Questions tagged [spring-security]
Spring Security is the Spring Framework's application security solution. Spring Security can be used to secure URLs and method invocations. It is widely used to secure standalone web applications and REST APIs.
spring-security
29,092
questions
-1
votes
0
answers
17
views
@RestControlerAdvice not working in spring-boot application [closed]
I have a spring boot application and I am working to configure a global exception handler. Based on the latest spring docs I am using @RestControllerAdvice to try and handle the exceptions. Here is an ...
-2
votes
0
answers
30
views
hasAnyAuthority is not enforced when doing a request. Spring security 6 [closed]
I am working on a Spring Boot 3.3 application and using Spring Security 6 to secure my endpoints.
Problem:
Despite configuring hasAnyAuthority for POST and PUT requests, the
getAuthorizationDecision ...
0
votes
0
answers
22
views
Validate protected resource by spring security behind ingress auth-url
I have a node.js app auth-svc. it has authenticate page and validateToken Endpoint.
I have spring boot service it has ingress resource "nginx.ingress.kubernetes.io/auth-url" so ı want to ...
-1
votes
1
answer
12
views
Why does Spring 5 give me 403/404 for the from login
I upgrading an app from Spring Security 3.2 to 5.8. Following Spring Security XML I get a 403 if I don't have
<security:http security="none" pattern="/dologin" />
Otherwise ...
0
votes
0
answers
17
views
facing invalid credentials error while implementing oauth2login authentication using microservice architecture through API gateway
I have two services i.e. API-gateway which is running on port 6051 and auth-service which is running on 6052 port. I have added dependency and configuration in auth-service and sets redirect url which ...
0
votes
0
answers
21
views
Spring cloud gateway gives me "An expected CSRF token cannot be found" when i perform POST
i only have 2 dependecy in gateway server, ouath2 client and spring-cloud-starter-gateway.
here is the code i have in gateway server
@Bean
public RouteLocator customRouteLocator(...
0
votes
0
answers
19
views
Spring Gateway with authenticator not forwarding requests
I am quite new to using Spring Gateway and I am setting it up with Spring Gateway MVC as I did my authentication in MVC. I have added the dependencies to my pom, I have an API running in port 8090. I ...
0
votes
1
answer
15
views
How do I setup authentication via multiple IdPs that support OAuth 2.0?
If I have a Spring Boot 3 based application that utilizes Spring Security and Spring WebFlux and is already setup to authenticate and authorize users via IdP1, then how do I enhance this application ...
0
votes
0
answers
17
views
Null or Empty scopes when passed to /oauth2/token giving all the scopes. When scopes are passed, getting proper response
Below is my curl. I am firing /oauth2/token endpoint in my Spring Boot security application. So when I give proper scopes in the request body. I am getting same scopes in response as well as in ...
0
votes
0
answers
22
views
Spring authorization server : Invalid Credentials Error After Successful Login with Custom Form Login Configuration [closed]
i try to test my access and refresh token based on
https://www.oauth.com/playground
I am setting up an spring authorization server and have implemented a custom login page. My configuration is based ...
-2
votes
0
answers
50
views
Issue with Spring Security and JWT: Redirect to authenticationEntryPoint after successful login
I've been trying to solve a problem with Spring Boot Security in my application for days and I can't find the cause. Here is the flow of the application and the problem I am facing:
Application Flow:
...
-2
votes
0
answers
25
views
What is the alternative way to get authenticationManagerBean() without WebSecurityConfigurer?
WebSecurityConfigurer is already deprecrated.
For now I use AbstractHttpConfigurer and META-INF/ Spring factories as Spring team recommend.
org.springframework.security.config.annotation.web....
-2
votes
0
answers
22
views
InsufficientAunthenticationException: Full authentication is required to access this resource
I have upgraded spring boot version 2.x.x to 3.1.1.
I changed the configuration for bearer token validation as shown in below snippet.
private final AuthenticationFilter authenticationFilter;
...
0
votes
0
answers
27
views
RequestRejectedException: The request was rejected because the URL contained a potentially malicious String "//"
In my attempt to make my web application secure, I was testing the URL "myapp/resources//etc/passwd" to see if it correctly handles any malicious URL. Although the request itself returns a ...
0
votes
0
answers
30
views
How to avoid session creation in cookies when going to STATELESS in spring 6
I am using spring security with spring 6(XML based) and tomcat.
Previously i was using session but now i am moving to JWT. I already set it create-session="stateless" in spring-security.xml ...