Questions tagged [spring-security]

Spring Security is the Spring Framework's application security solution. Spring Security can be used to secure URLs and method invocations. It is widely used to secure standalone web applications and REST APIs.

Spring Security is a powerful and highly customizable authentication and access-control framework. It also provides defense against several common web application attacks. It is the de-facto standard for securing spring-based applications.

Spring Security is one of the most mature and widely used Spring projects. It was founded in 2003 and has been actively maintained by the Spring Team since. Today it is used to secure numerous demanding environments including government agencies, military applications, and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.

Spring Security is also easy to learn, deploy and manage. Its dedicated security namespace provides directives for most common operations, allowing complete application security in just a few lines of Java or XML.

Spring Security is also integrated with many other Spring technologies, including Spring MVC, Spring WebFlux, and Spring Messaging.

Official Website: https://spring.io/projects/spring-security

Useful Links:

28335 questions

votes

7 answers

Disable Spring Security for OPTIONS Http Method

Is it possible to disable Spring Security for a type of HTTP Method? We have a Spring REST application with services that require Authorization token to be attached in the header of http request. I am writing a JS client for it and using JQuery to…

java spring spring-mvc spring-security cors

asked Feb 11 '14 at 08:23

Dhanush Gopinath

5,652
6
37
68

votes

8 answers

Spring Security permitAll not allowing anonymous access

I have a single method that I want to allow both anonymous and authenticated access to. I am using Spring Security 3.2.4 with Java based configuration. The overridden configure method (in my custom configuration class extending…

java spring spring-mvc spring-security

asked Jul 11 '14 at 11:31

Marceau

1,643
4
17
27

votes

6 answers

spring security: NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.config.annotation.ObjectPostProcessor] found

I'm trying to add spring-security to my rest app. I followed the tutorial (https://spring.io/guides/tutorials/spring-security-and-angular-js/) on spring website to do it but there it uses spring-boot component which I don't want to use, maybe…

java spring spring-security

asked Aug 18 '15 at 19:59

Andrey Saleba

2,167
4
20
27

votes

7 answers

How can I have list of all users logged in (via spring security) my web application

I'm using spring security in my web application, and now I want to have a list of all users who are logged in my program. How can I have access to that list? Aren't they already kept somewhere within spring framework? Like SecurityContextHolder or…

spring web-applications authentication spring-security

asked Jun 30 '12 at 04:39

Matin Kh

5,192
6
53
77

votes

8 answers

Can Spring Security use @PreAuthorize on Spring controllers methods?

java spring-mvc controller spring-security

asked Jun 21 '10 at 18:53

egervari

22,372
32
121
175

votes

11 answers

How to manually log out a user with spring security?

Probably the answer is simple: How can I manually logout the currently logged in user in spring security? Is it sufficient to call: SecurityContextHolder.getContext().getAuthentication().setAuthenticated(false); ?

spring spring-security logout

asked Apr 20 '11 at 08:13

Erik

11,944
18
87
126

votes

5 answers

JSON Web Token (JWT) with Spring based SockJS / STOMP Web Socket

Background I am in the process of setting up a RESTful web application using Spring Boot (1.3.0.BUILD-SNAPSHOT) that includes a STOMP/SockJS WebSocket, which I intend to consume from an iOS app as well as web browsers. I want to use JSON Web Tokens…

spring spring-security websocket jwt sockjs

asked Jun 17 '15 at 09:37

Steve Wilford

8,894
5
42
66

votes

3 answers

What is the use of @Order annotation in Spring?

I have come across a glance of code which uses @Order annotation. I want to know what is the use of this annotation with respect to Spring Security or Spring MVC. Here is an example: @Order(1) public class StatelessAuthenticationSecurityConfig…

spring spring-security annotations

asked May 19 '15 at 14:44

Qasim

9,058
8
36
50

votes

3 answers

What is the default AuthenticationManager in Spring-Security? How does it authenticate?

I have the following bean defined:

I guess here Spring uses some default…

spring spring-security

asked Mar 20 '12 at 13:09

rapt

11,810
35
103
145

votes

4 answers

What is the use of @EnableWebSecurity in Spring?

As per the Spring documantation: Add this annotation to an @Configuration class to have the Spring Security configuration defined in any WebSecurityConfigurer or more likely by extending the WebSecurityConfigurerAdapter base class and overriding…

java spring-boot spring-security annotations

asked Jun 21 '17 at 09:01

Mehraj Malik

14,872
15
58
85

votes

9 answers

How to test spring-security-oauth2 resource server security?

Following the release of Spring Security 4 and it's improved support for testing I've wanted to update my current Spring security oauth2 resource server tests. At present I have a helper class that sets up a OAuth2RestTemplate using…

java spring-security spring-security-oauth2

asked Apr 08 '15 at 09:24

Tim

19,793
8
70
95

votes

4 answers

Programmatically log-in a user using spring security

The opposite of: How to manually log out a user with spring security? In my app I have register new user screen, which posts to a controller which creates a new user within db (and does a few obvious checks).I then want this new user to be…

spring-mvc spring-security

asked Oct 26 '11 at 09:40

NimChimpsky

46,453
60
198
311

votes

9 answers

How to enable HTTP response caching in Spring Boot

I have implemented a REST server using Spring Boot 1.0.2. I'm having trouble preventing Spring from setting HTTP headers that disable HTTP caching. My controller is as following: @Controller public class MyRestController { @RequestMapping(value…

java spring spring-mvc spring-security spring-boot

asked Jun 11 '14 at 13:19

Samuli Pahaoja

2,660
3
24
32

votes

5 answers

Spring Security 5 Replacement for OAuth2RestTemplate

In spring-security-oauth2:2.4.0.RELEASE classes such as OAuth2RestTemplate, OAuth2ProtectedResourceDetails and ClientCredentialsAccessTokenProvider have all been marked as deprecated. From the javadoc on these classes it points to a spring security…

java spring-boot spring-security spring-security-oauth2

asked Nov 21 '19 at 19:20

Matt Williams

1,198
1
10
27

votes

6 answers

Spring + Web MVC: dispatcher-servlet.xml vs. applicationContext.xml (plus shared security)

What is the correct way to use the two contexts: dispatcher-servlet.xml and applicationContext.xml? What goes where? I want to write a fairly typical app deployed in a servlet container. It has some controllers with JSP views. It also has some…

spring spring-mvc spring-security

asked May 09 '13 at 09:39

Konrad Garus

53,145
43
157
230

Prev 1 2 3

…

99 100 Next