I recently upgraded to Spring Security 6, and have found that authenticating using basic auth from JS or from curl no longer works but authenticating with basic auth using Java’s HttpClient does work. My goal is to be able to authenticate with all approaches. The app uses Java 17, Spring Security 6, and Spring Session 3. It has a “login”
Tag: spring-session
Why is remember-me a lesser authentication then full-authentication in spring-security?
This is a conceptual question about the fact, that authentication has different grades in spring security. There is a grade for anonymous authentication also called IS_AUTHENTICATED_ANONYMOUSLY and remember me authentication IS_AUTHENTICATED_REMEMBERED the full authentication, when a user just provided his entire credentials and got confirmed aka IS_AUTHENTICATED_FULLY In the implementation of AuthenticatedVoter#isFullyAuthenticated it is clear, that a full authenticated user
Put user in HttpSession with Spring Security default login and authenticate
I precise that I am a french student in 1st year of Java Developper. I’m developing a little multi-module app using: Spring Boot, Spring security, Hibernate, Spring Data, Spring MVC and Thymeleaf. I would like to set the User in the session, or at least the userId, at login. This way I don’t have to put it manually in the