All Questions
Tagged with spring spring-security
15,067 questions
0
votes
1
answer
37
views
Why does Spring Security FilterChain process @Controller and @RestController requests differently
I have a Spring OAuth2-Client with the following filterChain:
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
return http
....
1
vote
0
answers
26
views
How to use Spring Security 6.4.0 Passkeys with RedisHttpSessionRepository?
How can I configure Spring Boot 3.4.0 to store PublicKeyCredentialRequestOptions.java in RedisSessionRepository?
I am using Spring Boot 3.4.0, Spring Security 6.4.0, and @EnableRedisHttpSession. I get ...
- 714
0
votes
1
answer
40
views
Prevent automatic Spring OAuth2 redirect
I am trying to follow along the Spring Boot OAuth2 example, which sadly seems to be a bit outdated. The article describes a simple Spring Boot application that outsources login to an OAuth 2.0 ...
- 9,546
0
votes
0
answers
30
views
Getting spring login page for all oauth2 endpoints configured in java springboot
Hi I have configured java springboot OAuth2 Authorization server with default oauth2authorization server setting using OAuth2AuthorizationConfigurer class and oidc Customizer withDefault. Still i try ...
0
votes
0
answers
29
views
SpringBoot security standard MFA sample does not work the way it should
I am new to spring boot security and trying to get this standard sample to work: servlet/spring-boot/java/authentication/username-password/mfa but both MfaApplicationTests as the MfaApplication don´t ...
- 1
0
votes
0
answers
28
views
How to customize AuthenticationManagers returned by JwtIssuerAuthenticationManagerResolver?
I'm interested in implementing custom logging, validation, and principal representation. OAuth2ResourceServerJwtConfiguration along with SecurityFilterChain allow for these customizations. However, I'...
-2
votes
0
answers
45
views
Why OAUTH2 in spring security need to save access_token?
According to spring security, there is a service OAuth2AuthorizationService which has many implementations one of them is JdbcOAuth2AuthorizationService. This service saves token inside my db and the ...
0
votes
0
answers
56
views
Spring Security with Spring Session can't correctly find the session after application restart
I'm implementing Spring Security with Spring Session for my cloud based application.
Everything works correctly, the integration with Spring Session as well. But if I restart my application (For ...
- 1
-1
votes
1
answer
24
views
Getting refresh_token null in springboot3.3 using oauth2 google
I am using Spring boot 3.3 with below configuration
Application.yaml :-----
spring:
security:
oauth2:
client:
registration:
google:
client-id: xxxx
client-secret: xx
scope: profile, email, openid
...
0
votes
0
answers
27
views
problem starting a jhipster application with a dependency on camunda-bpm-spring-boot-starter
Can you help me please?
Following the generation of the jhipster application, I try to insert the dependency:
org.camunda.bpm.springboot camunda-bpm-spring-boot-starter 7.22.0
And when it starts I ...
0
votes
1
answer
50
views
Spring auto redirect to auth/login but l want redirect to successful.html how l fix it
I have a registration form in register.html that sends a POST request to the /auth/register endpoint. After submitting the form, I want to redirect the user to successful.html instead of /auth/login . ...
- 1
0
votes
1
answer
145
views
Springboot Oauth2 Principal object
I use springboot3 with spring-boot-starter-oauth2-resource-server.
I can receive Jwt object using @AuthenticatedPrincipal in controller and I have access to jwt data in method access-control ...
0
votes
1
answer
54
views
I can not login via using Spring Security form login
I am trying to implement form login using spring security and a custom login page. But I am getting LazyInitializationException during login.
2024-12-01T22:04:46.534+03:00 WARN 18068 --- [...
0
votes
1
answer
28
views
Failing JWT Authentication in spring with async requests
Hello everyone I wrote an api Backend in Spring and added jwt Authentication. The problem is that I wrote everything async and now the Authentication doesnt work with the async methodes. The token is ...
0
votes
0
answers
33
views
Java Spring Security Error :401 Unauthorized for token OAuth2 end point
I am beginner to Oauth and just trying on getting access token but everytime I get this error 401 unauthorised even though client credentials are correct
package com.example.springbootdemo;
import ...
0
votes
1
answer
71
views
Spring authorization server latest version with PKCE + Angular SPA app 403 forbidden on oauth2/token
Security configuration
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
@Order(1)
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) ...
- 16.9k
1
vote
0
answers
29
views
Using Spring OAuth2 Client but not for authentication
I want to connect multiple social accounts to one user profile without a social login. How can I do this with Spring?
I thought I could use Spring's OAuth2 Login to do the Authorization Code Flow to ...
0
votes
1
answer
32
views
Spring authorization server + angular app + oidc-client.ts NoResourceFoundException: No static resource oauth2/authorize 404
I have the below client and security configuration using Spring authorization server
build.gradle
dependencies {
implementation("org.springframework.boot:spring-boot-starter-oauth2-...
- 16.9k
0
votes
0
answers
18
views
Spring post request keeps saying: "Invalid username or password"
I'm trying to make a login system with Spring. Now the users are created with the hashed passwords and a token should be generated if the login is correct. I'm testing in Postman and I see that it's ...
- 19
0
votes
0
answers
61
views
Spring OAuth2 flow with azure-ad
Current setup:
Frontend (Angular)
Reverse Proxy (Nginx)
BFF (Spring Gateway & Spring OAuth2 Client)
IDP (Azure AD)
Resource Server (Spring Resource Server)
I'm currently stuck with the oauth2 ...
0
votes
0
answers
51
views
Empty issuer DN not allowed in X509Certificates
I am trying to implement Spring Security against Keycloak which is deployed on a local K3D cluster, configuration for which is given below:
application.yml:
spring:
application:
name: backend
...
- 11
-1
votes
0
answers
36
views
java.lang.IllegalArgumentException: Unsupported configuration attributes
I have recently upgraded Java to Java 11 and Spring and Spring Security to 5.3.19 and 5.3.0 respectively. The project is successfully compiled and built. However, when I try to run the program , I get ...
0
votes
0
answers
20
views
After sending an authentication request to Spring Security, the same form is returned due to incorrect data, although the data is correct
Authentication is done by custom fields. But the type of one of the fields (pin) matches the field type that UserDetails requires, and the other field (phoneNumber) is of type Long, not String like ...
- 1
0
votes
0
answers
35
views
Spring security web config is not working properly
My previous project had same spring security just different apis but in my new project with same pom.xml dependencies, java/spring version it doesnt work.
@Configuration
@EnableWebSecurity
public ...
0
votes
0
answers
22
views
Validate saml2 login response inside controller using spring security
I am trying to implement spring security in our exsisting project. Currently we are using Openam for saml authentication. The current architecture is we are triggering the saml authentication requests ...
-1
votes
1
answer
43
views
Forbidden Error when I include @Async to a method
I am relatively new to java and was working on a personal project of mine. I was successfully able to build it synchoronously. Just for learning more I wanted to start making it asynchronous. It's an ...
- 1
-1
votes
0
answers
27
views
Spring Security default login page not working
I am working through Spring in Action Sixth Edition, currently on chapter 8 which deals with OAuth2 authorization. I was told to create a new Spring Boot project and access a specific URL in the ...
0
votes
1
answer
48
views
Skip Custom JWT Filter for /api/auth/signin while Using permitAll()
I'm using Spring Security 6 with a custom JwtAuthenticationFilter to handle JWT-based authentication for my API. However, despite using .permitAll() for the /api/auth/signin endpoint, the custom ...
- 127
0
votes
0
answers
57
views
Spring Authorization Server - Possibility for extended features
While integrating Spring Authorization Server in my system for the oauth2 basic workflow, i found myself in potential situations regarding the future extensions for this.
Is any of the following ...
- 79
-1
votes
0
answers
36
views
Spring Authorization Starter Server OIDC Logout endpoint issue
I have the following workflow:
Authorization Server with Spring Boot Authorization Starter
Gateway Client with Spring Cloud Gateway and Ouath2 Client dependencies
Couple of Resource Servers
Front End ...
- 79
0
votes
0
answers
18
views
Spring-security-ldap fails to authenticate non-administrative users using active directory LDAP
Good morning, in the past I have developed applications in Node.js using the activedirectory and activedirectory2 modules, and with both modules, the webapps can authenticate users using the AD LDAP. ...
- 1
1
vote
0
answers
84
views
Upgrading from Spring Framework 5 to 6 (Spring Security 5.7.2 to 6.3.4)
I'm currently migrating my application to Spring Framework 6, which required updating the javax namespace to jakarta. While most components seem to be working, I’m facing an issue specifically with ...
- 31
0
votes
1
answer
29
views
Spring SwitchUserFilter sees no existing authentication
I’ve got the whole impersonation setup: filter, authentication, the works. This is a Vaadin application based on SpringBoot.
@Bean
public SwitchUserFilter switchUserFilter() {
...
- 2,592
-1
votes
0
answers
21
views
Spring Security with Spring Exception Handling
Thanks for your help.
I am currently working with Spring Boot and Spring Security. My issue is that a MethodArgumentNotValidException is thrown due to validation violations in the JSON of the request. ...
- 9
-1
votes
1
answer
26
views
How to Use Awaitility with Authentication Context in Spring Boot Integration Tests?
I'm facing an issue with using Awaitility in my Spring Boot integration tests. My setup involves setting an authentication context in the test before executing a piece of code that I want to verify ...
- 1,331
0
votes
1
answer
42
views
Spring Security: at which point/filter the URL changes to redirect URL with Oauth2 flow
I have this config:
@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class SecurityConfig {
@Bean
...
- 5,070
0
votes
2
answers
40
views
Spring Authorization Server without redirecting URLs for CURL access
This is my setup. I have a kong community server running as a gateway and all sort of different clients to access resource services via routes in the backend.
To unify the authentification (that all ...
- 435
0
votes
0
answers
62
views
How to save a webauthn passkey in jdbc database?
With the latest Spring-Security version (6.4.0-RC1) it is now possible to register passkeys and log in with them. You can simply implement them by configuring the SecurityConfig.java as described here....
- 1
0
votes
1
answer
28
views
OAuth2 with Discord: OAuth2AuthorizationRequestRedirectFilter and OAuth2LoginAuthenticationFilter are stuck in a loop. requiresAuthentication is false
I'm trying to use Oauth2 with Discord as a provider. I have this configuration:
@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, ...
- 5,070
0
votes
1
answer
46
views
Spring Boot + Keycloak Policy Enforcer: Handling 401 for Missing Token Before 403
I'm using Spring Boot as a resource server with Keycloak for authentication and authorization. My setup includes spring-oauth2-resource-server for handling JWT tokens and keycloak-policy-enforcer for ...
- 103
0
votes
0
answers
61
views
Spring vulnerability issue
I am using spring boot 3.2.5 and in theeadfix scan it is showing vulnerable, so I have upgraded to 3.2.11 because other versions are showing vulnerabilities. When I upgraded to 3.2.11, it is ...
0
votes
1
answer
106
views
Saml Logout response is not getting generated
I am trying to implement saml2 using spring-security-saml2-service-provider. I am using version 6.3.3. I only have controllers in my application. I am able to do the login properly. But when I want to ...
0
votes
0
answers
32
views
Spring Security Oauth2 Token Introspection
When I'm issued a new jwt access token from the Spring security Authorization server, its always evaluated as active false by the Spring Security /oauth2/introspect endpoint, even though when decoded ...
- 1
0
votes
1
answer
28
views
Spring Security Oauth2 Access Token in ReactJS client
What would be the best way to store JWT access tokens received from the Spring Security Authorization server in a ReactJS client? I didnt find anywhere in the documentation whether its possible to ...
- 1
0
votes
0
answers
45
views
Spring security - Wrong password after a couple days of uptime
I am facing a strange problem. My Spring boot 2 application always have login issues after a couple days uptime. If I restart the server then it started working, after a couple of days, it always ...
- 425
1
vote
1
answer
31
views
built-in Spring Security authorization form
I am doing registration and user login on the site in java, Spring Security, Spring boot and the problem arose is that when I log in to localhost:8080/login, the standard form from Spring Security ...
- 43
0
votes
1
answer
34
views
Custom Authenticationfilter authentication successful but not logged in
I am using spring boot with hilla and I am trying to implement a custom login since the Form based login doesnt suit my goal.
I've created an AuthenticationProvider, AuthenticationFilter and added ...
- 1
0
votes
0
answers
12
views
Spring Security - Unrestricted Access on Unauthenticated Endpoints in Custom Role-Based Authorization
I'm trying to configure Spring Security to restrict access to endpoints based on roles defined in my application.yml file. I have specified some open paths that should be publicly accessible, while ...
- 1,060
-1
votes
3
answers
70
views
Still receiving 403 error after Spring Security login
I am learning spring and and I am learning traditional user / password authentication with Spring Security.
Currently, I'm using my own login page. In my controller, I am able to verify the users ...
- 3
0
votes
1
answer
51
views
AuthorizationHeader is empty in Waffle after update to Spring Boot 3
We use Waffle in our Vaadin app. I have debugged the source code for Waffle.
request.getHeader("Authorization");
is called on line 61 in the Waffle-class AuthorizationHeader. This returns ...
- 330