Spring Security version 4
Questions tagged [spring-security4]
9 questions
89
votes
2 answers
When to use Spring Security`s antMatcher()?
When do we use antMatcher() vs antMatchers()?
For example:
http
.antMatcher("/high_level_url_A/**")
.authorizeRequests()
.antMatchers("/high_level_url_A/sub_level_1").hasRole('USER')
…
sura2k
- 7,365
- 13
- 61
- 80
6
votes
2 answers
What is the simplest way to override BasicAuthenticationEntryPoint in SpringSecurity 4?
I was not able to find on SO the answer (e.g. here.
Spring Security: Commence method in class extending BasicAuthenticationEntryPoint no being called)
I just want to override BasicAuthenticationEntryPoint without override other filters and other…
Michael
- 10,063
- 18
- 65
- 104
1
vote
1 answer
how to show error in my thymelaf login page if maxSessionsPreventsLogin set to true and some user with my login credentials try to log in?
I am using spring security 4. Scenario is i want one user to login at a one time. that is if my login credentials know to someone and i have already logged in but that someone should not be able to login unless and untill i logged out which i…
Pawan Patil
- 1,067
- 5
- 20
- 46
1
vote
1 answer
SecurityContext authorities does not equal ServletRequest roles?
I was trying to replace some manual authority checking with annotations (@Secured and @PreAuthorize). While debugging why it doesn't work I was surprised to find that the second of these two assertions failed at the top of a @RequestMapping…
OrangeDog
- 36,653
- 12
- 122
- 207
0
votes
0 answers
Redirect interceptor gets a wrong RequestURI in spring MVC
After updating spring 3 to 4 HandlerInterceptorAdapter preHandle method get the HttpServletRequest RequestURI as /login but user was successfully Authenticated and redirected to /dashboard API
inside prehandle method it always return to login and…
kent steinwall
- 13
- 4
0
votes
1 answer
how to get default saved request uri in grails spring security core 4?
In grails 2.2 we could get the saved uri to redirect before login as follows. The redirect url would be saved in session[WebAttributes.SAVED_REQUEST].
def auth = {
def config = SpringSecurityUtils.securityConfig
def redirectURL
…
kofhearts
- 3,607
- 8
- 46
- 79
0
votes
0 answers
AuthenticationProvider function authenticate not call after migration to spring security 4
AuthenticationProvider function authenticate not call after migration spring security 2 to spring security 4.
I am use custom provider and ldap authentication, all of my config its ok , but when I try to connect , I have an anonymousUser in my…
aryan
- 29
- 9
0
votes
1 answer
Upgraded to Spring Security 4 and now I'm unable to login
I just upgraded to Spring Security 4.2.3.RELEASE and now I can't login. Specifically, when I login, submitting these parameters
OWASP_CSRFTOKEN ZLCK-J3VV-OJTK-8GZW-H68V-C8N6-CE6G-U6AQ
j_password aaa
j_username mouser
I get the error
Could not…
Dave
- 15,639
- 133
- 442
- 830
-1
votes
1 answer
How is possible to access to the logged out user name in Spring Security?
We use Spring Security 4.0.x and I need to find the way to access the logged out user name.
I have configured LogoutSuccessHandler:
Michael
- 10,063
- 18
- 65
- 104