Questions tagged [spring-security]

Spring Security is the Spring Framework's application security solution. Spring Security can be used to secure URLs and method invocations. It is widely used to secure standalone web applications and REST APIs.

Spring Security is a powerful and highly customizable authentication and access-control framework. It also provides defense against several common web application attacks. It is the de-facto standard for securing spring-based applications.

Spring Security is one of the most mature and widely used Spring projects. It was founded in 2003 and has been actively maintained by the Spring Team since. Today it is used to secure numerous demanding environments including government agencies, military applications, and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.

Spring Security is also easy to learn, deploy and manage. Its dedicated security namespace provides directives for most common operations, allowing complete application security in just a few lines of Java or XML.

Spring Security is also integrated with many other Spring technologies, including Spring MVC, Spring WebFlux, and Spring Messaging.

Official Website: https://spring.io/projects/spring-security

Useful Links:

28335 questions

votes

8 answers

Maven cannot compile Spring Security demo project

I have a Maven demo project for which I use some Spring Security features. I could import the project fine into Eclipse STS and the editor shows no error related to dependencies. But a Maven command to compile on the command line fails. I get the…

maven spring-security

asked Jun 17 '14 at 08:25

Stephane

11,836
25
112
175

votes

1 answer

custom 403 error page with spring security configured via java code

Anyone knows how to configure a customized 403 page in spring security? Looking in the web, all the results I get it's with XML configuration, and I am using Java configuration. That's my…

java spring spring-mvc spring-security

asked Jun 12 '14 at 22:12

Kleber Mota

8,521
31
94
188

votes

0 answers

SecurityContextHolder gives wrong User details

In my Application, We are capturing User details of each transaction from SecurityContextHolder Authentication object. But it gives wrong UserID it seems. Below are the code snippet for your reference. SecurityContext.xml spring-security-3.2…

java spring spring-security thread-local principal

asked May 27 '14 at 13:38

user3659938

votes

2 answers

Spring websocket with stomp security - every user can subscribe to any other users queue?

I created a simple app that uses the websockets mechanism of spring 4. I use in my app an activemq broker. In my simple test i create 10 messages for a user named "Alejando" (user/alejandro/queue/greetings) When i log in with "Alejando" and…

java spring spring-security websocket stomp

asked May 21 '14 at 08:55

Urbanleg

6,252
16
76
139

votes

2 answers

Configure Spring Security to return 403 for REST URLs and redirect to login for other URLs

My web application has a bunch "normal" resources (html pages etc) and also some REST resources which are called from JavaScript by the previously mentioned html pages. If there is a session timeout the user gets redirected to the login form. That's…

spring-security

asked May 19 '14 at 13:58

yankee

38,872
15
103
162

votes

1 answer

Spring Security in a distributed application

We recently upgraded our application to Spring 3.0 and Spring Security 3.0. Apart of the additional work we want to do is to separate the backend from the front end for various reasons. We plan to use Spring's transparent RMI solution for exposing…

spring spring-security

asked Feb 26 '10 at 14:01

user130532

votes

1 answer

Grails Spring Security plugin: Getting 302 for Ajax Request for timedout Session

We are using Spring Security plugin version 1.2.7.3 with Grails 2.2.1. In my Config.groovy, I do: grails.plugins.springsecurity.auth.ajaxLoginFormUrl = "/mylogin/authAjax" thinking that, when there is an Ajax request, Spring Security will invoke…

grails spring-security grails-plugin

asked Apr 14 '14 at 16:10

dublintech

16,815
29
84
115

votes

8 answers

Grails with SpringSecurity, check if the current user can access controller / action

I'm currently developing a menu for my application that should be able to display only the controllers that the current user can access (requestmap defined in the database). How can I check if the current user has access to a specific controller and…

grails spring-security

asked Feb 21 '10 at 16:21

Jan

1,445
1
16
20

votes

4 answers

SpelEvaluationException: EL1007E:(pos 43): Field or property 'group' cannot be found on null

I have SPRING METHOD security fully configured for my web application. (with PRE/POST annotations enabled). However recently I encountered a strange issue with them. Summary as follows: Summary of POJOS // User Class public class User { int…

java spring spring-security spring-el spelevaluationexception

asked Apr 09 '14 at 10:15

hemantvsn

1,316
3
12
24

votes

2 answers

Implementing Hierarchical Roles in Spring Security

I am trying to implement Hierarchical roles in Spring security and added the following configuration in my xml files as per spring source documentation.

spring spring-security acl

asked Mar 24 '14 at 13:37

Jeevan Mysore

votes

1 answer

How to get a custom user logged via InMemoryAuthentication with Spring Security?

I have a Spring MVC web app secured with Spring Security and I'm in the process of writing tests. I'm struggling with getting one of my (custom) user retrieved by Spring Security in its SecurityContextHolder. Once my user is "inserted"…

java spring spring-mvc spring-security

asked Mar 21 '14 at 16:41

m4rtin

2,445
22
34

votes

1 answer

Confusion around Spring Security anonymous access using Java Config

I am using the following Java Config with Spring Security: protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() …

java spring spring-security spring-java-config

asked Mar 13 '14 at 16:39

user2145809

votes

1 answer

Why is uniquely constrained field failing on update, in Grails

When i have a custom identity attribute mapped in a domain class, why does hibernate check for unique constraint? When i update an object, the validation fails despite the fact that the posted field value is the same as that stored in DB! This…

hibernate validation grails spring-security grails-orm

asked Feb 11 '14 at 05:26

Akeel Faridee

votes

1 answer

Spring Security: Java Config does not work

I am trying to set up a java configurated spring environment including spring security. The application starts without any error, but I am not able to login succeffully. WebAppInitializer import javax.servlet.ServletContext; import…

java spring spring-mvc spring-security spring-java-config

asked Nov 19 '13 at 10:08

Tunguska

1,205
3
18
37

votes

3 answers

Listener for Session Expiration in Spring

I am new to spring security and using it for authentication. I am facing a issue that when the browser is closed or in case of any unusual failure the session expires but I am unable catch the event so as to get the clean up code executed. I explore…

java spring session spring-security

asked Oct 23 '13 at 06:37

Prashant

Prev 1 2 3

…

99 100 Next