Stack Overflow
Stack Overflow

Questions tagged [spring-security]

Spring Security is the Spring Framework's application security solution. Spring Security can be used to secure URLs and method invocations. It is widely used to secure standalone web applications and REST APIs.

Spring Security is a powerful and highly customizable authentication and access-control framework. It also provides defense against several common web application attacks. It is the de-facto standard for securing -based applications.

Spring Security is one of the most mature and widely used Spring projects. It was founded in 2003 and has been actively maintained by the Spring Team since. Today it is used to secure numerous demanding environments including government agencies, military applications, and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.

Spring Security is also easy to learn, deploy and manage. Its dedicated security namespace provides directives for most common operations, allowing complete application security in just a few lines of Java or XML.

Spring Security is also integrated with many other Spring technologies, including Spring MVC, Spring WebFlux, and Spring Messaging.

Official Website: https://spring.io/projects/spring-security

Useful Links:

28335 questions
8
votes
1 answer

Spring Security 3.1 Run-As

I am trying to get the Run-As feature in Spring Security 3.1 to work. The strange thing is that I cannot find a single example. Even the Spring Security Book does not cover the topic at all. Here is the security part of my application…
saw303
  • 8,051
  • 7
  • 50
  • 90
8
votes
1 answer

How to programatically return a json response after executing a custom filter UsernamePasswordAuthenticationFilter?

I'm creating a custom filter UsernamePasswordAuthenticationFilter to handle the authentication process. Basically, when the User performs login http post through the REST /login, the custom filter will execute and should respond a json format…
Warner
  • 231
  • 4
  • 9
8
votes
3 answers

What is the correct way to configure a spring TextEncryptor for use on Heroku

I have a spring TextEncryptor defined like this
Ollie Edwards
  • 14,042
  • 7
  • 28
  • 36
8
votes
2 answers

How to check if authority exists in a collection of GrantedAuthority?

Authentication auth = SecurityContextHolder.getContext().getAuthentication(); Collection roles = auth.getAuthorities(); How can I check if roles contains a specific authority like "ROLE_ADMIN"?
Takkun
  • 6,131
  • 16
  • 52
  • 69
8
votes
1 answer

Spring Securing @RequestBody

What is the proper way to secure the @RequestBody with Spring Security? For example: A User can have multiple Blogs and each Blog can have multiple Entrys. A user goes to save an entry to a certain blog and the request would come in like…
Josh Johnson
  • 10,729
  • 12
  • 60
  • 83
8
votes
1 answer

Spring MVC get current logged in user

My app only allows access if the current user is a specific type, this also means the role they have can log into other applications and then access certain parts of my app with specific roles, for example, my web app is configured…
user1555190
  • 2,803
  • 8
  • 47
  • 80
8
votes
2 answers

how to use spring security for user role management?

I need to design a user role management module for online examine tool application, There are several users in the system (Admin, Moderator, Contributor, Examiner). These users have different privileges for the system. I need to use the Spring…
zlas
  • 185
  • 1
  • 3
  • 14
8
votes
1 answer

Organizational Hierarchy -based access control in Spring Security (& hibernate)

There is a scenario in one of the projects I am working on, in which there is a central database that is being accessed by various branches and sub-units within the organisation. In addition to role-based entitlements (like operator, admin, approver…
Shyam Kumar Sundarakumar
  • 5,649
  • 13
  • 42
  • 69
8
votes
3 answers

Recording logins with Spring Security

I want to log every login in my web application. I was able to access the logins which take place through UsernamePasswordAuthenticationFilter but I don't know how to log users who log in using remember-me functionality. I tried overriding…
Kani
  • 810
  • 1
  • 19
  • 38
8
votes
2 answers

How to add custom filter after user authorize in spring application

I am a newbie to Spring Security 3. I am using roles for users to login. I want to add some session value after a user is authorized into the application. Maybe I need some filter so that it redirects to my method which adds some session value. I…
Raje
  • 3,285
  • 15
  • 50
  • 70
8
votes
3 answers

Two separate Spring contexts for one webapp

I want to use two different Spring web contexts, each have own contextConfig, spring servlet and filter, that should be mapped to different urls. I have a Standard Grails project, mapped to '/' And an existing Spring webapp, that I want to map to…
Igor Artamonov
  • 35,450
  • 10
  • 82
  • 113
8
votes
6 answers

How to move username/passwords out of spring-security-context.xml?

I am using Spring Security in one of my project. The web-app requires the user to login. Hence I have added few usernames and passwords in the spring-security-context.xml file as follows:
Bhushan
  • 18,329
  • 31
  • 104
  • 137
8
votes
1 answer

Spring security: programmatically log in

We're developing a mobile app with jQuery mobile and want to authenticate the user programmatically on a spring 3.1.x backend correctly set up with spring security. A POST request is sent to the backend (using jQuery's $.post) containing a username…
Geoffrey De Vylder
  • 3,963
  • 7
  • 36
  • 56
8
votes
2 answers

Spring security securing the service layer, the web-service layer or both?

I have an API which I'm exposing via REST and I'm deliberating about where to place the authorities restrictions. I've read that there is a best practice about securing the service layer as it is the one doing the work and you don't know where it's…
Ittai
  • 5,625
  • 14
  • 60
  • 97
8
votes
1 answer

Grails, Spring Security & Siteminder - problems with resources or userDetails

I am trying to secure my grails application with spring security basing on preAuth by Siteminder. That's basically all I need. The application is used just for checking some stuff so no need for database. I am stuck on some filter problems that I'm…
Dz.
  • 101
  • 1
  • 6
1 2 3
99
100