Questions tagged [spring-security]

Spring Security is the Spring Framework's application security solution. Spring Security can be used to secure URLs and method invocations. It is widely used to secure standalone web applications and REST APIs.

Spring Security is a powerful and highly customizable authentication and access-control framework. It also provides defense against several common web application attacks. It is the de-facto standard for securing spring-based applications.

Spring Security is one of the most mature and widely used Spring projects. It was founded in 2003 and has been actively maintained by the Spring Team since. Today it is used to secure numerous demanding environments including government agencies, military applications, and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.

Spring Security is also easy to learn, deploy and manage. Its dedicated security namespace provides directives for most common operations, allowing complete application security in just a few lines of Java or XML.

Spring Security is also integrated with many other Spring technologies, including Spring MVC, Spring WebFlux, and Spring Messaging.

Official Website: https://spring.io/projects/spring-security

Useful Links:

28335 questions

votes

3 answers

spring security - access-denied-handler

I have some problems with Spring Security and getting an access-denied-handler to work. Spring security is working but when I visit /admin without the required privileges (ROLE_ADMIN), Spring Security is just redirecting to the root page which is my…

asked Oct 22 '13 at 12:13

Emil C

votes

5 answers

Basic and form based authentication with Spring security Javaconfig

I'm trying to define two different security configurations for different url patterns, one of them using form login and another one using basic authentication for an api. The solution I'm looking for is similar to the one explained here…

java spring spring-security

asked Sep 10 '13 at 22:26

Adrian Lopez

1,776
1
17
35

votes

1 answer

How can I programmatically authenticate user with Spring Security using DaoAuthenticationProvider

I was wondering what I am doing wrong here to authenticate a user. I have an application where the user goes through several steps to activate their account, and upon doing so I would like to bypass the login form and take them directly to their…

java spring authentication spring-security dao

asked Aug 01 '13 at 23:07

rawkfist0215

1,445
6
21
34

votes

5 answers

How to Enforce Change Password on User's initial login using Spring Security

What would be the most elegant way of implementing a force password change upon user's initial login using Spring Security? I tried implementing a custom AuthenticationSuccessHandler as mentioned here, but as mentioned by rodrigoap, if a user…

java spring-mvc spring-security change-password

asked Jul 25 '13 at 03:59

Jonathan

2,244
1
23
29

votes

1 answer

Best way to create custom method security expression

I'm trying to create my own method security expressions, that I want to use in @PreFilter and @PostFilter annotations. Searching for tutorials and similar questions I've found two ways to proceed. The first is to extend…

java spring spring-security

asked Jul 23 '13 at 06:59

gipinani

14,038
12
56
85

votes

3 answers

Spring security 3 http-basic authentication-success-handler

H i'm using spring security for form-login i have

spring-security basic-authentication

asked May 24 '13 at 12:05

wutzebaer

14,365
19
99
170

votes

1 answer

Looking for the right way: Spring Social + Spring RESTful API + Spring WebApp + Mobile Clients

I have a RESTful API built with Spring 3.1, using Spring Security as well. I have a web application, also a Spring 3.1 MVC application. I am planning to have mobile clients accessing my REST API. So my API is the central place to authenticate, get…

spring spring-mvc spring-security facebook-oauth spring-social

asked May 07 '13 at 01:56

pumuckl

votes

3 answers

Spring security oauth2 - getting custom data from OAuth2 principal

I have a site that uses Spring security and has users (username & password) and standard form authentication. I allow users to generate a client Id and client secret linked to their account for use with an OAuth2 secured rest API. I use a…

java spring rest spring-security oauth-2.0

asked Apr 23 '13 at 16:55

Mark Doyle

4,804
3
20
23

votes

4 answers

How implement Spring security when login page having more field apart from user name and password?

I have a login page where the user need put the below information VIN number,email, zip code and accessCode which they will get from different application. So to validate a user I need all the information in my custom UserDetailsService class and…

java spring spring-mvc spring-security

asked Apr 19 '13 at 12:05

Krushna

5,059
5
32
49

votes

1 answer

Spring : Exception starting filter springSecurityFilterChain

I am trying to write an application using Spring 3.1.2-Release. App server is Tomcat 7. When I start the server I get this error : SEVERE: Exception starting filter springSecurityFilterChain …

java spring spring-security configuration-files web.xml

asked Apr 12 '13 at 15:35

D.R.

votes

3 answers

How to correctly update the login date time after successful login with Spring security?

I'm using Spring 3.2.0 and the same version of Spring security. On successful login, a user is redirected to one of the protected pages as follows. public final class LoginSuccessHandler implements AuthenticationSuccessHandler { @Override …

spring spring-mvc spring-security

asked Mar 19 '13 at 06:52

Tiny

27,221
105
339
599

votes

1 answer

How to exclude url mappings from @RequestMapping in Spring?

I've a request mapping that handles any string after the context e.g. www.example.com/anystring I'm handling it as follows: @RequestMapping(value="/{str}", method = RequestMethod.GET) public String getApp(@PathVariable("str") String anyString,…

java spring spring-mvc spring-security request

asked Mar 12 '13 at 14:42

LittleLebowski

7,691
13
47
72

votes

1 answer

Spring Security and Custom External Authentication

I have such task - integrate my web application with external Single Sign-On service. It's custom non-standard implementation of SSO which is based on setting specific cookie and redirecting back to application. SSO and app are on the same…

java spring spring-security single-sign-on

asked Mar 04 '13 at 13:44

Volodymyr Rudyi

votes

1 answer

Spring Security Single Sign On in Windows Environment

I have a feeling I've stumbled into a technical black hole. There have been many questions and not many (recent) answers out there. Short summary: I have a Windows environment operating with a domain controller and Active Directory implementation…

spring active-directory spring-security kerberos spnego

asked Feb 06 '13 at 14:15

Raevik

1,945
9
32
53

votes

0 answers

Which Java security framework to use?

We are building an O&M framework in Java, which will support both web based GUI and console based CLI. Later, it will also be supported with GUI that can be accessed using handhelds (Andriod app etc). I need to decide on which open source java…

java security spring-security

asked Dec 20 '12 at 05:05

M.K

Prev 1 2 3

…

99 100 Next