I have a Spring MVC application secured with Spring Security. The majority of the application uses simple HTTP to save resources, but a small part processes more confidential information and requires an HTTPS channel. Extract from the security-config.xml : All worked fine until we decided to migrate it to the…
Tag: spring-security
How to integrate Spring Security with Spring Batch?
I want to create a secured web application where users can launch Spring Batch jobs. I want to keep track about who launched which job and thus I have to associate a JobInstance (or a JobExecution?) with a user. I additionally want to query for JobExecutions that were started by a particular user. This does n…
Spring Boot ConflictingBeanDefinitionException: Annotation-specified bean name for @Controller class
I keep getting the ConflictingBeanDefinitionException error in my Spring boot application. I am not entirely sure as to how to address it, I have several @Configuration annotated classes helping to set up Thymeleaf, Spring Security and Web. Why is the application trying to setup the homeController twice? (and…
Spring Security 3 – always return error 302
I use Spring 4 to create a simple application. Recently, I’m adding Spring Security 3 to the project but always get the Error Code 302 ( so it redirect to home page always ). Here is my SecurityConfig: I have a Controller called AccountController: My WEB-INF structure: The flow is like: User access the …
How to fix Hibernate LazyInitializationException: failed to lazily initialize a collection of roles, could not initialize proxy – no Session
In the custom AuthenticationProvider from my spring project, I am trying read the list of authorities of the logged user, but I am facing the following error: Reading other topics from here in StackOverflow, I understand this happens due the way this type of atribute is handled by the framework, but i canR…
How do I unit test spring security @PreAuthorize(hasRole)?
What do I need in order to unit test the hasRole part of a PreAuthorize annotation on a controller method? My test should succeed because the logged in user only has one of the two roles, but instead it fails with the following assertion error: java.lang.AssertionError: Status Expected :401 Actual :200 I have…
Removing user login credentials from session when user logout in spring-security
I am new to Spring and Spring-Security. I have been going through the tutorials here The user are not allowed to hit add employee page without login. So if you hit add employee page, you will be directed to the login page and when login succeeded you are directed to the add employee page automatically. But on…
alternative to GrantedAuthorityImpl() class
I want an alternative to GrantedAuthorityImpl() class. I want this in spring security implementation. GrantedAuthorityImpl() class is deprecated. Hence I want an alternative solution to it. My code : Answer The class GrantedAuthorityImpl has been deprecated – you can use SimpleGrantedAuthority instead:
How to login to a spring security login form using cURL?
I am working on a springMVC project in which the user authentication is based on spring security. the idea is to have a mobile (android) application to be able to send some sort of data to backend. So before get my hand dirty into android developing I decided to mock the situation of login form using cURL. th…
Web app user authentication with 2 production servers using spring security
Working on the server side of a java based web application (will serve mobile and web clients) and I need to implement users authentication. In production I have 2 servers (duplicated, working against …