I'm struggling with the basics of Spring Security here. What I wish to achieve My system is only for REST API handling, there's a login endpoint POST on /user/sign_in and a few open endpoints - GET on /prompt/, /prompt/{id}, /story/, /story/{id}, res
I'm new to spring, so please excuse my ignorance. I want to ensure that every response from my application contains the following headers: Content-Type → application/json;charset=UTF-8 Date →Tue, 22 Nov 2016 16:30:21 GMT is there a easy way of doing
I have been really been searching high and low for the last few days on how to do this and have finally decided to admit defeat and ask for help, please!!! I have followed Dr Dave Syer's tutorial on Angular and Spring Security specifically the Zuul P
so I have an existing SpringBoot project. a) I added this at the top of my main @Configuration class @Import({ WebSecurityConfiguration.class, OAuth2ServerConfiguration.class }) b) The contents of the above 2 classes are the same as what is in this p
I pulled in the example Java configuration project for Spring's SAML extension. No commits seem to have been made to the project for about six months as of my writing this question. I have not done anything to this project except for run maven packag
I have a simple spring mvc + spring security app I declare when user try .../hello the hello.jsp page from /WEB-INF/pages/ path displays correctly: @RequestMapping(value = "/hello") public ModelAndView doLogin() { return new ModelAndView("h
My spring boot application has an Application class. When I run it (as an application), it launches itself within an embedded servlet container (Tomcat, in my case). Somehow (through Application's @annotations, I suppose), WebSecurityConfig (extendin
I upgraded Spring Security from 3.2.5.RELEASE to 4.0.0.RELEASE and I'm getting the following error javax.servlet.ServletException: Filter execution threw an exception at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilt
We have a Grails app on Tomcat deployed behind a Load Balancer that is terminating SSL (the load balancer then communicates with tomcat instances on port 8080). We have configured SpringSecurity to require a secure channel on all resources, pay atten
Good day. I am using Spring security in context of Spring boot auto-configured application. My goal is to set up basic auth in such way that standard browser's basic auth form is not shown on 401. From the Google I found out that to achieve it I need
I have the following spring security java config rule (with version 3.2.4) which works: http.antMatcher("/lti1p/**") .addFilterBefore(ltioAuthProviderProcessingFilter, UsernamePasswordAuthenticationFilter.class) .authorizeRequests().anyRequest()
I have a Spring MVC Rest Web App for which I'm in the process of adding a layer of Spring Security. While I'm going through the Spring documentation, I'm unable to pickup the meaning of Section 3.1.3. I'm copy/pasting the contents of the section belo
While using spring security I am providing a particular page with ROLE_ANONYMOUS user. <intercept-url pattern="/runApp*" access="hasAnyRole('User', 'Admin','ROLE_ANONYMOUS')" /> There are many other intercept urls in the same htt
Am trying to use Spring Security but all the tutorial I've found use the Spring framework for web application: So my Question is: Is it possible to use the Spring Security in a simple java web application without using the Spring Framework or are the
I am using grails 2.1.0. I have installed spring-security-core plugin. When I create user it is creating it. But when I try to login then it shows: "Sorry, we were not able to find a user with that username and password." And there is also anoth
I have custom error pages for each error code I wish to handle, though I'm finding that the spring-security tags are not working when using these pages. As an example, with the below only "One" shows: <%@ page session="false" %>
In spring, how embedded ldapcan be used with spring-ldap Template. Currently, my configuration is - <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="ht
When a user fails authentication, I want the username and password to be returned to the form. I'm using the spring security core plugin with Grails and Spring Security LDAP. I've searched around for a while and have come up with zip. Any ideas?From
On the client side i have the following spring bean: <bean id="partneriLogicImpl" class="org.springframework.remoting.caucho.HessianProxyFactoryBean"> <property name="serviceUrl" value="http://localhost:8080/hr.
It's fairly easy to use custom JSP login page in Spring Security. Our application is based on Vaadin though and I don't want to have JSP login page. What I want is custom fancy login window created as Vaadin widget. Well technically I can use Vaadin'
I am looking for a way to auto insert a default admin account, using JPA, when my spring mvc application is deployed. My database is generated based on the Entities. I want to kick off something that will insert a default admin user, assign roles, ev
My controller layer is wrapped with spring oauth2. I am writing an integration test to test the api calls to controller, so I decided to use RestTemplate. Following are commands I use via curl: curl -v --cookie cookies.txt --cookie-jar cookies.txt "h
I am hoping that someone will help me out with a really frustrating problem I have. Currently I am trying to get Spring Security 3.0 Web App to authenticate with an AD LDS instance but I keep getting this error 'Bad Credentials'. Unfortunately I dont
With Spring security I configure the parts of my web app that need to be secured by https with security:intercept-url tag. For example: <security:intercept-url pattern="/**/*secure*" requires-channel="https"/> <security:interc
Grails 1.3.6 Tomcat6 I created a production ROOT.war. Deleted the default tomcat ROOT directory. Deployed the ROOT.war and started tomcat. The app kicks off just fine. However, it seems like the spring security filter isn't processing correctly. For
Can the form-login tag make use of URLs to external resources? I have two Web services running in separate application contexts [Case #1]. They could be on separate machines as well [Case #2]. I want the first service to use Spring Security to enforc
Im working on a legacy grails application. I have a couple of tables like this User ( id, name,enterprise_id) Enterprise (id, name) Asset (id,description, enterprise_id) I want to validate that when a certain user wants to access an asset, it has the
How do you customize the UsernamePasswordAuthenticationFilter usernameParameter (j_username) and passwordParameter (j_password) properties when using the <http ... /> Spring Security 3 namespace? It's my understanding the <http ... /> creates
I use SecurityContextHolder and a custom UserDetailsService to obtain UserDetails from SecurityContextHolder: Object o = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); UserDetailsDTO user = (UserDetailsDTO) o; I left out the n
Has anybody seen a framework which is either written to work with Guice or a library that integrates an existing security system (ie: Acegi) with Guice? I have found the following thus far... http://code.google.com/p/warp-security/ (I think this aban
