I am getting a 404 error when invoking /actuator/auditevents endpoint. Upon closer look, I see that available endpoint listing doesn’t include /auditevents endpoint. pom.xml dependencies application.properties management.endpoints.web.exposure.include=* http://localhost:8080/actuator output Spring-boot …
Tag: spring-security
Use multiple HttpSessionIdResolver with Spring
I want to use the HTTPSessionIdResolver for everything located under “/api**” and for everything else the standard CookieResolver. How is this possible, so that the two configurations use different resolvers? With my current approach everything uses X-AUTH. I tried to understand the implementation…
Adding Same Site Header to JSESSIONID Spring Security
Google chrome has introduced changes that require setting the Same-Site header. In order to achieve this, I added a custom filter as follows, Following is the code for Security Configuration However, when I look at the headers received, I get this The filter adds the required fields in all the responses excep…
Spring Boot – set default HTTP Oauth2Login() registration/provider
New to spring boot and I’m working on an application that already had some Oauth2 authentication done for signing in with azure. I was tasked with setting up some auth for another API and now I have two registrations(client id/secret/grant-type) in my application-local.properties. example of login promp…
Can’t configure antMatchers after anyRequest (Multiple antMatcher)
I am trying to configure Spring Security and get this following error: Caused by: java.lang.IllegalStateException: Can’t configure antMatchers after anyRequest This is my SecurityConfig class: I already tried call httpSecurityauthorizeRequests().anyRequest().authenticated() as mentioned here, still didn…
How to handle UsernameNotFoundException spring security
How to handle UsernameNotFoundException ? In spring security when username not found the UserDetailsService implementation throws a UsernameNotFoundException. For example like this: I would like to build a custom “User not found REST response”. How should I catch/handle this exception? I have impl…
Java – Spring Boot: Access-Control- Allow-Origin not working
I tried to implement Access-Control- Allow-Origin in spring boot using few tutorials and this link but not able to implement this. To implement this, in application.properties file, I added below line Which probably means that except the URL https://example.com, no other endpoint can call any APIs. But itR…
How to fix Spring Security Authorization header not being passed?
In one of my REST services, I make use of Spring Security to validate the token that is being passed in the header. However, spring is unable to find the “Authorization” header, even though it is there. This was not a problem when testing in test, and even locally but when we deployed to PROD we g…
Can you set a dynamic value to @PreAuthorize in Spring?
Right now I use But I want the CREATE_USER_PRIVILEGE to come from a function(). Is this possible? Answer You could do something like this:
How to extract claims from Spring Security OAuth2 Boot in the Resource Server?
I have an Authorization Server built in .Net Core Using Identity Server 4! It is working as expected to authorize clients and resources from Node Js and .Net. Now I’m trying to add a Java spring Boot 2 API (jdk 1.8) as a Protected Resource. I have achieved that goal by using the OAuth2 Boot Documentatio…