Welcome. Ask away! Unless otherwise specified we assume you're using the latest 5.x version of Spring Security
WebSecurityConfigurationAdapter
. In my setup I have a different WebSecurityConfigurationAdapter
for my Actuator endpoints and different profiles. Right now I provide those via bean and profile annotations. If I override the one of those adapters authenticationManagerBean() method it doesn't take effect. I guess I could declare them as components rather than just creating beans so the bean gets picked up... My question is it expected that disabling anonymous access cause no default AuthenticationManager
for oauth2resourceserver?
@AutoConfigureWebTestClient
which expects a working security configuration in order to start the context at all? Maybe we can solve it with your suggestions …
Hi
Could someone help me please? I'm getting empty username
parameter in findByUsername(String username)
in ReactiveUserDetailsService
In my security config I defined this:
.formLogin()
.loginPage("/login")
.authenticationManager(new UserDetailsRepositoryReactiveAuthenticationManager(authService))
where authService
is Autowired ReactiveUserDetailsService
I'm sending POST request to /login
with parameters:
{
"username": "<some_username>",
"password": "<some_password>"
}
There is not controller implementing /login
Spring security somehow itslef managing it, so I'm getting hit straight into ReactiveUserDetailsService
but obviously request params were not properly mapped, I'm definitely missing something
username
only from Authentication
object,.authenticationManager(new UserDetailsRepositoryReactiveAuthenticationManager(authService))
ReactiveAuthenticationManager
with implementation of authenticate(Authentication authentication)
authentication
parameter is also empty, and I'm not sure where do I get request body content to return proper Authentication
object with username and password
/login/oauth2/code
endpoint which 302s to https://accounts.google.com/o/oauth2/v2/auth
which seems correct. Domain and SSL cert are matching/correct.
hasAnyIpAddress(String[] ipAddresses)
expression to be an extension to current hasIpAddress(String ipAddress)
. Context: I had to to allow some endpoints to be used only by specified machines that could not be described as normal ip range expression (eg. "192.168.1.1/24"). To accomplish that I had to use some weird string based expression ("hasIpAddress('...') or hasIpAddress('...')"
) which was dynamically generated. What do you think about that?
Hi all,
I need help with the next case:
https://gist.github.com/SteelAlex/ac129a8099c9518e50f6815b3c2bfe1f - I configured Spring Security + Spring Session. I use custom header for session. And I can't change session timeout, I always logout after default 15 minutes of inactivity. I tried to set spring.session.timeout
and/or server.servlet.session.timeout
, but it doesn't work.
I am sure I am doing something wrong, but I have no ideas what.
@Bean
public KeyStoreCallbackHandler callback() throws Exception{
KeyStoreCallbackHandler callbackHandler = new KeyStoreCallbackHandler();
callbackHandler.setPrivateKeyPassword("t_passwordo");
callbackHandler.setDefaultAlias("snet");
callbackHandler.setKeyStore(keyStoreFactoryBean());
callbackHandler.setTrustStore(TrustFactoryBean());
return callbackHandler;
}