After struggling with this for a few days (searching SO for similar questions, doing trial & error), I am tempted to give up… So the problem is I have a REST service based on Spring Boot using Spring Security and JWT for authentication. Now I want to secure some of the methods to be only called by authorized people using
Tag: spring-security
How can I use @WithMockUser and pass my username and password from my properties file?
I am writing an integration test where the application has a basic auth applied with spring security. I am using @WithMockUser to tell mockMVC how to authenticate with my endpoints. This works but I am wondering if I can replace those strings with references to the values in my application.properties file similiar how you can do: Is the above possible?
Put user in HttpSession with Spring Security default login and authenticate
I precise that I am a french student in 1st year of Java Developper. I’m developing a little multi-module app using: Spring Boot, Spring security, Hibernate, Spring Data, Spring MVC and Thymeleaf. I would like to set the User in the session, or at least the userId, at login. This way I don’t have to put it manually in the
Spring Security LDAP Authentication and gather user details from local database
In summary, user is being authenticated, but I do appear to actually have logged into the users account. I’m currently working on implementing LDAP authentication on a project. It appears that the authentication portion of things are working in the sense that my application does accept the correct credentials. The issue I’m having is that I cant seem to access
How to log in by email instead of username in Spring security
I use Spring security. Is there a way to log in using email instead of a username in Spring security? Answer You need an “email” parameter in your login form Then let your custom WebSecurityConfigurerAdapter know that “email” is a principal parameter now Finally, override loadUserByUsername() in your UserDetailsService implementation
How to add security for spring 5 websockets
I followed the following tutorial: Using WebSocket to build an interactive web application Everything works as described and aplication looks fine. I just have a nice controller: And a bit configuration. Now I want to add security for this simple application. I spent time to find an example but I could not find it. Generally I’ve found the tutorial: Preview
Spring Security 5 : There is no PasswordEncoder mapped for the id “null”
I am migrating from Spring Boot 1.4.9 to Spring Boot 2.0 and also to Spring Security 5 and I am trying to do authenticate via OAuth 2. But I am getting this error: java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id “null From the documentation of Spring Security 5, I get to know that storage format for password is
401 instead of 403 with Spring Boot 2
With Spring Boot 1.5.6.RELEASE I was able to send HTTP Status code 401 instead of 403 as described in How let spring security response unauthorized(http 401 code) if requesting uri without authentication, by doing this: using the org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint class. I just upgraded to Spring Boot 2.0.0.RELEASE and found there is not such class any more (at least in that package).
delegate builder null when injecting authentication manager in spring security
I am in the process of converting an existing and working Spring Security (version 3.2.10) XML-configuration to a Java-based configuration. The XML-configuration I am replacing has an authentication manager configured: My Java configuration equivalent is: As the authentication manager is referred to by its alias in constructing other beans, I have overridden the authenticationmanagerbean like this: As suggested e.g. in
Spring Security OAuth2 not using token expire values from properties
I am trying to configure my application to pull access and refresh token expire times from my properties file rather than setting them in the java configuration. However it is not picking them up and instead reverts to the default values. Here is a sample of my Java config where I set the expire values manually. This works just fine