I too agree that Spring Security feels too complicated (to me). Sure, they have done things to reduce complexity, like creating custom XML namespaces to reduce the quantity of XML configuration, but for me, these don’t address my personal fundamental issue with Spring Security: its names and concepts are often confusing in general to me. … Read more
Ok, I tried as suggested writing the json myself from the AuthenticationEntryPoint and it works. Just for testing I changed the AutenticationEntryPoint by removing response.sendError @Component(“restAuthenticationEntryPoint”) public class RestAuthenticationEntryPoint implements AuthenticationEntryPoint{ public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authenticationException) throws IOException, ServletException { response.setContentType(“application/json”); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); response.getOutputStream().println(“{ \”error\”: \”” + authenticationException.getMessage() + “\” }”); } } … Read more
Assuming you’re using Spring Boot, another option is to put the following in your application.properties: logging.level.org.springframework.security=DEBUG This is the same for most other Spring modules as well. If you’re not using Spring Boot, try setting the property in your logging configuration, e.g. logback. Here is the application.yml version as well: logging: level: org: springframework: security: … Read more
The real difference is that @PreAuthorize can work with Spring Expression Language (SpEL). You can: Access methods and properties of SecurityExpressionRoot. Access method arguments (requires compilation with debug info or custom ParameterNameDiscoverer): @PreAuthorize(“#contact.name == principal.name”) public void doSomething(Contact contact) (Advanced feature) Add your own methods (override MethodSecurityExpressionHandler and set it as <global-method-security><expression-handler … /></…>).
Just do it the usual way and then insert it using SecurityContextHolder.setContext() in your test class, for example: Controller: Authentication a = SecurityContextHolder.getContext().getAuthentication(); Test: Authentication authentication = Mockito.mock(Authentication.class); // Mockito.whens() for your authorization object SecurityContext securityContext = Mockito.mock(SecurityContext.class); Mockito.when(securityContext.getAuthentication()).thenReturn(authentication); SecurityContextHolder.setContext(securityContext);
You need to either add fetch=FetchType.EAGER inside your ManyToMany annotations to automatically pull back child entities: @ManyToMany(fetch = FetchType.EAGER) A better option would be to implement a spring transactionManager by adding the following to your spring configuration file: <bean id=”transactionManager” class=”org.springframework.orm.hibernate4.HibernateTransactionManager”> <property name=”sessionFactory” ref=”sessionFactory” /> </bean> <tx:annotation-driven /> You can then add an @Transactional annotation … Read more
Preamble: Since Spring-Security 3.2 there is a nice annotation @AuthenticationPrincipal described at the end of this answer. This is the best way to go when you use Spring-Security >= 3.2. When you: use an older version of Spring-Security, need to load your custom User Object from the Database by some information (like the login or … Read more
So this is what I did: I read the basics about filters here and I figured out that I need to create a custom filter that will be first in the filter chain and will have a try catch to catch all runtime exceptions that might occur there. Then i need to create the json … Read more
I needed to add an additional Maven dependency: <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>3.0.1.RELEASE</version> </dependency>
Investigating the problem I have noticed that there is some mess with cookies and referers in the auth request. Currently wildfly authentication will work if you change webapplication context to the Root Context: <server name=”default-server” default-host=”webapp”> <http-listener name=”default” socket-binding=”http”/> <host name=”default-host” alias=”localhost” default-web-module=”sso.war”/> </server> After restarting wildfly and clearing cookies all should work as expected