spring-security

问题 I'm using Spring Boot with Thymeleaf and Spring Security. I've got a simple view with a login link. When the user logs in, I'd like to change login link to logout link. I tried: <div sec:authorize="#{isAuthenticated()}"> <a th:href="@{/logout}">Log out</a> </div> <div sec:authorize="#{isAnonymous()}"> <a th:href="@{/login}">Log in</a> </div> but it's not working - it displays both links. Best regards. EDIT: I solved it. I had to register Thymeleaf dialect. In order to do this, I created a new

问题 I'm using Spring Boot with Thymeleaf and Spring Security. I've got a simple view with a login link. When the user logs in, I'd like to change login link to logout link. I tried: <div sec:authorize="#{isAuthenticated()}"> <a th:href="@{/logout}">Log out</a> </div> <div sec:authorize="#{isAnonymous()}"> <a th:href="@{/login}">Log in</a> </div> but it's not working - it displays both links. Best regards. EDIT: I solved it. I had to register Thymeleaf dialect. In order to do this, I created a new

问题 I'm using Spring Boot with Thymeleaf and Spring Security. I've got a simple view with a login link. When the user logs in, I'd like to change login link to logout link. I tried: <div sec:authorize="#{isAuthenticated()}"> <a th:href="@{/logout}">Log out</a> </div> <div sec:authorize="#{isAnonymous()}"> <a th:href="@{/login}">Log in</a> </div> but it's not working - it displays both links. Best regards. EDIT: I solved it. I had to register Thymeleaf dialect. In order to do this, I created a new

问题 We recently upgraded from Spring Boot 1.4.1 to 1.5.2. One of the features of 1.5.2 is that if Spring Security is part of the package then it is protected by basic auth. I am unable to access the /h2-console even after basic auth. It throws 403 forbidden. application.yml : spring: datasource: driver-class-name: org.h2.Driver url: jdbc:h2:file:../app-db/app_db;AUTO_SERVER=TRUE username: sa password: sa initialize: false jpa: hibernate: ddl-auto: validate show-sql: true database-platform: org

问题 In a REST API developed with Sping Boot and OAuth2 is it possible to limit user access according to client defined in the Authorization Server settings? For example, in the Authorization Server I have the following client configuration: clients.inMemory() .withClient(uaaProperties.getWebClientConfiguration().getClientId()) .secret(passwordEncoder.encode(uaaProperties.getWebClientConfiguration().getSecret())) .scopes("openid") .authorities("ROLE_TESTE") .autoApprove(true) .authorizedGrantTypes

问题 After a recent upgrade of a Spring Boot application that relies on CAS for authentication, the project no longer compiles due to the fact that the setCasServerUrlPrefix method can't be found on SingleSignOutFilter : java: cannot find symbol symbol: method setCasServerUrlPrefix(java.lang.String) location: variable singleSignOutFilter of type org.jasig.cas.client.session.SingleSignOutFilter The involved code is: @Bean public SingleSignOutFilter singleSignOutFilter() { SingleSignOutFilter

问题 I'm doing application with spring security and Spring MVC in back end and Angular in front end. My problem is that I do the logged in correctly, but the problem in logged out I implemented correctly in my localhost: http://localhost:8080 worked without problem. When I change it to https:// I get this error: Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ''. This request has been blocked; the content must be served over HTTPS. I want to

问题 This question already has answers here : Spring Boot 2.0.0 + OAuth2 (4 answers) Closed 2 years ago . I implemented oauth2 with spring security and I am getting an error. Code is given below. I have saved user with encoded password using BcryptEncoder. And Bcrypt is also used in web security configuration to authorize user. I don't know why i am getting this error. ServerSecurityConfiguration.java @Configuration @EnableWebSecurity public class WebSecurityConfig extends

问题 This question already has answers here : Spring Boot 2.0.0 + OAuth2 (4 answers) Closed 2 years ago . I implemented oauth2 with spring security and I am getting an error. Code is given below. I have saved user with encoded password using BcryptEncoder. And Bcrypt is also used in web security configuration to authorize user. I don't know why i am getting this error. ServerSecurityConfiguration.java @Configuration @EnableWebSecurity public class WebSecurityConfig extends

问题 How can I get _csrf object (?!) in spring controller? I've configured Spring Security and can get ${_csrf} request attribute in jsp files. I've tried: CsrfToken _csrf = (CsrfToken) session.getAttribute("CsrfToken"); CsrfToken _csrf = (CsrfToken) session.getAttribute("_csrf"); the result is null; Thanks in advance! 回答1: In debug I saw a session attribute with a key "org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository.CSRF_TOKEN". I viewed the HttpSessionCsrfTokenRepository