I am getting a 404 error when invoking /actuator/auditevents endpoint. Upon closer look, I see that available endpoint listing doesn’t include /auditevents endpoint. pom.xml dependencies application.properties management.endpoints.web.exposure.include=* http://localhost:8080/actuator output Spring-boot version: 2.2.6.RELEASE Not sure whether I am missing any required configuration. Answer Auditing can be enabled by providing a bean of type AuditEventRepository in your application’s configuration. Try to add
Tag: spring-security
Use multiple HttpSessionIdResolver with Spring
I want to use the HTTPSessionIdResolver for everything located under “/api**” and for everything else the standard CookieResolver. How is this possible, so that the two configurations use different resolvers? With my current approach everything uses X-AUTH. I tried to understand the implementation within Spring and I end up in the SessionRepositoryFilter, but of this filter only one instance is
Adding Same Site Header to JSESSIONID Spring Security
Google chrome has introduced changes that require setting the Same-Site header. In order to achieve this, I added a custom filter as follows, Following is the code for Security Configuration However, when I look at the headers received, I get this The filter adds the required fields in all the responses exception the one containing the JSESSIONID cookie. How do
Spring Boot – set default HTTP Oauth2Login() registration/provider
New to spring boot and I’m working on an application that already had some Oauth2 authentication done for signing in with azure. I was tasked with setting up some auth for another API and now I have two registrations(client id/secret/grant-type) in my application-local.properties. example of login prompt This works. The problem now is when visiting the application for the first
Can’t configure antMatchers after anyRequest (Multiple antMatcher)
I am trying to configure Spring Security and get this following error: Caused by: java.lang.IllegalStateException: Can’t configure antMatchers after anyRequest This is my SecurityConfig class: I already tried call httpSecurityauthorizeRequests().anyRequest().authenticated() as mentioned here, still didn’t work …any suggestion would be helpfull. Answer
How to handle UsernameNotFoundException spring security
How to handle UsernameNotFoundException ? In spring security when username not found the UserDetailsService implementation throws a UsernameNotFoundException. For example like this: I would like to build a custom “User not found REST response”. How should I catch/handle this exception? I have implemented a handler method in the WebSecurityConfigurerAdapter implementation the handler: But this method should wait for an AuthenticationException
Java – Spring Boot: Access-Control- Allow-Origin not working
I tried to implement Access-Control- Allow-Origin in spring boot using few tutorials and this link but not able to implement this. To implement this, in application.properties file, I added below line Which probably means that except the URL https://example.com, no other endpoint can call any APIs. But it’s not working I still can see * in response , in below
How to fix Spring Security Authorization header not being passed?
In one of my REST services, I make use of Spring Security to validate the token that is being passed in the header. However, spring is unable to find the “Authorization” header, even though it is there. This was not a problem when testing in test, and even locally but when we deployed to PROD we get this issue. As
Can you set a dynamic value to @PreAuthorize in Spring?
Right now I use But I want the CREATE_USER_PRIVILEGE to come from a function(). Is this possible? Answer You could do something like this:
How to extract claims from Spring Security OAuth2 Boot in the Resource Server?
I have an Authorization Server built in .Net Core Using Identity Server 4! It is working as expected to authorize clients and resources from Node Js and .Net. Now I’m trying to add a Java spring Boot 2 API (jdk 1.8) as a Protected Resource. I have achieved that goal by using the OAuth2 Boot Documentation! Everything works fine so