Questions tagged [spring-security]

Spring Security is the Spring Framework's application security solution. Spring Security can be used to secure URLs and method invocations. It is widely used to secure standalone web applications and REST APIs.

Spring Security is a powerful and highly customizable authentication and access-control framework. It also provides defense against several common web application attacks. It is the de-facto standard for securing spring-based applications.

Spring Security is one of the most mature and widely used Spring projects. It was founded in 2003 and has been actively maintained by the Spring Team since. Today it is used to secure numerous demanding environments including government agencies, military applications, and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.

Spring Security is also easy to learn, deploy and manage. Its dedicated security namespace provides directives for most common operations, allowing complete application security in just a few lines of Java or XML.

Spring Security is also integrated with many other Spring technologies, including Spring MVC, Spring WebFlux, and Spring Messaging.

Official Website: https://spring.io/projects/spring-security

Useful Links:

28335 questions

322

votes

4 answers

Difference between Role and GrantedAuthority in Spring Security

There are concepts and implementations in Spring Security, such as the GrantedAuthority interface to get an authority to authorize/control an access. I would like that to permissible operations, such as createSubUsers, or deleteAccounts, which I…

asked Oct 22 '13 at 18:17

Chinmay

4,726
6
29
36

304

votes

17 answers

When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?

I have a Spring MVC web app which uses Spring Security. I want to know the username of the currently logged in user. I'm using the code snippet given below . Is this the accepted way? I don't like having a call to a static method inside this…

java spring spring-mvc spring-security

asked Oct 29 '08 at 21:50

Scott Bale

10,649
5
33
36

272

votes

4 answers

RESTful Authentication via Spring

Problem: We have a Spring MVC-based RESTful API which contains sensitive information. The API should be secured, however sending the user's credentials (user/pass combo) with each request is not desirable. Per REST guidelines (and internal business…

java spring rest spring-mvc spring-security

asked May 31 '12 at 01:16

Chris Cashwell

22,308
13
63
94

213

votes

3 answers

How Spring Security Filter Chain works

I realize that Spring security build on chain of filters, which will intercept the request, detect (absence of) authentication, redirect to authentication entry point or pass the request to authorization service, and eventually let the request…

spring authentication spring-security filter jwt

asked Jan 05 '17 at 08:14

Tuomas Toivonen

21,690
47
129
225

211

votes

7 answers

What is the meaning and difference between subject, user and principal?

In the context of security frameworks, a few terms commonly occur subject, user and principal, of which I have not been able to find a clear definition and the difference between them. So, what exactly do these terms mean, and why are these…

java spring-security terminology security

asked Feb 14 '11 at 05:22

ams

60,316
68
200
288

197

votes

1 answer

Spring Security on Wildfly: error while executing the filter chain

I'm trying to integrate Spring Security SAML Extension with Spring Boot. About the matter, I did develop a complete sample application. Its source code is available on GitHub: spring-boot-saml-integration on GitHub By running it as Spring Boot…

spring spring-security wildfly spring-saml undertow

asked May 09 '14 at 08:24

vdenotaris

13,297
26
81
132

193

votes

17 answers

How to fix Hibernate LazyInitializationException: failed to lazily initialize a collection of roles, could not initialize proxy - no Session

In the custom AuthenticationProvider from my spring project, I am trying read the list of authorities of the logged user, but I am facing the following error: org.hibernate.LazyInitializationException: failed to lazily initialize a collection of…

java spring hibernate spring-mvc spring-security

asked Apr 02 '14 at 19:56

Kleber Mota

8,521
31
94
188

192

votes

19 answers

How to manage exceptions thrown in filters in Spring?

I want to use generic way to manage 5xx error codes, let's say specifically the case when the db is down across my whole spring application. I want a pretty error json instead of a stack trace. For the controllers I have a @ControllerAdvice class…

java spring spring-security

asked Jan 04 '16 at 16:34

kopelitsa

3,723
3
20
24

181

votes

15 answers

Spring 3.0 - Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security]

Any ideas what could be the cause of this? Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security] org.springframework.web.context.ContextLoader initWebApplicationContext: Context…

java spring maven-2 spring-security

asked Jan 29 '10 at 09:43

Taylor Leese

51,004
28
112
141

176

votes

13 answers

Unit testing with Spring Security

My company has been evaluating Spring MVC to determine if we should use it in one of our next projects. So far I love what I've seen, and right now I'm taking a look at the Spring Security module to determine if it's something we can/should use.…

java security unit-testing spring spring-security

asked Dec 11 '08 at 19:11

matt b

138,234
66
282
345

175

votes

9 answers

How to get active user's UserDetails

In my controllers, when I need the active (logged in) user, I am doing the following to get my UserDetails implementation: User activeUser =…

java spring spring-mvc spring-security

asked Jan 06 '12 at 21:07

The Awnry Bear

4,599
3
29
33

173

votes

5 answers

What's the difference between @Secured and @PreAuthorize in spring security 3?

It's not clear for me what is the difference in spring security between : @PreAuthorize("hasRole('ROLE_USER')") public void create(Contact contact) And @Secured("ROLE_USER") public void create(Contact contact) I understand PreAuthorize can…

spring-security

asked Sep 24 '10 at 09:21

Jerome VDL

3,376
4
32
33

147

votes

9 answers

How do I enable logging for Spring Security?

I am setting up Spring Security to handle logging users in. I have logged in as a user, and am taken to an Access Denied error page upon successful login. I don't know what roles my user has actually been assigned, or the rule that causes access to…

debugging spring-security

asked Jun 15 '15 at 21:28

Mar

7,765
9
48
82

142

votes

14 answers

Handle spring security authentication exceptions with @ExceptionHandler

I'm using Spring MVC's @ControllerAdvice and @ExceptionHandler to handle all the exception of a REST Api. It works fine for exceptions thrown by web mvc controllers but it does not work for exceptions thrown by spring security custom filters because…

spring spring-mvc spring-security

asked Nov 04 '13 at 11:58

Nicola

2,876
2
18
26

133

votes

3 answers

Shiro vs. SpringSecurity

I have currently evaluating Java based security frameworks, I am a Spring 3.0 user so it seemed that SpringSecurity would be the right Choice, but Spring security seems to suffer from excessive complexity, it certainly does not seem like it is…

java spring spring-security shiro

asked Feb 14 '11 at 10:30

ams

60,316
68
200
288

2 3

…

99 100 Next