Questions tagged [spring-security]

Spring Security is the Spring Framework's application security solution. Spring Security can be used to secure URLs and method invocations. It is widely used to secure standalone web applications and REST APIs.

Spring Security is a powerful and highly customizable authentication and access-control framework. It also provides defense against several common web application attacks. It is the de-facto standard for securing spring-based applications.

Spring Security is one of the most mature and widely used Spring projects. It was founded in 2003 and has been actively maintained by the Spring Team since. Today it is used to secure numerous demanding environments including government agencies, military applications, and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.

Spring Security is also easy to learn, deploy and manage. Its dedicated security namespace provides directives for most common operations, allowing complete application security in just a few lines of Java or XML.

Spring Security is also integrated with many other Spring technologies, including Spring MVC, Spring WebFlux, and Spring Messaging.

Official Website: https://spring.io/projects/spring-security

Useful Links:

28335 questions

votes

2 answers

OpenId authentication and automatic registration with Spring Security 3.0.2

I'm implementing an app using spring security 3.0.2 with OpenId login and registration. I can login succesfully, but if the user isn't registered i want to do: 1) Get some OpenId attributes like email and name. 2) Show to the user a registration…

spring authentication openid spring-security registration

asked Apr 27 '10 at 18:57

xlluch

votes

3 answers

404 with response.sendRedirect

I am using spring security login mechanism for my application and tested everything.Things were working fine.I have the following use case If customer is not logged in , application will redirect customer to the login page. On successful login,…

java spring jakarta-ee spring-security

asked Nov 21 '14 at 08:53

Umesh Awasthi

23,407
37
132
204

votes

2 answers

Spring Security HTTP Basic Authentication

I am trying to do a really simple basic authentication with Spring Security. I have configured the namespace properly and there are no Exceptions in the server. In my "servlet.xml" I have got the next for Spring Security: …

java spring-security basic-authentication

asked Apr 22 '10 at 13:25

raspayu

5,089
5
37
50

votes

1 answer

Spring-Security: Return Status 401 When AuthenticationManager Throws BadCredentialsException

First of all, I'd like to point that I don't know Spring Security very much, actually I know quite little about its interfaces and classes, but I got a not so simple task to do and can't quite figure it out. My code is based in the following post in…

java spring security spring-mvc spring-security

asked Oct 28 '14 at 16:45

resilva87

3,325
5
32
43

votes

3 answers

How to use Spring Security with Mustache?

I'm following the Spring Security reference, and I've got redirection to a custom login page working as described in section 3.3. However, I'm not sure how to get the CSRF token in Mustache (all the examples use JSP). I've tried a few naïve things…

java spring-mvc spring-security mustache

asked Oct 16 '14 at 05:54

Rob Johansen

5,076
10
40
72

votes

2 answers

How to configure Spring ACL without XML file

I am trying to add ACL capabilities to my server. I have configured spring security using java file and would like to add ACL in the same manner. How should I do it? All the tutorials I found used XML file. SecurityInit: @Order(1) public class…

spring spring-mvc configuration spring-security acl

asked Oct 10 '14 at 05:20

special0ne

6,063
17
67
107

votes

3 answers

Spring CSRF override "POST" logout behaviour in security XML config

Currently we have a problem with Spring CSRF solution for our legacy App because CSRF implementation changes behavior of default Spring security Spring security configuration sis following: ...

java spring spring-security csrf

asked Oct 01 '14 at 21:38

user1459144

4,439
5
28
35

votes

1 answer

Spring Security Java Config - custom AuthenticationProvider and UserDetailsService

I use java configuration to configure Spring Security, and I have customized AuthenticationProvider and customized UserDetailsService, to add extra login field following…

spring-security spring-java-config

asked Aug 13 '14 at 00:16

wgui

votes

1 answer

Spring Security Active Directory Ignoring PartialResultException

I have the following configuration in my spring security xml file. When I try to authenticate I get the following message but cannot proceed. INFO: Ignoring PartialResultException I am aware that spring's documentation states that you can set…

java spring spring-mvc spring-security spring-ldap

asked Aug 12 '14 at 12:43

Matt E

votes

1 answer

Spring dependency issue - no matching editors or conversion strategy found

I have a web application which fails while deployment. I get following error: Aug 8, 2014 7:00:21 PM org.springframework.web.context.ContextLoader initWebApplicationContext SEVERE: Context initialization…

java spring spring-security spring-ioc

asked Aug 08 '14 at 14:02

Ankit

3,083
7
35
59

votes

2 answers

Again... method security with spring boot/security: Error creating bean with name 'methodSecurityInterceptor' "This object has already been built"

I want to implement method security. I'm facing a problem with @Secured and @PreAuth annotations. Whenever I add any of those to my service interface, I receive an exception like the following. Without them, my app runs just fine. Caused by:…

spring spring-security autowired spring-boot

asked Jul 24 '14 at 23:17

elysch

1,846
4
25
43

votes

2 answers

Spring Security 3- How to customize username/password parameters?

How do you customize the UsernamePasswordAuthenticationFilter usernameParameter (j_username) and passwordParameter (j_password) properties when using the Spring Security 3 namespace? It's my understanding the creates the…

java spring spring-security

asked Mar 20 '10 at 17:23

Taylor Leese

51,004
28
112
141

votes

1 answer

How to send received jsessionid via spring 4 resttemplate

I'm writing an messenger with JavaFX and Spring4 on client-site and Spring4 on server-site. I secured the server with spring-security 3.2. Now my Problem: I have a loginpage on the client witch sends the login information to spring-security and…

java spring cookies spring-security spring-4

asked Jun 27 '14 at 07:57

Bloodline

votes

1 answer

How to programmatically check if a certain URL needs authentication with Spring Security?

Is there a way, using Spring Security (v 3.1.x), to programmatically get authorization rules for a certain URL? I mean... suppose I set: in my configuration. In the controller…

java spring spring-mvc authentication spring-security

asked Jun 23 '14 at 14:47

davioooh

23,742
39
159
250

votes

3 answers

No mapping found for HTTP request with URI [/pms/j_spring_security_check] in DispatcherServlet with name 'appServlet'

I have developed a Spring application and I implement Spring security integration to Login and Logout function in it. I used Spring security with xml configuration. But when I login to system it shows 404 for me. Console telling me, No mapping found…

spring-mvc spring-security

asked Jun 20 '14 at 06:25

WebUser

Prev 1 2 3

…

99 100 Next