spring-security

问题 I use Spring Security persistent logins. I persist the remember me token in my database. Sometimes I get the following error: | Error 2013-07-02 13:54:14,859 [http-nio-8080-exec-2] ERROR [/buddyis].[gsp] - Servlet.service() for servlet [gsp] in context with path [/buddyis] threw exception Message: Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack. Line | Method ->> 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor - - - - - - - - - - - - - - - -

问题 What is the difference between WebExpressionVoter and AuthenticatedVoter in spring security? What I know is AuthenticatedVoter will search for strings IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_REMEMBERED (cookie) and vote for yes in corresponding cases. But I am not sure of WebExpressionVoter even afetr reading available spring docs. Please any one explain me about WebExpressionVoter. Thanks in advance. 回答1: Take a look at Web Security Expressions. The

问题 What is the difference between WebExpressionVoter and AuthenticatedVoter in spring security? What I know is AuthenticatedVoter will search for strings IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_REMEMBERED (cookie) and vote for yes in corresponding cases. But I am not sure of WebExpressionVoter even afetr reading available spring docs. Please any one explain me about WebExpressionVoter. Thanks in advance. 回答1: Take a look at Web Security Expressions. The

问题 ProviderManager is throwing InternalAuthenticationServiceException.class while retrieving users in DaoAuthenticationProvider.class, loadedUser = this.getUserDetailsService().loadUserByUsername(username); I want to handle this exception and return my custom response to the client. I don't want to handle this by writing custom ProviderManager. For all other OAuth exceptions i am able to handle the exceptions using Custom WebResponseExceptionTranslator. But I am unable to catch security

问题 My OAuth integration test before Spring Boot 1.4 looked as follows(updates just to not use deprecated features): @RunWith(SpringRunner.class) @SpringBootTest(classes = { ApplicationConfiguration.class }, webEnvironment = WebEnvironment.RANDOM_PORT) public class OAuth2IntegrationTest { @Value("${local.server.port}") private int port; private static final String CLIENT_NAME = "client"; private static final String CLIENT_PASSWORD = "123456"; @Test public void testOAuthAccessTokenIsReturned() {

问题 My OAuth integration test before Spring Boot 1.4 looked as follows(updates just to not use deprecated features): @RunWith(SpringRunner.class) @SpringBootTest(classes = { ApplicationConfiguration.class }, webEnvironment = WebEnvironment.RANDOM_PORT) public class OAuth2IntegrationTest { @Value("${local.server.port}") private int port; private static final String CLIENT_NAME = "client"; private static final String CLIENT_PASSWORD = "123456"; @Test public void testOAuthAccessTokenIsReturned() {

问题 We are using spring and spring-security-3.2. Recently We are adding annotations @PreAuthorize to RestAPIs(earlier it was URL based). @PreAuthorize("hasPermission('salesorder','ViewSalesOrder')") @RequestMapping(value = "/restapi/salesorders/", method = RequestMethod.GET) public ModelAndView getSalesOrders(){} We already have Global exception handler which annotated with - @ControllerAdvice and custom PermissionEvaluator in place, everything works fine except the error message. Lets say some

问题 I'm developing a android app using Ionic Framework based in a AngularJS web site I developed using Jhipster. As I already have server code running in my web application, I've choose Ionic to work as UI and call server when needed, but I'm having some issues in my development enviroment. As I run my application using Ionic serve, I need use CORS to make requests to server. My web application was developed using CSRF token with Spring Security I'm using Apache CORS filter configured this way:

问题 I am looking for help to display the Spring property value in a jsp file. I found one link which is having the same requirement of mine. Click Using spring:eval inside hasRole I am using Spring 2.5 This is my applicationContext-util.xml file: xmlns:util="http://www.springframework.org/schema/util" xmlns:context="http://www.springframework.org/schema/context" http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.5.xsd http://www.springframework.org

问题 I am able to display the SPRING_SECURITY_LAST_EXCEPTION.message ("Bad Credentials") when a user tries to log in with incorrect credentials or user is disabled for some reason. I want to display a custom message for the case where the user is disabled, not show "Bad Credentials" instead say "You have been disabled...blah,blah...". How do I do that? I am using UserDetailsService for providing username/password in spring security. 回答1: You need to set hideUserNotFoundExceptions property of