Skip to content

Tag: spring-security

user detail service cannot be cast to user in a unnamed module loader app

I don’t know what I did wrong. I was trying to implement the Jwt token(only post method).it shows the exception that Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.ClassCastException: class com.vivek.discussion.service.UserDetailServiceImpl$1 cannot be cast to class com.vivek.discussion.model.User (com.vivek.discussion.service.UserDetailServiceImpl$1 and com.vivek.discussion.model.User are in unnamed module of loader ‘app’)] with root cause

FilterRegistrationBean url pattern doesn’t work

I am registering a filter as shown below For log output i want url pattern : /*/api/* Answer Since the code registers a Servlet Filter, the URL pattern must conform to the URL mappings supported by Servlets/Filters, as specified in the Servlet Specification: 12.2 Specification of Mappings In the Web application deployment descriptor, the following syntax is used to define

Spring Security returns 403 instead of 401 and creates invalid Redis session cookie

I’m using Spring Security and Spring Data Redis to keep track of user sessions with custom roles and entitlements. When I try to hit a PreAuthorized endpoint without a session cookie in my browser, it should return a 401. Instead a new (invalid) session cookie is created and the endpoint returns a 403. Here’s my SecurityConfig: I’m also using MethodSecurityConfig

HTTP Basic Authentication using Spring Boot’s Java based configuration

I am trying to set up a simple Spring Boot application secured with HTTP Basic Authentication using a single user with a hard-coded password. So far, I got it working using XML based configuration. How can I achieve the same result using Java based configuration? spring-security.xml Note: I had to use @EnableWebSecurity instead of @Configuration to work around Spring

Spring 5 Oauth2 – How to provide the check token URL in my Resource server?

I need some help.. I set up an AuthorizationServer using @EnableAuthorizationServer from Spring-security-oauth2 for grant type “client_credentials”. Able to create, check tokens and everything good with this. /oauth/token /oauth/checkToken Followed this sample for Authorization server I have a separate project that has the REST APIs to be secured. I can’t use @EnableResourceServer because that project uses Spring 5.2.8 and the

Spring Security roles issue

I overrode the method in the SpringWebConfig and I want to give all pages of application only for admins. When I try to open page http://localhost:8080/api/v1/skills/ without any authorization I have a correct result instead of 403. Maybe I’m wrong with my config? Full project Answer Add the following class inside config package

Using static methods with Spring Security to get current user details

I have a requirement to get the details of the current user who has been loggedIn. To get the details, we can use the SecurityContextHolder.getContext() and extract the details. According to, SecurityContextHolder, SecurityContext and Authentication Objects By default, the SecurityContextHolder uses a ThreadLocal to store these details, which means that the security context is always available to methods in the