211 questions
2
votes
0
answers
66
views
Why Grails Spring Security validation and logout filter always applies?
I'm using Grails 6.2.0 with the Spring Security Core 6.1.2 and Spring Security Rest 5.0.0 plugins.
I configured the filters as recommended in the documentation (or at least how I understood it):
...
- 21
0
votes
0
answers
23
views
Springboot with jwt always gets authenticated but the other urls are always fails with username null from token
I tried to authenticate rest api controller with jwt and other without jwt. I am able to get the login response for the rest but all other calls are failing with error while extracting the username ...
- 118
-5
votes
1
answer
163
views
API Security and protection from non trusted clients
We are facing an issue with a malicious user who has details about how our website works. Using the developer tools in the browser, the login and subsequent APIs are studied and a mobile app is built ...
- 1,225
-1
votes
1
answer
1k
views
SecurityContext is null even if it was instantiated in SecurityContextHolder
I have a problem with Spring Security. When I'm trying to authenticate an user on my application, I'm redirected back to signin.html. After debugging, I saw that even if I'm instantiating ...
1
vote
0
answers
619
views
Spring boot security 6 - swagger 3: CSRF token only worked second call
I'm implementing spring boot security in our Java 17 project which uses Swagger 3. The login procedure appears when navigating to the swagger-UI before we can call one the endpoints. Which is normal. ...
- 11
0
votes
1
answer
94
views
Spring Security REST - Invalidate Refresh Token when accountExpired
I have an application that uses Grails 3.1, Spring Security, and Spring Security REST.
In my User entity, I have the accountExpired field, which, when set to true, prevents the user from accessing the ...
- 924
-1
votes
1
answer
2k
views
Spring security post v5 - how to get authentication manager for filter
I am using Spring security 6.1.3 and Spring boot 3.1.3.
For learning purposes, I am trying to connect to the secured service via Basic Auth and receive a JWT token. I keep getting a null ...
- 199
0
votes
0
answers
767
views
Getting 401 from Postman but 200 from Swagger with Spring Boot Security and JWT
When I request APIs in POSTMAN protected by Spring Boot Security, I get the following error: Unauthorized error: Full authentication is required to access this resource . But in Swagger, things are ...
- 54
0
votes
1
answer
56
views
Grails 5 RestfulController extension is showing default constructor missing problem
I am using grails-5.2.5 to migrate an application from grails-2.5.2 version. In grails-2 version there is a class RestVehicleTrackingController which extends RestfulController. The purpose of the ...
- 2,019
0
votes
0
answers
62
views
bug: spring security doesn't disting between roles
i have this spring security config, the idea is secure the endpoint for the only the user with the role "CARD-OWNER" have access to the data
@Configuration
@EnableWebSecurity
public class ...
1
vote
2
answers
2k
views
Extract Keycloak Principal in spring boot 3 using oauth
is there any way to extract Keycloak Principal in spring boot 3 using oauth?
With older version we accessed like below,
KeycloakAuthenticationToken authentication;
try {
authentication =
...
0
votes
1
answer
176
views
CreateProcess error=206, The filename or extension is too long while using Spring Security
I am using JDK v.1.8, Grails v.3.3.10. I am trying to implement some of the endpoints of my app as rest and remaining as normal web pages URL. So to achieve this added below lines in build.gradle file
...
- 75
1
vote
0
answers
364
views
How to make a proper jwt authentification for rest api using spring boot security?
I want to make a rest API where some endpoints are protected by an authentication base on users roles. I also would like to use JWT token and to check roles of user. Furthermore, I have seen countless ...
- 799
0
votes
2
answers
651
views
How to generate an api key and store it in a database as encrypted format
Here we need to find a mechanism on how to generate an api key and store it in a database in encrypted value and all requests to the api need to pass as a header called API_KEY and this value will be ...
1
vote
1
answer
2k
views
Spring security exception handling custom response
How is it possible to return a json instead a html?
I got:
<!doctype html>
<html lang="en">
<head>
<title>HTTP Status 401 – Unauthorized</title>
<...
- 5,169
0
votes
1
answer
551
views
Spring boot @RestController fails with 403 error after adding authentication
I am using the Spring – REST Controller tutorial which works just as advertized. I then added a JavaScript ajax snipped which sends a POST request that works too.
After that I added authentication to ...
- 975
0
votes
1
answer
483
views
Form based authentication using spring boot and vanilla java
I am trying to implement a form based authentication. Authentication is based for the Users is based on Roles ADMIN and USER. When I run my custom login url .loginProcessingUrl("/admin/login"...
- 417
2
votes
2
answers
1k
views
AuthenticationManager throws StackOverflowError
I am trying to implement the web security configuration without implementing the deprecated WebSecurityConfigurerAdapter. But when I try to authenticate the User AuthenticationManager gives me ...
1
vote
0
answers
1k
views
Custom Authentication using AbstractAuthenticationProcessingFilter with permitted paths and Also enabling method security with roles
I am trying to implement a custom token based authentication with authentication filter:
public class AuthAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
@Override
public ...
- 11
1
vote
0
answers
2k
views
Spring Security + JWT authentication
In order to protect my Rest API endpoints, I implemented Spring Security using JWT authentication. My code "works" without any issues/exceptions but it would be great if I could get my ...
- 633
1
vote
2
answers
1k
views
File upload not working from Angular 8 front-end to the Spring Boot back-end after adding Spring Security
I have a REST Controller in a Spring Boot application which receives a file uploaded from the Angular front-end. Before adding Spring Security it worked fine.
After I have added it, it does not work, ...
0
votes
0
answers
256
views
UserDetailsService creates circular dependency
I have a circular dependency forming on my WebSecurityCongfig. I have tracked it down to the UserDetailsService and once I remove it it builds but I cannot perform jwt filter because of it. The ...
0
votes
2
answers
655
views
What is wrong in this Spring Security configuration? How can I make an endpoint accessible to users having different authorities?
I am working on a Spring Boot protecting my APIs using Spring Security and JWT tokens and I have the following iusse.
I have an API handling endpoint like this: http://localhost:8019/api/admin/user/54/...
- 43.3k
3
votes
0
answers
3k
views
In Spring security filter chain, why i don't see all the filters in the chain (more specifically UsernamePasswordAuthenticationFilter)?
From this Spring Security reference documentation:
5.2.1 -> Table 17.1. Standard Filter Aliases and Ordering
It seems 5.x added more filters to the chain then in 3.x. Or something else I should ...
- 3,780
1
vote
1
answer
5k
views
Implement both mTLS (two way SSL ) and public endpoints (no SSL check)
I have a Spring Boot application which has some endpoints:
/.wellknown which does not require any authentication and open to public
/callback which requires mTLS (only cert authentication).
For the ...
- 305
0
votes
1
answer
669
views
@CurrentSecurityContext always inject null in mockMvc integration tests?
I am using the spring security annotation @CurrentSecurityContext to inject the authentication object. This works well when the application is running, but in a @SpringBootTest it always injects null, ...
- 4,434
2
votes
1
answer
4k
views
Can I mix both basic authentication and JWT token authentication to protect APIs of a single Spring Boot project?
I am pretty new in Spring Security and I am working on a Spring Boot project that uses Basic Authentication in order to protect some APIs. I am starting from an existing tutorial code (a Udemy course) ...
- 43.3k
0
votes
2
answers
884
views
Different authentication on GET and POST
I've been following a spring security example but I cannot make sense of it. A simple RestController replying hello on a GetMapping("/hello") with a 200 status code. Once I change it to a ...
- 131
1
vote
0
answers
1k
views
Spring Security returns 403 Forbidden exception even when i throw custom exception with response code 400 from unsecured route
I have ignored route throwing a runtime exception but spring security converts it into 403 forbidden exception. I just want it to show my exception with msg in response body as it was showing before ...
- 11
0
votes
0
answers
799
views
Spring Boot Security: Why Strict-Transport-Security header is not including preload; when preload set to true
I have a spring boot application where i have added WebSecurityConfigurerAdapter.
I want to have the response header strict-transport-security: max-age=16000000; includeSubDomains; preload;
I have ...
- 454
3
votes
1
answer
3k
views
Authentication Manager Builder in Spring Security
I was exploring spring security and tried to build a small application wherein I have a an entity name User and a userRepository having a one declared method findByUserName(String userName)
@Entity
@...
- 1,108
1
vote
1
answer
1k
views
Why is remember-me a lesser authentication then full-authentication in spring-security?
This is a conceptual question about the fact, that authentication has different grades in spring security.
There is a grade for
anonymous authentication also called IS_AUTHENTICATED_ANONYMOUSLY
and ...
- 10k
0
votes
1
answer
2k
views
Spring boot using https only - Test failing
I have spring boot - angular application
My server port is 1234 (example).
But now I have setup ssl
Steps:
created self signed cert using keytool and added my p12 cert file into resources folder
...
- 1,094
0
votes
1
answer
2k
views
Spring Session integration into Spring Security - how to populate Authentication
When integrating spring session with spring security I'm not sure how the SecurityContextImpl#Authentication is supposed to be populated when a session is identified by spring session.
Context:
The ...
- 10k
5
votes
1
answer
4k
views
Spring boot security - allowing user requests with expired JWT token
I have some users who are accessing some APIs with valid JWT token but because their tasks on their side take much more time than the token expire time, when they come to the API again, the JWT token ...
- 226
0
votes
1
answer
935
views
Spring-Security.. 5.1.5 RELEASE to Spring -Security.. 5.4.6 breaks security configuration
Summary
Updated Spring boot project from 2.1.5 RELEASE to 2.4.5 Version. It automictically updated all Spring Security dependencies from version Spring-Security.. 5.1.5 RELEASE to Spring -Security.. 5....
0
votes
1
answer
39
views
Unauthorized error while configuring two Security Configurations [duplicate]
I am working with two Security configuration by extending WebSecurityConfigurerAdaptor like below
@Configuration
@Order(100)
public class CustomerSecurityAppConfiguration extends ...
- 3,755
0
votes
1
answer
679
views
What is the approach to provide access of resources for different Role?
I am configuring spring security in my project using jwt token.
I am sucessfully generated jwt token and accessing it from front end.
In my spring boot REST APT I have several controllers with all ...
- 1,069
3
votes
4
answers
36k
views
Error: Required a bean of type 'org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder' that could not be found
I want to use Spring Boot Security in my project by creating a simple login screen but i get these error while running y application
Description:
Parameter 1 of constructor in com.panchmeru_studio....
- 1,069
0
votes
1
answer
2k
views
How to achieve secure REST api along with springboot session and spring security without authentication
Problem: My java springboot application receives JWT token from external system to authenticate a user with their external identity management provider which returns the user details upon success.
...
-1
votes
1
answer
2k
views
Spring Boot Form Login Custom UserDetailsService authorisation not working
I am a beginner at Spring Boot and really struggling to get this. I am not finding Spring boot's security API very intuitive at all, but I'm trying to get it.
I am going to use MySql with JPA to get ...
- 105
0
votes
1
answer
873
views
Spring Security OAuth2 How to generate temporary token for file download
In my app I'm using Spring Security Authorization server and Spring Security Resource server. Everything works fine, user logs in, gets issued access_token and can use it to access the API.
Now I need ...
- 2,921
0
votes
1
answer
328
views
Spring Security Google Sign In With Session Rest Service
I am new to Spring ecosystem, and with the limited knowledge I had with Spring, I understood how Spring Security OAuth2 works.
I need the following functionality, and I think OAuth2 is not what I ...
4
votes
1
answer
4k
views
Spring security - create 2 filter chains with specific matchers
I'm in the process of implementing ADFS support to an existing spring project.
Since we already have our own JWT authentication, which we want to work in parallel to ADFS authentication, I want to ...
- 2,596
1
vote
1
answer
6k
views
Spring Boot/Security - can I use X509 Certificate as an extra layer in authentication?
I am building an Android App which communicates with my REST API that is protected by Spring Security.
Since the Android App is "public" and no keys etc is secure I want to create diffrent ...
- 680
0
votes
0
answers
161
views
How to validate access token within Resource Server obtained from the iOS client
I am building a spring boot java resource server as a backend for an iOS app. The iOS App authenticates users using federated login with Facebook and passes access token for resource server to create ...
0
votes
1
answer
1k
views
Authentication object is null after bypassing the particular request
The below Code I used in webConfigSecurity class to bypass some requests from the client
@Override
public void configure(WebSecurity webSecurity) throws Exception
{
webSecurity.ignoring()....
- 53
0
votes
1
answer
473
views
Throw custom exception from AuthenticationProvider to client(spring security)
I develop a spring boot REST service. I use @ControllerAdvice for exception catching. Also, I have a custom AuthenticationProvider and check a license in it.
@Component
public class ...
- 1,282
0
votes
1
answer
72
views
Wiring in custom security custom security evaluator in grails app
I was trying to simplify the code of security checks in my grails app and I found that there is a way to drive the security on a service class.
Some of the references I found related to that:
https://...
- 2,620
1
vote
1
answer
2k
views
Test spring boot controllers with JUnit5+Spring Security
I have a spring boot application and want to write integration tests for controllers. It is my SecurityConfig:
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig ...
- 1,282