Questions tagged [spring-security]

Spring Security is the Spring Framework's application security solution. Spring Security can be used to secure URLs and method invocations. It is widely used to secure standalone web applications and REST APIs.

Spring Security is a powerful and highly customizable authentication and access-control framework. It also provides defense against several common web application attacks. It is the de-facto standard for securing spring-based applications.

Spring Security is one of the most mature and widely used Spring projects. It was founded in 2003 and has been actively maintained by the Spring Team since. Today it is used to secure numerous demanding environments including government agencies, military applications, and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.

Spring Security is also easy to learn, deploy and manage. Its dedicated security namespace provides directives for most common operations, allowing complete application security in just a few lines of Java or XML.

Spring Security is also integrated with many other Spring technologies, including Spring MVC, Spring WebFlux, and Spring Messaging.

Official Website: https://spring.io/projects/spring-security

Useful Links:

28335 questions

votes

2 answers

How to get a List of Objects that a user can access using ACLs related tables

I'm designing a system that has a lot of requirements around user management/permissions, so I decided to use Spring Security ACL to manage the permissions at the Domain Objects level. Although, using ACLs to maintain the relations between Users…

spring-security acl spring-security-acl

asked May 08 '15 at 22:18

pVilaca

1,508
1
12
18

votes

3 answers

Kerberos spring javax.security.auth.login.LoginException: Unable to obtain password from user

I am implementing kerberos Authentication in my existing java spring application.My unix team has provided me SPN, krb5.conf and keytab file. I am trying hard with below code and configuration but getting unable to obtain password from user…

java spring spring-security kerberos spring-security-kerberos

asked Apr 24 '15 at 09:53

codelearner

votes

2 answers

How to configure Spring Security OAuth 2.0 client store to database

I found a tutorial about Spring REST Service OAuth on https://github.com/royclarkson/spring-rest-service-oauth But I wonder how to configure client stored to database, so I can manage easily. In the tutorial client configuration store inMemory at…

spring-security oauth-2.0 spring-security-oauth2

asked Apr 15 '15 at 10:09

prptn

votes

0 answers

Avoid JSESSIONID cookie creation with spring security authentication in "stateless mode

I need to build a rest service stateless. So, the session must not be created on app server neither JSESSIONID cookie in the header response. In my spring XML file I added the following config:

java spring spring-security

asked Apr 15 '15 at 08:31

memi

votes

1 answer

Why doesn't my custom login page show with Spring Security 4?

I am able to use a custom login page with Spring Security 3.2.4, but after migrating with the code below using 4.0.0, I see a generic login form instead of my custom one:

java spring-security

asked Apr 12 '15 at 21:55

riddle_me_this

8,575
10
55
80

votes

1 answer

Got HTTP Status 405 in case of logout from Grails application with Spring Security Plugin

I'm adding Spring Security plugin(2.0 RC3) to my Grails app(2.4.4). However, once clicking 'Logout' link i see the web page with HTTP Status 405. How this could be fixed?

grails spring-security logout

asked Feb 07 '15 at 14:51

Vasyl Shyrochuk

votes

1 answer

Spring boot, spring security override UserDetailsService

Working on moving from spring security xml configuration to Java Config in Spring Security. In my class SecurityConfiguration that extends WebSecurityConfigurerAdapter. However, the problem is that the userDetailsService is not being used by the…

spring-security spring-boot

asked Feb 07 '15 at 02:28

Brian Hurley

votes

1 answer

spring security oauth2 disable jsessionid based session

I dont have reputation to comment, otherwise this post describes exactly the same issue. I have successfully implemented spring security oauth2 2.0.5 in a spring 4 application. All works fine, i can generate tokens and api requests are properly…

spring-mvc spring-security spring-security-oauth2

asked Feb 02 '15 at 15:17

Peeyush

votes

1 answer

Null GrantedAuthority to get UserDetails on Spring Security

This is my UserDetails service in spring security: public class UserDetail implements UserDetailsService { @Autowired User_service user_service; @Override public UserDetails loadUserByUsername(String userId) throws…

java spring spring-security

asked Jan 15 '15 at 18:51

user3726079

votes

3 answers

Custom WebSecurityConfigurerAdapter

I have this problem implementing a custom login authentication using SpringBoot and SpringBoot-Security. I made a Bitbucket repository as reference for this thread (within CustomSecuringWeb branch). Before anything else, most of the comments here…

spring dependency-injection spring-security spring-boot

asked Jan 14 '15 at 08:58

David B

3,269
12
48
80

votes

2 answers

Accept facebook login into my REST API

I have a backend server (Java / Spring / Spring Security). Currently when users from mobile app login, they simply submit their username/password and Spring Security creates a Session and assign it to the request with a JSESSIONID. We would now…

facebook rest spring-security token spring-security-oauth2

asked Jan 02 '15 at 16:32

Johny19

5,364
14
61
99

votes

3 answers

Spring Boot + Security + Multi HTTP Web Configuration

I'm trying to do an example using spring-boot with spring security. My idea is to create a web app and also provide an API, I would like to both have security; so I need to create a multi http web security configuration however it is not working. I…

spring-security spring-boot

asked Dec 24 '14 at 15:18

Rogelio Blanco

1,462
4
19
29

votes

1 answer

Differences between AuthenticationProvider and AuthenticationEntryPoint

Sorry guys, maybe a silly question. But I need to implement some additional logic for authentication and authorization in my web app and I've not clear in mind where AuthenticationProvider and AuthenticationEntryPoint must be used. Looking for some…

java spring spring-security

asked Dec 23 '14 at 10:09

davioooh

23,742
39
159
250

votes

1 answer

How to disable static content handle in spring-boot?

I'm using this link to configure security and spring-boot as base for other. But static resource handler provided by spring-boot is executed before security settings. So if I send POST request, static content handler respond me that method POST not…

java spring spring-security spring-boot

asked Dec 16 '14 at 01:48

Lunigorn

1,340
3
19
27

votes

2 answers

Could someone explain Spring Security BasePermission.Create?

I am working on a project that involves Spring Security ACL and I came across the create permission BasePermission.CREATE. Would someone please explain how this is supposed to work or what it allows someone to do? It is my understanding that each…

java security spring spring-security

asked Apr 29 '10 at 00:03

Matthew Sowders

1,640
1
19
32

Prev 1 2 3

…

99 100 Next