Questions tagged [spring-security]

Spring Security is the Spring Framework's application security solution. Spring Security can be used to secure URLs and method invocations. It is widely used to secure standalone web applications and REST APIs.

Spring Security is a powerful and highly customizable authentication and access-control framework. It also provides defense against several common web application attacks. It is the de-facto standard for securing spring-based applications.

Spring Security is one of the most mature and widely used Spring projects. It was founded in 2003 and has been actively maintained by the Spring Team since. Today it is used to secure numerous demanding environments including government agencies, military applications, and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.

Spring Security is also easy to learn, deploy and manage. Its dedicated security namespace provides directives for most common operations, allowing complete application security in just a few lines of Java or XML.

Spring Security is also integrated with many other Spring technologies, including Spring MVC, Spring WebFlux, and Spring Messaging.

Official Website: https://spring.io/projects/spring-security

Useful Links:

28335 questions

votes

2 answers

Spring Security: What is the right way to call method secured with @PreAuthorize in background task?

I have a method secured with @PreAuthorize @PreAuthorize("hasRole('ROLE_ADMIN') and (#action.userId != principal.id)") public void execute(EditAction action) Now I need to call this method from a background task. If I simply run this code - I catch…

spring spring-security

asked Apr 26 '12 at 10:35

Popandopolos

votes

1 answer

Spring Security: Authentication user manually

I trying authenticate user in Spring Security application via oAuth. I'm already received token and user's data. How can I authenticate user manually without password and classic login form? Thank you.

authentication spring-mvc oauth spring-security

asked Mar 30 '12 at 11:07

Taras Sheremeta

votes

2 answers

Handling both form and HTTP basic authentication with different sources

I already have form login and Basic auth working side by side with the help of a DelegatingAuthenticationEntryPoint. What I'm trying to do is have users coming thru the login form to be authenticated against criteria "A", and have users coming thru…

spring-security

asked Feb 15 '12 at 22:56

The Awnry Bear

4,599
3
29
33

votes

3 answers

how to redirect the access denied page in spring security?

I want to know how to redirect the access denied page in spring security? Shall I use some kind of handler or edit in web.xml? thanks

java spring redirect spring-security access-denied

asked Jan 16 '12 at 02:16

sudo

1,525
7
34
59

votes

2 answers

Code-based Spring Security Configuration

I am trying to use Spring Security framework with a code-based configuration and I am following this tutorial. I have the following code in my initializer for the filter: FilterRegistration.Dynamic springSecurity =…

spring-security spring-java-config

asked Jan 13 '12 at 10:35

Enrique Fernández-Polo

votes

2 answers

Adding user to session, spring security default login

I have set up spring security to intercept correctly and prompt user with custom login page, that then authenticates correctly and adds userdetails to SecurityContextHolder. Supplementary to that I now want to add my own custom User object added to…

java spring spring-mvc spring-security

asked Oct 18 '11 at 10:52

NimChimpsky

46,453
60
198
311

votes

1 answer

More than one UserDetailsService registered. Please use a specific Id reference in or elements

I am attempting to enable remember me functionality using spring security

…

java spring spring-security

asked Oct 17 '11 at 10:52

NimChimpsky

46,453
60
198
311

votes

1 answer

Restore original POST request after CAS authentication?

I have json-rpc service accepting http POST-req only and would like it to use CAS SSO auth. The current request flow looks roughly like this: POST host/service/ -> 302 redirect GET host/cas/login?service=https%3A%2F%2Fhost%2Fservice%2F -> 302…

java redirect spring-security single-sign-on cas

asked Oct 04 '11 at 08:32

xeye

1,250
10
15

votes

1 answer

can I use Spring Social with Spring Security?

I want to integrate the Spring Social (to provide twitter, facebook, linkedLogin) with my application in which I have already used Spring Security to provide open ID authentication.... Spring Security's open ID support is working awesome and I have…

java spring jakarta-ee spring-security

asked Oct 04 '11 at 06:22

Amit

13,134
17
77
148

votes

2 answers

Migrate Spring Security configuration to Spring Cloud 2022.0.4

I want to migrate this Spring security configuration to latest Spring Cloud: import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties; import…

java spring-boot spring-security spring-oauth2

asked May 23 '23 at 13:17

Peter Penzov

1,126
134
430
808

votes

0 answers

JwtIssuerReactiveAuthenticationManagerResolver does not work while jwk-set-uri does

So I need to support multi-tenancy and have read about it here. I have followed the steps and added: the authentication manager (fake uri): JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new…

spring spring-boot spring-security

asked Mar 21 '23 at 15:53

user2820906

votes

1 answer

Spring Boot 3.0.2 adds "continue" query parameter to request URL after login

I just upgraded my project from Spring boot 2.7.7 to 3.0.2 and I'm seeing some weird behavior. When I login to my application Spring adds "continue" query parameter to URL. It wasn't like this in 2.7.7. Is there something which I'm missing? I use…

spring spring-boot spring-security

asked Jan 24 '23 at 14:27

Karol Majewski

votes

3 answers

How to fix error of WebSecurityConfigurerAdapter when upgrade to Spring Boot 3.0.0?

I have code work ok with Spring 2.x . Source code of Spring 2.x File CustomFilter.java package com.example.security; import jakarta.servlet.FilterChain; import jakarta.servlet.ServletException; import jakarta.servlet.ServletRequest; import…

java spring spring-boot spring-security

asked Dec 03 '22 at 12:07

Vy Do

46,709
59
215
313

votes

1 answer

what's the proper way to add Spring Security filter only for specific URL?

I am trying to add custom Filter to only specific URL, however the filter get applied to every request, regardless of URL and method, does anybody know the proper way to fix this using latest from Spring Security, i.e. not using…

filter spring-security

asked Sep 27 '22 at 10:12

gai-jin

votes

2 answers

Grails/Spring Security: Unable to login with a newly created user

I have just started using grails and installed the spring-security and spring-security-ui plugins. I am following the tutorial given here. The application starts with one bootstrapped user me with ROLE_ADMIN permission. With the UI override scripts…

grails spring-security

asked Aug 20 '11 at 04:08

Sagar V

1,916
15
23

Prev 1 2 3

…

100