I don’t know what I did wrong. I was trying to implement the Jwt token(only post method).it shows the exception that Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.ClassCastException: class com.vivek.discussion.service.UserDetailServiceImpl$1 cannot be cast to class com.vivek.discussion.model.User (com.vivek.discussion.service.UserDetailServiceImpl$1 and com.vivek.discussion.model.User are in unnamed module of loader ‘app’)] with root cause
Tag: spring-security
FilterRegistrationBean url pattern doesn’t work
I am registering a filter as shown below For log output i want url pattern : /*/api/* Answer Since the code registers a Servlet Filter, the URL pattern must conform to the URL mappings supported by Servlets/Filters, as specified in the Servlet Specification: 12.2 Specification of Mappings In the Web application deployment descriptor, the following syntax is used to define
Spring Security returns 403 instead of 401 and creates invalid Redis session cookie
I’m using Spring Security and Spring Data Redis to keep track of user sessions with custom roles and entitlements. When I try to hit a PreAuthorized endpoint without a session cookie in my browser, it should return a 401. Instead a new (invalid) session cookie is created and the endpoint returns a 403. Here’s my SecurityConfig: I’m also using MethodSecurityConfig
HTTP Basic Authentication using Spring Boot’s Java based configuration
I am trying to set up a simple Spring Boot application secured with HTTP Basic Authentication using a single user with a hard-coded password. So far, I got it working using XML based configuration. How can I achieve the same result using Java based configuration? SecurityConfig.java spring-security.xml Note: I had to use @EnableWebSecurity instead of @Configuration to work around Spring
How do I unit test spring security @PreAuthorize custom expression
I want to write the test of this endpoint, but I am getting the following error. How can I make the expression resolve bean ? Using @MockBean MessageSecurityService didn’t work. Answer Have you stub the return of the @MockBean e.g also have you added the following in your test class:
Not able to prevent multiple concurrent login from the same user in spring security with spring boot
** Here I have edited my code as to see that i’m currently using in memory authentication for this purpose Here is my Security configuration file, What I want to achieve is for one user to not have concurrent sessions. With this code I can login with same user on multiple tabs. Eventhough the user has an active session Can
Spring 5 Oauth2 – How to provide the check token URL in my Resource server?
I need some help.. I set up an AuthorizationServer using @EnableAuthorizationServer from Spring-security-oauth2 for grant type “client_credentials”. Able to create, check tokens and everything good with this. /oauth/token /oauth/checkToken Followed this sample for Authorization server I have a separate project that has the REST APIs to be secured. I can’t use @EnableResourceServer because that project uses Spring 5.2.8 and the
Spring Security – How to get the roles assigned to user
I am implementing JWT Role Based Authorization. I am testing my apis through postman. The users first makes a POST request and registers itself where we pass in the firstname, empid and password. The user on successfull registarion returns a response including a column roles which is null in the starting. Then I manually assign the user role. I have
Spring Security roles issue
I overrode the method in the SpringWebConfig and I want to give all pages of application only for admins. When I try to open page http://localhost:8080/api/v1/skills/ without any authorization I have a correct result instead of 403. Maybe I’m wrong with my config? Full project https://github.com/Wismut/crud_developers Answer Add the following class inside config package
Using static methods with Spring Security to get current user details
I have a requirement to get the details of the current user who has been loggedIn. To get the details, we can use the SecurityContextHolder.getContext() and extract the details. According to, SecurityContextHolder, SecurityContext and Authentication Objects By default, the SecurityContextHolder uses a ThreadLocal to store these details, which means that the security context is always available to methods in the