Questions tagged [spring-security]

Spring Security is the Spring Framework's application security solution. Spring Security can be used to secure URLs and method invocations. It is widely used to secure standalone web applications and REST APIs.

Spring Security is a powerful and highly customizable authentication and access-control framework. It also provides defense against several common web application attacks. It is the de-facto standard for securing spring-based applications.

Spring Security is one of the most mature and widely used Spring projects. It was founded in 2003 and has been actively maintained by the Spring Team since. Today it is used to secure numerous demanding environments including government agencies, military applications, and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.

Spring Security is also easy to learn, deploy and manage. Its dedicated security namespace provides directives for most common operations, allowing complete application security in just a few lines of Java or XML.

Spring Security is also integrated with many other Spring technologies, including Spring MVC, Spring WebFlux, and Spring Messaging.

Official Website: https://spring.io/projects/spring-security

Useful Links:

28335 questions

votes

3 answers

Spring Security 3 database authentication with Hibernate

I need to authenticate users from database, Spring Security documents don't tell how to authenticate with hibernate. Is that possible and how can I do that?

asked Apr 21 '10 at 13:32

newbie

24,286
80
201
301

votes

3 answers

What is the reason to disable csrf in spring boot web application?

There are many tutorials where is shown how to disable csrf, csrf().disable() (and other possibilities like .properties, .yml, etc.) but nowhere explained why they do this? So my questions are: What is the real-life reason to disable it? Is it…

java spring spring-boot spring-security csrf

asked Sep 17 '18 at 08:19

arminvanbuuren

votes

5 answers

Configuring Spring Security 3.x to have multiple entry points

I have been using Spring Security 3.x for handling user authentication for my projects, and so far, it has worked flawlessly. I recently received the requirements for a new project. In this project, it requires 2 sets of user authentication: one to…

java spring authentication spring-security forms-authentication

asked Jan 24 '11 at 14:23

limc

39,366
20
100
145

votes

6 answers

Get UserDetails object from Security Context in Spring MVC controller

I'm using Spring Security 3 and Spring MVC 3.05. I would like to print username of currently logged in user,how can I fetch UserDetails in my Controller? @RequestMapping(value="/index.html", method=RequestMethod.GET) public ModelAndView…

java spring spring-mvc spring-security

asked May 28 '11 at 13:41

danny.lesnik

18,479
29
135
200

votes

3 answers

Difference between antMatcher and mvcMatcher

What is difference of HttpSecurity's antMatcher() and mvcMatcher() functions? Could anyone explain when to use them ?

spring spring-security

asked May 25 '18 at 20:16

Javad Kargar

1,275
1
12
27

votes

3 answers

Spring Security Custom Authentication - AuthenticationProvider vs UserDetailsService

As far as I can understand when you want custom authentication in Spring Security you can either implement a custom AuthenticationProvider or custom UserDetailsService. @Autowired public void configureGlobal(AuthenticationManagerBuilder auth)…

java spring spring-mvc spring-security

asked Jul 25 '15 at 20:29

Evgeni Dimitrov

21,976
33
120
145

votes

3 answers

How to do rest authentication with Spring Social?

I have implemented Spring Social + Spring Security as outlined in the Spring security examples (and with spring security java config). I reported couple of problems at the time (see https://jira.springsource.org/browse/SEC-2204) all of those are…

spring spring-security spring-social spring-security-oauth2

asked Nov 17 '13 at 17:04

aug70co

3,965
5
30
44

votes

6 answers

How to reload authorities on user update with Spring Security

I'm doing an application with authentication by OpenID using Spring Security. When user is logged-in, some authorities are loaded in his session. I have User with full right which can modify authorities (revoke, add roles) of others users. My…

java spring spring-security

asked Mar 28 '12 at 14:59

Aure77

3,034
7
33
53

votes

10 answers

Spring Security redirect to previous page after successful login

I know this question has been asked before, however I'm facing a particular issue here. I use spring security 3.1.3. I have 3 possible login cases in my web application: Login via the login page : OK. Login via a restricted page : OK too. Login via…

spring redirect authentication spring-security

asked Jan 29 '13 at 00:19

Christos Loupassakis

1,216
3
16
23

votes

1 answer

Spring security's SecurityContextHolder: session or request bound?

Is the Userprincipal I retrieve from SecurityContextHolder bound to requests or to sessions? UserPrincipal principal = (UserPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); This is the way I access the currently…

java spring jakarta-ee spring-security

asked Jun 20 '11 at 07:24

chzbrgla

5,158
7
39
56

votes

17 answers

Spring security CORS Filter

We added Spring Security to our existing project. From this moment on we get a 401 No 'Access-Control-Allow-Origin' header is present on the requested resource error from the our server. That's because no Access-Control-Allow-Origin header is…

java spring spring-security spring-boot cors

asked Nov 04 '16 at 08:46

Mace

1,049
1
12
14

votes

1 answer

Multiple antMatchers in Spring security

I work on content management system, that has five antMatchers like the following: http.authorizeRequests() .antMatchers("/", "/*.html").permitAll() .antMatchers("/user/**").hasRole("USER") …

spring spring-mvc spring-security

asked Jun 13 '15 at 13:42

Bashar Abutarieh

votes

7 answers

Spring Security exclude url patterns in security annotation configurartion

I have spring web application with Spring security configured using java config approach. I want to exclude some URL patterns from authentication(eg: static resources etc..). I have done this earlier with spring security xml config but couldn't…

spring spring-mvc spring-security basic-authentication

asked Mar 31 '14 at 16:35

Rajkumar Palani

2,211
2
19
25

votes

1 answer

@EnableGlobalMethodSecurity vs @EnableWebSecurity

I am developing a REST API using Spring 4. I would like to secure some of the endpoints using Spring Security, but based on what I've read this can be done with either @EnableGlobalMethodSecurity or @EnableWebSecurity. Unfortunately, the…

spring rest spring-security spring-boot

asked Apr 18 '15 at 18:20

Christopher

votes

9 answers

Spring Security and @Async (Authenticated Users mixed up)

I asynchronously invoke a method with Spring, using @Async. This method invokes another method annotated with @PreAuthorize, the Spring Security Annotation. To make the authorization work I have to set SecurityContextHolder mode to…

spring asynchronous spring-security

asked Mar 09 '11 at 13:24

Lukasz Moren

1,625
2
15
16

Prev 1 2 3

…

99 100 Next