I have a Spring Boot enabled application whose login is controlled by third party Siteminder application. After successful authentication, Sitemeinder redirects to our application url. We fetch the HttpRequest from Siteminder and process the requests
Custom Spring security OAuth2 is working fine and now would like to add Spring Social integration(facebook login, google login etc), When the user clicks on Facebook login(user would not provide any username/password), Facebook will return an access_
I have grails application and installed spring security core plugin. I want to logout another logged in user. I am able to get all logged in users list using sessionFactory. Help needed. Please give me detailed explanation. I followed this thread but
I'm trying to create a REST API using Spring Boot (Version 1.4.0.M2) with Spring Data Neo4j, Spring Data Rest and Spring Security. The Domain is consisting of three types of Entities: The user entity storing the username/password and relationships to
I am planning on building an application with a decoupled front-end and back-end (using only ajax requests). I do not allow cross-site ajax requests. Can I generate a csrf token with an ajax call, by adding an API like /csrf which returns something l
I'm attempting to implement a microservices architecture using Spring Cloud's Zuul, Eureka, and my own services. I have multiple services that have UIs and services and each can authenticate users using x509 security. Now I'm trying to place Zuul in
I'm running into an exception generated by the Grails Database Migration plugin. In JIRA, it says this is a bug won't fixed. But, I want to use Spring Security with the default DB, H2, because it's easy to use to make a simple application. How can I
I keep getting the ConflictingBeanDefinitionException error in my Spring boot application. I am not entirely sure as to how to address it, I have several @Configuration annotated classes helping to set up Thymeleaf, Spring Security and Web. Why is th
I want all users to be authenticated before accessing my application. Following is the setting in Config.groovy: grails.plugin.springsecurity.controllerAnnotations.staticRules=[ "/**": ["ROLE_ADMIN"], "/login/auth": ["pe
Spring Security is very nice framework widely used for Authentication & Authorization. I have a requirement in which the application to be authenticated using j_spring_security_check, and only authorized users can make request to websocket handler. I
Trying to resolve org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined in Java based configuration. web.xml <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns
I have Spring Security configured as: protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .formLogin() .successHandler( successHandler() ) .loginPage("/login") .loginProcessingUrl("/loginProcess") .fai
I'm sure there must be a more elegant way of implementing if/else logic blocks in a GSP based on user info. Consider the following: <g:if test="(user logged in) && (this users post) && (post replied to)"> Show options for t
I have a working spring-security configuration which wraps my jersey-based REST endpoints and allows method-level access. Sample project with everything needed to reproduce the problem quickly: https://github.com/pulkitsinghal/dummy-rest-api // Serve
I have some problems with Spring Security and getting an access-denied-handler to work. Spring security is working but when I visit /admin without the required privileges (ROLE_ADMIN), Spring Security is just redirecting to the root page which is my
I have implemented spring security for login to my web portal. It works fine except for one issue. I have set session timeout to 5 min. Once timeout happpens and then user click any URL, it gets redirected to logout page. But when user re autheticate
I have website with secured pages, and a number of public directories. Is their a built in mechanism or existing library that geernates a sitemap and/or robots.txt based on controller request mappings and their security access levels/request types ?N
I'm creating authentication service in Spring. I'm using UserDetailsService to get form variables, but i found that loadUserByUsername has only one variable - userName. How to get password ? public class userAuthentication implements UserDetailsServi
I am using Spring Security in my application. I have all the pages secured. But couple of URL needs to be available both for system user and anonymous user. But anonymous user should not have direct access to the URLs. He gets a link with unique toke
I want to display some content conditionally based on Roles using Spring Security JSP taglibs. But in Spring Security 3.1.x is checking for only one role. I can use but ifAllGranted is deprecated. Any help?There is a special security expression in sp
This question already has an answer here: UserDetails getPassword returns null in spring security 3.1. How to get password of currently logged in user? 3 answers I'm using spring-security with HTTP Basic Auth to secure a java webapp. In my webapp I n
I have a Spring login form with username and password, which points to /myapp/j_spring_security_check. I am hoping to intercept the form submission when someone submits the login form before Spring gets the request. Basically, I am hoping to to be ab
I'm new on BPM and I tried to install Activiti on my own Grails application. I've installed the plugin and the security plugin (Spring security and Activiti-spring security), and also the Vacation Request application. From : http://code.google.com/p/
I am using Spring Security 3.0.3 for a project.My user info is loaded from the database. I have following interceptor <intercept-url pattern="/admin/**" access="ROLE_ADMIN"/> <intercept-url pattern="/**" access="
I have a java web application that use spring security for log in users, restriction access etc. , and it is working without problems on Glassfish 2.1, Tomcat, jetty, but on glassfish v3 doesn't work, when I try to login, and press button login, I'm
I am trying to use the logout functionality provided by Spring security. The logging out works fine. The session gets invalidated(by calling logout method in SecurityContextLogoutHandler class). The user is redirected to the login page. However, when
I am actually feeling a bit dumb for asking this but I tried for half a day now and can't find a way to get information on the currently logged in user in my controllers as well as my views. I tried several suggestions I found on the web like "authen
applicationContext.xml: <bean id="defaultEntryPoint" class="com.spsetia.companyapp.company.services.CustomAuthenticationEntryPoint"> <property name="securityConfiguration" ref="securityConfiguration" />
I am screwed with the spring security configuration issue Here is my configuration <security:global-method-security pre-post-annotations="enabled" /> <security:http auto-config="true"> <security:intercept-url pattern=&qu
I'm designing the security subsystem for a new product. The system requires the following: Complex user/group/permission model, both service-level and domain-level (ACL) Administration UI for the above Rules performed upon user actions (account disab
