Skip to content

Tag: spring-security

Spring security exception handling custom response

How is it possible to return a json instead a html? I got: i need something like this: My Adapter: The CustomAuthenticationEntryPoint Answer Pragmatically we can print/write to response[.getWriter()] within our entry point, like: BasicAuthenticationEntryPoint@github Then we can pass a test like: To make it work for basic authetication and “wrong credentials” see also: . Dup/Related: How to set

Isn’t SecurityContextHolder a Bean?

Trying to Autowire SecurityContextHolder I get error Turns out that it is available from any part of the code like How come it isn’t a bean and how does it get initialized under the hood? Are there other static utility classes like that available to be consumed from anywhere and how do I find them? Answer SecurityContextHolder is a utility

Spring Boot, Spring-Security – BcrypPasswordEncoder in new component-based security configuration

I am trying to use the new Component-Based (Without WebSecurityConfigurerAdapter) configuration and setted up my Security Configuration as follow: file but when I run the application and try to log a user the following error appears even though I have the BCryptPasswordEncoder as a bean in my SecurityConfiguration: Error Stack Trace* Which is the correct way to set up

How to have the same type of User object when using multiple AuthenticationProviders?

I have two working AuthenticationProviders in my Server: Once a user is logged in, I access their data via SecurityContextHolder.getContext().getAuthentication().getPrincipal() (with appropriate checks for no or anonymous logins). For the JDBC login the principal is a object and for LDAP it is a object. I would like to ultimately use the same custom User class for both providers, : Unauthorized error: Full authentication is required to access this resource config log Go to URL http://localhost:8088/swagger-ui/index.html How to fix it? Answer Your configuration is mostly correct, your swagger page loads properly except that when it tries to retrieve the swagger config and api-docs via its ajax call it fails to do so because it’s under security’s control. Look at your dev tools and watch the network traffic; you’ll probably

A better way to implement a large amount of cascading roles and authorities in Spring Security?

So i’m currently refactoring the backend code for my organization to prep for future upgrades. It currently runs fine, its just that the code is getting quite messy because of the sheer amount of roles and authorizations that exist in this org. So our backend stack here is a simple springboot Rest API, we use a third party Oauth authentication