spring-security-rest

问题 In my usecase I don't have a User DB table to authenticate the user password. I am using HMAC signature which client sends in API request. On server side I calculate the same HMAC signature and just need to match them for successful authentication. So I was thinking on using DaoAuthenticationProvider which Spring Security provides, without writing own custom provider class. Following are all the files I have. My Spring boot application does not build when I @Autowired private

来源： https://stackoverflow.com/questions/62799664/spring-webmvctest-how-to-mock-authentication

来源： https://stackoverflow.com/questions/62799664/spring-webmvctest-how-to-mock-authentication

问题 I have a spring client with spring rest api's which are protected with keycloak. I am trying to call it using keycloakresttemplate from another client which is a pure java code with no security. I am getting the keycloak access token from java client and setting it in the header of rest url. It is not able to initialize the keycloakresttemplate. Any view why I am facing this issue. //Below is the code to hit the spring url using keycloakresttemplate.I have added Dependency of keycloack

问题 I have a spring client with spring rest api's which are protected with keycloak. I am trying to call it using keycloakresttemplate from another client which is a pure java code with no security. I am getting the keycloak access token from java client and setting it in the header of rest url. It is not able to initialize the keycloakresttemplate. Any view why I am facing this issue. //Below is the code to hit the spring url using keycloakresttemplate.I have added Dependency of keycloack

问题 I want to use Spring Security for JWT authentication. But it comes with default authentication. I am trying to disable it, but the old approach of doing this - disabling it through application.properties - is deprecated in 2.0. This is what I tried: @Configuration public class StackWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic().disable(); // http.authorizeRequests().anyRequest()

问题 I want to configure Spring Security to use database for Rest api requests. I tried this: @Configuration @EnableWebSecurity @Import(value= {Application.class, ContextDatasource.class}) @ComponentScan(basePackages= {"org.rest.api.server.*"}) public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private RestAuthEntryPoint authenticationEntryPoint; @Autowired MyUserDetailsService myUserDetailsService; @Autowired public void configureGlobal

问题 We are using Grails Spring Security Rest plugin 1.5.2 with Grails 2.5.2. Unfortunately it doesn't seem to report any reason of why a login failure occurred. The only thing we get from the login request is HTTP 401 . We have a mechanism where after a number of login failures we set the accountLocked property of the User , so the account becomes disabled/locked. We would like to get at least a JSON response of why the login failed, like "User account is locked", "Bad credentials", "No such user

问题 Preamble I'm designing an API gateway for a Grails microservice federation. This issue seems related to a bunch of issues already filed in this repository but nothing provides a solution. Versions and Configurations Grails: 3.2.2 Tomcat: 8.5 Plugin versions: compile 'org.grails.plugins:spring-security-core:3.1.2' compile "org.grails.plugins:spring-security-rest:2.0.0.M2" I'm using spring security rest plugin for only token authentication. I'm doing the authorization part myself by returning

问题 I am securing my REST API using Basic-Auth. I have learned that for a stateless API, the backend should send a cookie (with both the httpOnly and the secure flag) for basic authentication, which then will be added to each request. Here are my questions: What should be the name of that cookie? How to set the cookie? How will the Spring security layer identify and extract the Base64 encoded credentials from that cookie? Currently, this is my security config: @Override protected void configure