Quote from the Spring reference doc: Upon initialization of a DispatcherServlet, Spring MVC looks for a file named [servlet-name]-servlet.xml in the WEB-INF directory of your web application and creates the beans defined there… Your servlet is called spring-dispatcher, so it looks for /WEB-INF/spring-dispatcher-servlet.xml. You need to have this servlet configuration, and define web related beans … Read more
I had the same problem the other day. After some debugging of Spring Boot 1.3 I found the following solution. 1. You have to setup the headers on your Apache proxy: <VirtualHost *:443> ServerName www.myapp.org ProxyPass / http://127.0.0.1:8080/ RequestHeader set X-Forwarded-Proto https RequestHeader set X-Forwarded-Port 443 ProxyPreserveHost On … (SSL directives omitted for readability) </VirtualHost> … Read more
The security’s authorization check part gets the authenticated object from SecurityContext, which will be set when a request gets through the spring security filter. My assumption here is that soon after the login this is not being set. You probably can use a hack as given below to set the value. try { SecurityContext ctx … Read more
If you haven’t actually registered any users with your existing format then you would be best to switch to using the BCrypt password encoder instead. It’s a lot less hassle, as you don’t have to worry about salt at all – the details are completely encapsulated within the encoder. Using BCrypt is stronger than using … Read more
According to the new updates in Spring 2.0, if Spring Security is on the classpath, Spring Boot will add @EnableWebSecurity.So adding entries to the application.properties ain’t gonna work (i.e it is no longer customizable that way). For more information visit the official website Security changes in Spring Boot 2.0 Albeit not sure about your requirement … Read more
Other users have provide some very useful links above so I am not going to bother with links. I have done a similar research in JAAS for web application and has ran into a “mind roadblock” until I finally realize JAAS is a framework tackling security at a different “layer” then web applications in the … Read more
Token based authentication – users will provide its credentials and get unique and time limited access token. I would like to manage token creation, checking validity, expiration in my own implementation. Actually, use Filter for token Auth – best way in this case Eventually, you can create CRUD via Spring Data for managing Token’s properties … Read more
I too agree that Spring Security feels too complicated (to me). Sure, they have done things to reduce complexity, like creating custom XML namespaces to reduce the quantity of XML configuration, but for me, these don’t address my personal fundamental issue with Spring Security: its names and concepts are often confusing in general to me. … Read more
The error is most likely caused by declaring the AuthenticationManager as a @Bean. Try this in your test class: @MockBean private AuthenticationManager _authenticationManager; That said, the Spring Security team does not recommend exposing the AuthenticationManager in this way, see the comment in Spring issue #29215
You override your previous matchers, see HttpSecurity.html#antMatcher: Invoking antMatcher(String) will override previous invocations of mvcMatcher(String)}, requestMatchers(), antMatcher(String), regexMatcher(String), and requestMatcher(RequestMatcher). and HttpSecurity.html#regexMatcher: Invoking regexMatcher(String) will override previous invocations of mvcMatcher(String)}, requestMatchers(), antMatcher(String), regexMatcher(String), and requestMatcher(RequestMatcher). If you want more than one configuration of HttpSecurity, see Spring Security Reference: We can configure multiple HttpSecurity instances just … Read more