I am currently following the Spring Documentation and some tutorials on Web Security. But now I have a problem, that I can't call the method antMatchers. This is the error I'm getting when building...

I'd like to make use of spring-security with ROLE_ADMIN and ROLE_USER roles. I therefore try to create a typesafe enum class, but the @Secured annotation requires a constant String, which I cannot...

I setup my Spring Security application according to the reference document and after hours of troubleshooting I continue to get a null @AuthenticationPrincipal passed into my controller. The authen...

This is my class for test. @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(classes = AppConfig.class, loader = AnnotationConfigContextLoader.class) public class UserServiceImplIT { ...

Link for Authorization server: https://github.com/spring-projects/spring-authorization-server This project pretty much has everything in terms of OAuth and Identity provider. My question is, How to...

I see this in my Spring MVC app's web.xml: <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProx...

Is there a substitute for spring security in Node.js. I know of express and passport, but passport provides authentication only. It does not feature "forgot password", "reset password" or crud oper...

I have a Spring Boot + Spring Security application that has severalantMatchers paths; some fullyAuthenticated(), some permitAll(). How to I write a test that verifies SecurityConfiguration has my e...

I am having an issue with Spring Security. I am trying to configure it for a simple login but I am getting an error. Here is the code for the configuration: package com.drg.AppConfig; import org....

I am trying to update the WebSecurityConfigurerAdapter as it has been deprecated. The class is configured as follows: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = ...

I have configured a custom Filter that grants a spring authority for every URL other than /login : public class TokenFilter implements Filter { @Override public void doFilter(ServletRequest req,...

I'm using spring-boot-starter-security dependency, to make use of several classes that come with spring-security. But as I want to integrate it in an existing vaadin application, I only want to mak...

I've upgraded from Spring Boot 2.5 to 3.1, which comes with Spring Security 6.1.1. Calls to the login authentication REST service work just fine, but all requests to other REST controllers that req...

I am trying to connect to cluster Redis with a valid URL and port I got this error: Caused by: io.lettuce.core.RedisCommandExecutionException: ERR This instance has cluster support disabled at io....

As I was reading up about virtual threads and their pitfalls I found this mention : Don't Cache Expensive Reusable Objects in Thread-Local Variables Virtual threads support thread-local variable...

I'm developing a REST API based on Spring Boot (spring-boot-starter-web) where I use Spring Security (spring-security-core e spring-security-config) to protect the different endpoints. The authent...

When I use security.basic.enabled=false to disable security on a Spring Boot project that has the following dependencies: <dependency> <groupId>org.springframework.boot</groupId&g...

Similar to this question but it got no answers: Spring Security: Handle InvalidBearerTokenException in @ExceptionHandler I have similar code and I'm trying to catch org.springframework.security.oau...

I have followed the spring boot security tutorial but the end result has an issue consisting in that after successful login the browser is redirect to /undefined. I have even cloned the code refer...

I need to use JWT in mi API, and the IDE tells me that the .signWith() method is deprecated. So far I use the @Deprecated annotation, but I think this is not so good practice. This is my example co...

After a new user submits a 'New account' form, I want to manually log that user in so they don't have to login on the subsequent page. The normal form login page going through the spring security ...

We added Spring Security to our existing project. From this moment on we get a 401 No 'Access-Control-Allow-Origin' header is present on the requested resource error from the our server. That's bec...

I have a requirement to use two different authorization servers (two Okta instances) to validate authentication tokens coming from two different web applications inside a single Spring Boot applica...

Which jar contains the following Spring class: org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

I upgraded my project to Spring Boot 3 and Spring Security 6, but since the upgrade the CSRF protection is no longer working. I'm using the following configuration: @Bean public SecurityFilterChain...