Skip to content

Tag: spring-security

Spring Boot, Spring-Security – BcrypPasswordEncoder in new component-based security configuration

I am trying to use the new Component-Based (Without WebSecurityConfigurerAdapter) configuration and setted up my Security Configuration as follow: file but when I run the application and try to log a user the following error appears even though I have the BCryptPasswordEncoder as a bean in my SecurityConfiguration: Error Stack Trace* Which is the correct way to set up

spring security hasAuthority(“SCOPE_xxx”) method not working with spring authorization server version 0.2.0

I have created an authorization server using the new spring authorization server module. I am able to get the token successfully but when I try to use the token against a protected endpoint with hasAuthority() I get forbidden 403 error. Below my pom.xml file Below is my Authorization Server config And this is my Security Config Here is my user

How do I get a JwtAuthenticationToken for my HandlerMethodArgumentResolver from the request’s Authorization header?

I have a Spring Boot application that requires a JwtAuthenticationToken passed in a HTTP Authorization header. The header itself provides a bearer token; Spring is doing some magic that I am currently unaware of to convert that bearer token string into a JwtAuthenticationToken. I have some code that extracts the user id from the token, which is used to locate

Spring Security injecting null @AuthenticatedPrincipal into controllers

Java 11, Spring Security here. I have the following endpoint/method in my @RestController: When I set a breakpoint inside this method and login to my app, token is null (meaning it was not properly injected as an @AuthenticatedPrincipal) however SecurityContextHolder.getContext().getAuthentication() returns an Authentication instance that looks totally fine. I get a NPE when the token.getCredentials() gets called at the bottom