Questions tagged [spring-security]

Spring Security is the Spring Framework's application security solution. Spring Security can be used to secure URLs and method invocations. It is widely used to secure standalone web applications and REST APIs.

Spring Security is a powerful and highly customizable authentication and access-control framework. It also provides defense against several common web application attacks. It is the de-facto standard for securing spring-based applications.

Spring Security is one of the most mature and widely used Spring projects. It was founded in 2003 and has been actively maintained by the Spring Team since. Today it is used to secure numerous demanding environments including government agencies, military applications, and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.

Spring Security is also easy to learn, deploy and manage. Its dedicated security namespace provides directives for most common operations, allowing complete application security in just a few lines of Java or XML.

Spring Security is also integrated with many other Spring technologies, including Spring MVC, Spring WebFlux, and Spring Messaging.

Official Website: https://spring.io/projects/spring-security

Useful Links:

28335 questions

votes

12 answers

LoggerFactory is not a Logback LoggerContext but Logback is on the classpath

I think some module in spring-boot-starter-security is conflict with log4j, but I don't know which one. my gradle dependence is as…

java logging spring-security spring-boot dependency-management

asked Jun 11 '15 at 22:06

newbie

1,157
2
9
17

votes

17 answers

Spring Boot 2.0 disable default security

I want to use Spring Security for JWT authentication. But it comes with default authentication. I am trying to disable it, but the old approach of doing this - disabling it through application.properties - is deprecated in 2.0. This is what I…

spring-boot spring-security spring-webflux spring-security-rest

asked Nov 13 '17 at 21:16

Jan Wytze

3,307
5
31
51

votes

11 answers

Spring Boot project shows the Login page

I created a Spring boot project with the Spring initializer and only have the starter code so far. The sample code @SpringBootApplication public class EcommerceApplication { public static void main(String[] args) { …

spring spring-boot spring-security

asked Sep 17 '17 at 15:30

Arefe

11,321
18
114
168

votes

16 answers

How to disable spring-security login screen?

I'm using spring-boot-starter-security dependency, to make use of several classes that come with spring-security. But as I want to integrate it in an existing vaadin application, I only want to make use of the classes, and not of the default…

java spring spring-security vaadin spring-boot

asked May 13 '14 at 16:09

membersound

81,582
193
585
1,120

votes

1 answer

Multiple Authentication Providers in Spring Security

I have configured two authentication providers in my Spring Security config:

…

spring-security

asked Feb 15 '12 at 23:53

ankurvsoni

2,064
3
18
22

votes

6 answers

How to apply Spring Security filter only on secured endpoints?

I have the following Spring Security configuration: httpSecurity .csrf().disable() .exceptionHandling() .authenticationEntryPoint(unauthorizedHandler) .and() .sessionManagement() …

java spring security spring-mvc spring-security

asked Apr 22 '16 at 14:01

Bravo

1,944
4
29
53

votes

4 answers

How to make spring boot never issue session cookie?

I'm developing Restful API server by using spring boot. I configured my project to use basic authentication as below. @ComponentScan @EnableAutoConfiguration @EnableWebSecurity @Configuration public class WebSecurityConfig extends…

java spring spring-security

asked Oct 15 '14 at 16:00

jyshin

votes

4 answers

How to use new PasswordEncoder from Spring Security

As of Spring Security 3.1.4.RELEASE, the old org.springframework.security.authentication.encoding.PasswordEncoder has been deprecated in favour of org.springframework.security.crypto.password.PasswordEncoder. As my application has not been released…

java spring spring-security

asked Jul 03 '13 at 09:22

fracz

20,536
18
103
149

votes

4 answers

Adding additional details to principal object stored in spring security context

I am using Spring 3.0 and Spring Security 3. I am able to authenticate a user against a database using Spring Security. Using: SecurityContextHolder.getContext().getAuthentication().getPrincipal() I am able to retrieve username of the current…

java spring spring-security

asked Dec 03 '13 at 11:13

ManeetK

votes

1 answer

What is the replacement for the deprecated AuthorizationServer in Spring Security?

Spring Security 5.2.2 has incorporated Spring Security OAuth project, but not AuthorizationServer or ResourceServer. What are the replacements to AuthorizationServer in Spring Security 5.2.2? OAuth-2.0-Migration-Guide This document contains…

spring spring-boot spring-security spring-security-oauth2

asked Dec 10 '19 at 18:27

Chloe

25,162
40
190
357

votes

3 answers

Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security]

I am developing my first application in spring security. My applicationContext-security.xml file looks like this:

spring spring-security

asked Aug 25 '11 at 10:22

Amit

13,134
17
77
148

votes

14 answers

PreAuthorize not working on Controller

I'm trying to define access rules at method-level but it's not working what so ever. SecurityConfiguration @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfiguration extends…

spring spring-security spring-boot spring-java-config

asked Sep 07 '15 at 15:57

prettyvoid

3,446
6
36
60

votes

10 answers

An Authentication object was not found in the SecurityContext - Spring 3.2.2

I'm trying to invoke a protected method from a class that implements the ApplicationListener interface on successful login (Spring 3.2.2 and Spring Security 3.2.0 M1). This is my previous question. The application runs…

spring spring-mvc spring-security

asked Mar 19 '13 at 13:13

Tiny

27,221
105
339
599

votes

3 answers

Spring Security Custom Authentication and Password Encoding

Is there a tutorial out there or does anyone have pointers on how to do the following with Spring-Security? Task: I need to get the salt from my database for the authenticating username and use it to encrypt the provided password (from the login…

authentication passwords spring-security salt

asked Oct 05 '11 at 08:56

Pete

10,720
25
94
139

votes

13 answers

How to get the current logged in user object from spring security?

I am using Spring security version 3.1.4.RELEASE. How can I access the current logged in user object? SecurityContextHolder.getContext().getAuthentication().getPrincipal() returns user name, not user object. So how can I use the returned Username…

java spring spring-mvc spring-security

asked Aug 17 '15 at 13:46

Leejoy

1,356
5
23
36

Prev 1 2 3

…

99 100 Next