Questions tagged [spring-security]

1

votes
1

answer
1.2k

Views

spring-security-saml missing jar in repo

As per the instructions on http://projects.spring.io/spring-security-saml/, I have the following in my pom.xml: org.springframework.security.extensions spring-security-saml 1.0.0.RC2 spring-milestones Spring Milestones http://repo.spring.io/milestone false When I execute mvn clean install -U, I rece...
Paul Croarkin
1

votes
1

answer
834

Views

Thymeleaf + Spring Security Expression language

I'm trying to fetch the UserDetails object out of Spring Security from Thymeleaf. I have tried various SpEl things, like: ${#authentication.principal.blahblah} I'm trying to assign this to a Javascript variable as: var foo='${#authentication.principal.blahblah}'; I'm using Spring Boot 1.2.5 with the...
alessandro ferrucci
1

votes
2

answer
1.1k

Views

Grails 3 + Tomcat 8: Could not resolve view with name '/login/authAjax' in servlet with name 'grailsDispatcherServlet'

I'm using Grails 3.1.3 with Spring Security 3.0.3 (compile 'org.grails.plugins:spring-security-core:3.0.3'). My problem only happens when the app is deployed to a Tomcat 8 instance. It's perfectly fine when using run-app, but unfortunately our preferred method of deployment is a Tomcat. Here's the c...
Robert Lohr
0

votes
0

answer
14

Views

How to secure specific routes with token and filters?

Context I'm doing an app (REST API) and I try to add some security. Current code So I created two methods : public class Security { private final static String apiKey = 'secretkey'; // generate a token when data is created public static String generateToken(String dataid) { return Jwts.builder() .s...
N. Lamblin
1

votes
2

answer
166

Views

How to get current user inside Callable in Spring

I need to get the current user inside function executed by a Callable. The methode used to execute my callables: public static boolean run(List callables) { try { ExecutorService executor = Executors.newWorkStealingPool(); long startTime = System.currentTimeMillis(); executor.invokeAll(callables);...
M-BNCH
1

votes
2

answer
45

Views

Simple REST endpoints authentication

I am learning how secure my endpoints, but everything i searched for contains pretty complicated examples, that didn't really answerd my question, and for now, just for the sake of this example project, i was looking for something simple. My current solution is to make endpoints return like this: re...
koxmaxiums
1

votes
1

answer
56

Views

Spring SAML: SAML message intended destination endpoint did not match recipient endpoint

I am getting 'Caused by: org.opensaml.xml.security.SecurityException: SAML message intended destination endpoint did not match recipient endpoint' exception while SSO between my app SP and client IdP. Server log show the difference in schemas, see below: Checking SAML message intended destination...
I. Domshchikov
1

votes
2

answer
95

Views

OAuth2 for REST API with tightly coupled SPA as only client

I'm developing a REST API with a tightly coupled SPA as the only client of the mentioned REST API. Let's say the SPA is available at myservice.com and api is under myservice.com/api. They're basically one service, just split at code level, and deployed at different root paths. What I'm using for s...
Tuan Pham
0

votes
0

answer
3

Views

Spring Security Http configure filters

Hey ive been messing around with Spring Security for a bit and need some help and explenation around the void configure(HttpSecurity http) method from extends WebSecurityConfigurerAdapter. So ive been following a JWT token authentication tutorial and it works great so far. I have a: public class JWT...
Emperor
0

votes
0

answer
2

Views

Customization of TokenEndpoint in Sprin OAuth2

I would like to provide a custom implmentation of the TokenEndpoint class in Spring framework. Ive copied over the TokenEndpoint class of spring and have made my changes to the required places. But when the applications starts, I'm always getting the error Caused by: java.lang.IllegalStateException...
Athomas
1

votes
2

answer
370

Views

To verify a JWT token with RSA

I am trying to verify a jwt token and getting the exception: Exception in thread 'main' java.lang.IllegalArgumentException: Only private key data is currently supported Any pointers on how to verify a jwt token with public key? import org.springframework.security.jwt.JwtHelper; public boolean...
Minisha
1

votes
0

answer
13

Views

Spring security configuration with JWT AuthenticationCredentialsNotFoundException

I get the below error when I try to invoke protected ws using POSTMAN and passing the Authorization header with obtained token after login Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJBZGVsSVAiLCJpYXQiOjE1NTI2MDM4NTIsImV4cCI6MTU1MjY5MDI1Mn0.OfzkQlhubdLBa9cV7O231M1AB8ya9g5Q1zefhjhPvJIICz45SU...
Olfa
1

votes
1

answer
791

Views

Spring security issue with Http tag

My spring configuration file is as follows However I have encountered the following error cvc-complex-type.2.4.a: Invalid content was found starting with element 'http'. One of '{'http://www.springframework.org/schema/beans':import, 'http://www.springframework.org/schema/beans':alias, 'http:// www.s...
Smrita
1

votes
2

answer
1.4k

Views

Spring Security: How to get details from the principal?

Using spring boot and spring security, the details of user are available in principal object. But it has only few methods to retrieve details, like getName(). How do I get other details out of it? Currently my class looks like this @SpringBootApplication @RestController public class DemoOAuth2Applic...
Registered User
1

votes
1

answer
410

Views

How does CRSF LazyCsrfTokenRepository work?

Java 8 - spring 4.3.x While configuring spring security and enable csrf feature i came across two implementations of CsrfTokenRepository one is Lazy another is Cokkie based I know CookieCsrfTokenRepository works using writing a csrf token into cookie and accepts a cookie value in header to verify t...
d-man
1

votes
1

answer
144

Views

Spring LDAP Authentication's user account concepts

I am developing an authentication function of a Spring web application. The customer already have an existing Active Directory with their staff data. Any staff in the AD can use their exiting username and password to login into my web application, by which the web app should use the given username a...
asinkxcoswt
1

votes
1

answer
2.2k

Views

Spring boot upload form data and file

I am making a spring boot REST application. I am trying to make a multipart form upload controller which will handle a form data and a file upload together. This is my controller code at the moment : @RequestMapping(value = '', method = RequestMethod.POST, headers='Content-Type=multipart/form-data')...
Lazaruss
1

votes
1

answer
1.8k

Views

Spring OAuth2RestTemplate loses token when configured to use JWT

I have a series of microservice projects configured to use Spring Boot and Cloud OAuth2 SSO. It has the following components: Spring Boot 1.3.0 Spring Cloud Brixton.M3 auth server has Spring Boot 1.2.7 and Cloud Angel.SR4 Zuul Proxy (gateway) Auth server Resource Server UI Server Eureka Server The...
Tim Webster
1

votes
1

answer
589

Views

Spring Security sec:authorize throw exception

I want to add a field to my jsp which will be shown only to admin. For this purpose I use tag sec:authorize access='hasRole('Admin')'. But when I add it, application throws exception: http://pastebin.com/TcN0k0K0 I use spring 4.1.7.RELEASE, spring-security version 4.0.3.RELEASE. In pom.xml I've add...
Emanon
1

votes
1

answer
355

Views

Grails spring security oauth2 provider request for resource with correct bearer token redirects to login

As the title implies, I have a controller method protected by the oAuth2 plugin, but when I send a request to it including a correct Authorization: Bearer (using Postman), the response I get is the HTML for the login page. Method in question: @Secured(['ROLE_USER', '#oauth2.clientHasAnyRole('ROLE_...
OsaSoft
1

votes
1

answer
1.8k

Views

How to enable content security policy to selective http patterns in spring security

My spring security config looks like: Now, for the http pattern with security='none' above, I want to enable Content Security Policy (CSP) for that. As long as I keep it security='none', I don't think I can apply CSP to it. the header to enable CSP in spring security is like: Now, I want to apply t...
user1892775
1

votes
1

answer
182

Views

Bypass @Cacheable for (un)authenticated requests

Can Spring's caching framework be made aware of the authentication status of the request context, or is it easier to roll your own caching solution?
ejain
1

votes
3

answer
505

Views

Grails rest spring security plugin does not store generated token using GORM in database

I am using the GORM option to store the generated token in database for my Grails 3.x application using grails spring security rest plugin. The application generates the token but does not get stored in database. Do we need to override the tokenStorage method and have our own implementation to store...
Alice
1

votes
1

answer
1.4k

Views

Spring SAML Alias is used both for entity and SP

I am new to SAML, and am integrating it into a Spring web application. I started by following the Spring SAML quick-start guide found here: http://docs.spring.io/spring-security-saml/docs/1.0.0.RELEASE/reference/html/chapter-quick-start.html I got a this running fine. I then wanted to switch to targ...
rwblackburn
1

votes
2

answer
1.1k

Views

How do I send CSRF tokens from AngularJS front end to Spring REST service backend?

How do I set up CSRF protection between an AngularJS front end and a Spring Boot REST backend? Let's take the http.post('/send-pin', JSONobject)... call from the code below as an example. I am getting the following error in the server logs when I try to call a Spring Boot REST service at the /sen...
CodeMed
1

votes
1

answer
279

Views

Spring-Security : Ignoring alias of server-name and forcing relogin

I am working on a project in which I use Spring-Security for authentication and authorization. Everything seems to be working fine, just that Spring-security is ignoring Alias-name of the server. So, for example, if I login with domain-name.com and visit some secured resource, I have no problem. But...
We are Borg
1

votes
1

answer
498

Views

Spring Security Authentication not give 401 error

In a filter I have added below role in the spring security context. @Override public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException { GrantedAuthority authority = new SimpleGrantedAuthority(ANONYMOUS); List grantedAuthority = new Array...
Harshana
1

votes
1

answer
729

Views

Gradle cannot find plugin

I have the following in my build.gradle of my Grails 3 project. dependencies { ... compile 'org.grails.plugins:spring-security-core:3.0.3' // The following line was the true cause of my problem compile('org.grails.plugins:spring-security-oauth-google:0.3.1') ... } Now when I run Gradle I get this er...
homaxto
1

votes
1

answer
453

Views

How to call extra parameter from login form into CustomAuthenticationProvider

I seen other post about this but still doesnt find appropriate answer. My form submitted have three parameter instead of two. Here my CustomAuthenticationProvider: @Component public class CustomAuthenticationProvider implements AuthenticationProvider { private static final Logger logger = LoggerFact...
FreezY
1

votes
1

answer
22k

Views

ERROR 7405 — [ main] o.s.boot.SpringApplication : Application startup failed

I am using Gradle 2.9 and springBootVersion = '1.3.1.RELEASE' Build is successful but jar deployment is not successful. These are my logs: 2016-02-05 20:44:13.905 WARN 7405 --- [ main] ationConfigEmbeddedWebApplicationContext : Exception encountered during context initialization - canc...
Jai Prak
1

votes
2

answer
1.4k

Views

spring security, how to expire all sessions of a user

I have to solve the following scenario, in a Spring Security 3.2.5-RELEASE with Spring Core 4.1.2-RELEASE application running Java 1.7 on wildfly 8.1. user 'bob' logs in and Admin deletes 'bob' if 'bob' logs out, he can't log in. again but he`s current session remains active. i want to kick 'bob...
Ilan.K
1

votes
1

answer
352

Views

Grails & Spring Security - specialize User-Role based on additional property

I'm trying to configure my Grails 3 application with Spring Security 3 plugin to prevent users without specific permissions to access a set of specific features. I used the default setup, with User, Role and UserRole domain classes (the latter included below), with the intention of making extensive...
ilPittiz
1

votes
1

answer
142

Views

login date in spring security plugin for Grails

i'm using spring security plugin , i want to save the user's login date in the DB so i wrote the below in the config file : grails.plugin.springsecurity.useSecurityEventListener = true grails.plugin.springsecurity.onAuthenticationSuccessEvent= { e, appCtx -> com.app.utils.UserActivity.withTransacti...
Sherif
1

votes
1

answer
3k

Views

Spring security: Cannot call sendRedirect() after the response has been committed [duplicate]

This question already has an answer here: java.lang.IllegalStateException: Cannot (forward | sendRedirect | create session) after response has been committed 8 answers I'm using the following code for logout: public class LogoutHandler extends SimpleUrlLogoutSuccessHandler { @Override public void o...
youssef Liouene
1

votes
1

answer
330

Views

How to call bean with @Autowiring from app context in security context

After a research, I still dont found a solution for this problem. My aim is to validate user in Custom Authentication Provider using database but the @Autowiring always throw Null Pointer Exception. Here my code: Custom Authentication Provider: @Component public class CustomAuthenticationProvider im...
FreezY
1

votes
2

answer
64

Views

URL is not getting intercepted using Spring Security in Spring Integration

have developed one spring integration project in which i have implemented spring security.Configurations are fine.When i am hitting the to the given URL (e.g.localhost:8080/test/api) to fetch the response,the spring-security should intercept the request and should authenticate using spring security....
shaz
1

votes
1

answer
134

Views

Spring Security - ACL readAclsById not filtering by SIDs

I'm trying to use Spring Security's readAclsById method in JdbcMutableAclService to retrieve ACLs that are filtered by the SIDs. However, ACLs that are not applicable to the passed-in SIDs are returned. I'm creating the ACL entry using the username: public void add(Object domainObject, String userna...
Dyip302
1

votes
2

answer
1.8k

Views

Error 403 on image when using Spring Boot + Spring Security

I'm trying out Spring Boot for the first time and I'm stuck with an error 403 that I can't figure out how to get around I've created an admin page using thymeleaf: The Link Application Toggle Navigation ... The CSS loads perfectly and is located at src/main/resources/static/css, the image that's gi...
1

votes
2

answer
396

Views

Different spring configuration files roles

I am developing my Spring-based web application using Spring Framework + Spring Security + Hibernate for data access (ORM) + Maven as build manager. All data acces operations must be provided by Hibernate. My goal is to integrate Spring Security, Spring Framework and Hibernate for work together. I r...
IngeniousTom
1

votes
1

answer
1.2k

Views

How to use CAS SSO with JHipster

I genereted an application using JHipster and I would like to use my instance of jasig CAS as SSO with my application instead of default form login that comes with the app. Ultimately I would like to use custom CAS parameters to assign authorities. I followed this example. Now I have the app generat...
Sok Pomaranczowy

View additional questions