without the Oauth2 module, and got close with Google; this is the config for google I came up with. spring.security.oauth2.client.registration.google.client-id=10240000000-k88NNNNNNN.apps.googleusercontent.com spring.security.oauth2.client.registration.google.client-secret=fsjflsajfldajflsajf

问题 I'm creating rest api and implemented Spring Security - everything works fine but I want (for now, when I'm still developing) to be able for anyone without authorization to open localhost:8080/console. My code: @Override protected void configure(HttpSecurity http) throws Exception { // allow everyone to register an account; /console is just for testing http.authorizeRequests().antMatchers("/register", "/console").permitAll(); http.authorizeRequests().anyRequest().fullyAuthenticated(); //

问题 I have the following configuration in my spring security xml file. When I try to authenticate I get the following message but cannot proceed. INFO: Ignoring PartialResultException I am aware that spring's documentation states that you can set ignorePartialResultException to true but this property seems to be in the LdapTemplate class which may require additional coding. I would like to accomplish all of this through bean configuration as I am not interested in role mapping. <authentication

问题 I have the following configuration in my spring security xml file. When I try to authenticate I get the following message but cannot proceed. INFO: Ignoring PartialResultException I am aware that spring's documentation states that you can set ignorePartialResultException to true but this property seems to be in the LdapTemplate class which may require additional coding. I would like to accomplish all of this through bean configuration as I am not interested in role mapping. <authentication

问题 After upgrading today from Spring boot 1.2.5 to 1.3.0 BUILD-SNAPSHOT Calling @PreAuthorize fails: example: @PreAuthorize("@defaultSecurityService.canDoSomething(authentication.principal.id, #objId)") Result doSomething(@P("objId")String objId); where defaultSecurityService is defined as: @Service public class DefaultSecurityService implements SecurityService { ... public boolean canDoSomething(String userId, String objId){ return true; // } } Stack trace Caused by: java.lang

问题 I want to log if a user tries to authenticate with wrong credentials. Therefore i have added this event listener class to my project: import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.context.ApplicationListener; import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent; import org.springframework.stereotype.Component; @Component public class AuthenticationFailureListener implements ApplicationListener

问题 I use Spring Security persistent logins. I persist the remember me token in my database. Sometimes I get the following error: | Error 2013-07-02 13:54:14,859 [http-nio-8080-exec-2] ERROR [/buddyis].[gsp] - Servlet.service() for servlet [gsp] in context with path [/buddyis] threw exception Message: Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack. Line | Method ->> 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor - - - - - - - - - - - - - - - -