Questions tagged [spring-security]

Spring Security is the Spring Framework's application security solution. Spring Security can be used to secure URLs and method invocations. It is widely used to secure standalone web applications and REST APIs.

Spring Security is a powerful and highly customizable authentication and access-control framework. It also provides defense against several common web application attacks. It is the de-facto standard for securing spring-based applications.

Spring Security is one of the most mature and widely used Spring projects. It was founded in 2003 and has been actively maintained by the Spring Team since. Today it is used to secure numerous demanding environments including government agencies, military applications, and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.

Spring Security is also easy to learn, deploy and manage. Its dedicated security namespace provides directives for most common operations, allowing complete application security in just a few lines of Java or XML.

Spring Security is also integrated with many other Spring technologies, including Spring MVC, Spring WebFlux, and Spring Messaging.

Official Website: https://spring.io/projects/spring-security

Useful Links:

28335 questions

132

votes

20 answers

How to check "hasRole" in Java Code with Spring Security?

How to check user authority or permission in Java Code ? For example - I want to show or hide button for user depending on role. There are annotations like: @PreAuthorize("hasRole('ROLE_USER')") How to make it in Java code? Something like :…

java spring-security user-roles

asked Jun 11 '10 at 08:12

Piotr Gwiazda

12,080
13
60
91

131

votes

24 answers

How to configure CORS in a Spring Boot + Spring Security application?

I use Spring Boot with Spring Security and Cors Support. If I execute following code url = 'http://localhost:5000/api/token' xmlhttp = new XMLHttpRequest xmlhttp.onreadystatechange = -> if xmlhttp.readyState is 4 console.log…

javascript spring spring-security spring-boot cors

asked May 01 '16 at 16:23

Rudolf Schmidt

2,345
5
21
28

127

votes

27 answers

Spring boot Security Disable security

When I use security.basic.enabled=false to disable security on a Spring Boot project that has the following dependencies: org.springframework.boot spring-boot-starter-web …

spring-security spring-boot

asked May 27 '14 at 16:03

user3600073

1,773
3
18
21

125

votes

7 answers

What's the point of Spring MVC's DelegatingFilterProxy?

I see this in my Spring MVC app's web.xml:

springSecurityFilterChain

org.springframework.web.filter.DelegatingFilterProxy

I'm trying to figure out why it's there and…

java spring spring-mvc spring-security

asked Jul 17 '11 at 16:34

Thomas

1,251
2
9
3

125

votes

6 answers

How to manually set an authenticated user in Spring Security / SpringMVC

After a new user submits a 'New account' form, I want to manually log that user in so they don't have to login on the subsequent page. The normal form login page going through the spring security interceptor works just fine. In the new-account-form…

java authentication spring-mvc spring-security

asked Jan 12 '11 at 02:44

David Parks

30,789
47
185
328

123

votes

26 answers

Remove "Using default security password" on Spring Boot

I added one custom Security Config in my application on Spring Boot, but the message about "Using default security password" is still there in LOG file. Is there any to remove it? I do not need this default password. It seems Spring Boot is not…

java spring spring-boot spring-security

asked Jun 10 '15 at 15:48

Carlos Alberto

7,761
13
52
72

120

votes

8 answers

Spring 5.0.3 RequestRejectedException: The request was rejected because the URL was not normalized

Not sure if this is a bug with Spring 5.0.3 or a new feature to fix things on my end. After the upgrade, I am getting this error. Interestingly this error is only on my local machine. Same code on test environment with HTTPS protocol works fine.…

spring-mvc spring-security

asked Jan 26 '18 at 00:12

java_dude

4,038
9
36
61

117

votes

7 answers

How to disable spring security for particular url

I am using stateless spring security,but in case of signup i want to disable spring security.I disabled using antMatchers("/api/v1/signup").permitAll(). but it is not working,i am getting error below: message=An Authentication object was not…

java spring spring-mvc spring-security

asked May 21 '15 at 06:45

Prabjot Singh

4,491
8
31
51

115

votes

8 answers

How to disable 'X-Frame-Options' response header in Spring Security?

I have CKeditor on my JSP and whenever I upload something, the following error pops out: Refused to display 'http://localhost:8080/xxx/xxx/upload-image?CKEditor=text&CKEditorFuncNum=1&langCode=ru' in a frame because it set 'X-Frame-Options' to…

java spring spring-security spring-boot x-frame-options

asked Feb 21 '15 at 14:54

Bravo

1,944
4
29
53

114

votes

12 answers

Spring Security 5 : There is no PasswordEncoder mapped for the id "null"

I am migrating from Spring Boot 1.4.9 to Spring Boot 2.0 and also to Spring Security 5 and I am trying to do authenticate via OAuth 2. But I am getting this error: java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id…

java spring spring-boot spring-security spring-security-oauth2

asked Apr 04 '18 at 14:51

Jimmy

1,719
3
21
33

109

votes

8 answers

How can I use Spring Security without sessions?

I am building a web application with Spring Security that will live on Amazon EC2 and use Amazon's Elastic Load Balancers. Unfortunately, ELB does not support sticky sessions, so I need to ensure my application works properly without sessions. So…

spring spring-security load-balancing amazon-ec2

asked Mar 24 '10 at 00:21

Jarrod Carlson

1,967
4
16
20

109

votes

2 answers

HttpSecurity, WebSecurity and AuthenticationManagerBuilder

Could anyone explain when to override configure(HttpSecurity), configure(WebSecurity) and configure(AuthenticationManagerBuilder)?

java spring spring-boot spring-mvc spring-security

asked Apr 10 '14 at 20:49

user3488241

1,101
2
8
4

100

votes

5 answers

Securing Spring Boot API with API key and secret

I would like to secure the Spring Boot API so it is accessible only for the clients that has valid API key and secret. However, there is no authentication (standard login with username and password) inside the program as all data is anonymous. All…

java spring api spring-boot spring-security

asked Jan 25 '18 at 15:42

Vitalii Oleksiv

1,155
2
9
11

100

votes

9 answers

Spring Security configuration: HTTP 403 error

I'm trying to secure my website using Spring Security following the guides on the web. So on my server side I have the following classes. My WebSecurityConfigurerAdapter: @Configuration @EnableWebSecurity public class WebSecurityConfig extends…

spring spring-mvc spring-security

asked Oct 19 '13 at 16:18

ken

1,167
3
10
9

votes

3 answers

How to create custom methods for use in spring security expression language annotations

I would like to create a class that adds custom methods for use in spring security expression language for method-based authorization via annotations. For example, I would like to create a custom method like 'customMethodReturningBoolean' to be used…

java spring spring-security

asked Jul 09 '11 at 05:33

Paul D. Eden

19,939
18
59
63

Prev 1

…

99 100 Next