Skip to content

Tag: spring-security

Spring Boot HttpSecurity – @PreAuthorize – How to set AuthenticationFilter?

I am currently developing a API Authorization. So basically I have a filter JwtAuthorizationFilter. And in my RestController I want to annotate the request that should be filtered via @PreAuthorize(“hasRole(‘ADMIN’)”) for example. So my question is now: How do i have to setup the WebSecurityConfigureAdapter (or any other thing) to link the annotations with the JwtAuthorizationFilter? Thank you! Best regards

Spring-Boot-Security: Custom Authenticator

I am starting with Spring-Boot and have an application with WebSecurity. Its working fine, I have InMemory Authentication with static user/passwords. Now I have no need for DB or LDAP or … But I want to build a custom authenticator that uses dynamic data (e.g. password has current time in it). How to implement a custom authenticator? How can I

Unable to Run my Spring Security MVC WebApp SpringChainFilter throwing exception, rawPassword cannot be null

So I was trying to make a simple spring security hardcoded security just to check how my app is working before connecting it to the DB but before that it start showing me error 500. Here is my Configuration file Here is my webSecurity Configuration class with In memory authentication with some sample data. Here is my Servlet Initializer Class

Why I can StompCommand.CONNECT without JSESSIONID, but X-XSRF-TOKEN is required?

My goal is to secure a WebSocket endpoint e.g ws://localhost:8080/chat. What I did: I tried to create WebSocket connection with STOMP AbstractSecurityWebSocketMessageBrokerConfigurer WebSocketMessageBrokerConfigurer WebSecurityConfigurerAdapter My expected result is: The WebSocket connection should fail because I did not send the JSESSIONID. My actual result is: The Spring Security recognize the user, and I can get the UserDetails with (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal(). My

i can’t figure out which component of the spring is doing this

10.5. AuthenticationManager AuthenticationManager is the API that defines how Spring Security’s Filters perform authentication. The Authentication that is returned is then set on the SecurityContextHolder by the controller (i.e. Spring Security’s Filterss) that invoked the AuthenticationManager. If you are not integrating with Spring Security’s Filterss you can set the SecurityContextHolder directly and are not required to use an AuthenticationManager. i

Gradle Login and signup page giving error in getUserAuthority() in

The method getUserAuthority(java.util.Set<com.djamware.springsecuritymongodb.domain.Role>) in the type CustomUserDetailsService is not applicable for the arguments (java.util.Set<>) Why giving this error? This Java file is under package and is under package com.djamware.springsecuritymongodb.domain I have created User Class attached here. Answer The reason is that the Role that CustomUserDetailsServices getUserAuthority(Set<Role> userRoles) is expecting com.djamware.springsecuritymongodb.domain.Role (see its imports). However, User is returning