Questions tagged [spring-security]

Spring Security is the Spring Framework's application security solution. Spring Security can be used to secure URLs and method invocations. It is widely used to secure standalone web applications and REST APIs.

Spring Security is a powerful and highly customizable authentication and access-control framework. It also provides defense against several common web application attacks. It is the de-facto standard for securing spring-based applications.

Spring Security is one of the most mature and widely used Spring projects. It was founded in 2003 and has been actively maintained by the Spring Team since. Today it is used to secure numerous demanding environments including government agencies, military applications, and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.

Spring Security is also easy to learn, deploy and manage. Its dedicated security namespace provides directives for most common operations, allowing complete application security in just a few lines of Java or XML.

Spring Security is also integrated with many other Spring technologies, including Spring MVC, Spring WebFlux, and Spring Messaging.

Official Website: https://spring.io/projects/spring-security

Useful Links:

28335 questions

votes

18 answers

Spring Boot: How to specify the PasswordEncoder?

Currently I got the main class: package com.recweb.springboot; import org.springframework.boot.SpringApplication; import…

asked Oct 29 '17 at 12:02

Aa Yy

1,702
5
19
34

votes

10 answers

Serving static web resources in Spring Boot & Spring Security application

I am trying to develop Spring Boot web application and securing it using Spring security java configuration. After placing my static web resources in 'src/main/resources/public' as advised here in Spring blog, I am able to get the static resources.…

spring-mvc spring-security spring-boot

asked Jul 23 '14 at 17:17

Kumar Sambhav

7,503
15
63
86

votes

11 answers

Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'

After configuring Spring Security 3.2, _csrf.token is not bound to a request or a session object. This is the spring security config:

…

spring spring-security csrf csrf-protection

asked Jan 15 '14 at 02:27

Hugo Robayo

1,110
1
7
7

votes

8 answers

Spring Security: Upgrading the deprecated WebSecurityConfigurerAdapter in Spring Boot 2.7.0

I am trying to update the WebSecurityConfigurerAdapter as it has been deprecated. The class is configured as follows: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends…

spring-boot spring-security

asked May 25 '22 at 16:14

Ramon J.

1,137
1
9
7

votes

5 answers

How to secure REST API with Spring Boot and Spring Security?

I know that securing REST API is widely commented topic but I'm not able to create a small prototype that meets my criteria (and I need to confirm that these criteria are realistic). There are so many options how to secure resources and how work…

java spring rest spring-security

asked Sep 13 '15 at 09:49

jnemecz

3,171
8
41
77

votes

8 answers

How do I get the Session Object in Spring?

I am relatively new to Spring and Spring security. I was attempting to write a program where I needed to authenticate a user at the server end using Spring security, I came up with the following: public class CustomAuthenticationProvider extends…

spring spring-mvc spring-security

asked Oct 27 '09 at 07:26

Salvin Francis

4,117
5
35
43

votes

3 answers

How To Inject AuthenticationManager using Java Configuration in a Custom Filter

I'm using Spring Security 3.2 and Spring 4.0.1 I'm working on converting an xml config into a Java config. When I annotate AuthenticationManager with @Autowired in my Filter, I'm getting an exception Caused by:…

java spring spring-security spring-java-config

asked Feb 07 '14 at 16:58

rince

1,988
1
20
24

votes

2 answers

When to use Spring Security`s antMatcher()?

When do we use antMatcher() vs antMatchers()? For example: http .antMatcher("/high_level_url_A/**") .authorizeRequests() .antMatchers("/high_level_url_A/sub_level_1").hasRole('USER') …

spring-mvc spring-security spring-security4

asked Mar 09 '16 at 11:37

sura2k

7,365
13
61
80

votes

8 answers

Unsupported Media Type in postman

I am implementing spring security with oauth2 and jwt. the below is my login function function doLogin(loginData) { $.ajax({ url : back+"/auth/secret", type : "POST", data : JSON.stringify(loginData), …

spring spring-security jwt spring-security-oauth2

asked Mar 08 '17 at 11:42

user7477092

votes

4 answers

Spring Security Configuration - HttpSecurity vs WebSecurity

I just need to understand something in Spring Security Configuration. Using the example below... @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws…

java spring-boot spring-security

asked May 31 '19 at 04:57

Kihats

3,326
5
31
46

votes

6 answers

JAAS for human beings

I am having a hard time understanding JAAS. It all seems more complicated than it should be (especially the Sun tutorials). I need a simple tutorial or example on how to implement security (authentication + authorization) in java application based…

java security spring spring-security jaas

asked Mar 09 '09 at 23:27

Dan

11,077
20
84
119

votes

14 answers

disabling spring security in spring boot app

I have a spring boot web app with spring security configured. I want to disable authentication for a while (until needed). I add this to the application.properties: security.basic.enable: false management.security.enabled: false Here is some…

java spring spring-security spring-boot spring-java-config

asked Mar 29 '16 at 09:20

jayjaypg22

1,641
5
22
41

votes

7 answers

Spring Security with roles and permissions

I'm trying to set up role-based Security with permissions. I'm trying to do this together with Spring-Security. I don't want to set up ACL as it seems it's an overkill for my requirements. I just want to have simple permissions and roles as…

java spring-security

asked Jun 15 '11 at 12:20

flash

6,730
7
46
70

votes

3 answers

What's the "principal" in Spring Security?

I'm really new to Spring and Spring Security. I was reading about Spring Security and it came out the concept of principal, which should be the current logged user. But what if we have more than one current logged user? So, my question is, what…

java spring spring-security

asked May 28 '16 at 12:59

nbro

15,395
32
113
196

votes

3 answers

spring security AuthenticationManager vs AuthenticationProvider?

Can someone tell me the difference between an AuthenticationManager and an AuthenticationProvider in Spring Security? How are they used and how are they called. It is my understanding that a SecurityFilter will call the AuthenticationManager to…

spring authentication spring-security

asked Feb 24 '10 at 03:01

jr.

4,503
7
44
62

Prev 1 2

…

99 100 Next