29,133 questions
0
votes
0
answers
11
views
Struggling with path access permissions using VaadinSecurityConfigurer and/or SpringBoot's WebSecurity
I have a Vaadin based web-application that will show me 3 views:
"Nodes" (the main and default view)
"HistoryInfoTable" (historical data and stats in tabular form)
"...
- 4,469
1
vote
1
answer
33
views
How to have a CorsConfigurationSource in an Autoconfiguration in Spring Boot?
I am building a company-specific Spring Boot autoconfiguration. The code looks something like this:
@AutoConfiguration
@AutoConfigureBefore(SecurityAutoConfiguration.class)
@...
- 27.3k
0
votes
1
answer
50
views
Spring Boot OAuth2ResourceServer Excluding Paths (Cloudflare Turnstile)
I have a Spring Boot REST API written in Kotlin using Keycloak with Spring Security for authentication and authorization. I want to expose one endpoint publicly but protect it with Cloudflare ...
- 11
0
votes
1
answer
36
views
Use OpenFeign to call microservices within an authenticated user session
I have a setup where I use Keycloak for user authentication. I use Spring Boot and Spring Security. My backend successfully performs the authentication with Keycloak using authorization_code grant and ...
- 3,059
0
votes
0
answers
43
views
The sec tag cannot be displayed in thymeleaf?
I'm learning the spring security module.
Here is my security configuration class:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {
@Bean
public SecurityFilterChain ...
- 13
Advice
0
votes
2
replies
83
views
Is Spring framework 6.x compatible with Spring Security 7.x?
Is Spring framework 6.x compatible with Spring Security 7.x? I need to upgrade a servlet-based web application to the latest version of Spring Security, but due to some dependency limitations I can't ...
Best practices
0
votes
4
replies
71
views
Working around spaghetti lambdas and builder in Spring Security v6
I am working to adapt Spring Security v6 in my application and one of the GitHub projects I am using as a model has the following filterChain implementation in its @EnableWebSecurity Configuration ...
- 31.8k
2
votes
2
answers
212
views
MDC and SecurityContext propagation failing when using Virtual Threads (Executor)
I am migrating a Spring Boot 3.x application to use Java Virtual Threads. I have replaced my standard async executor with a virtual thread executor:
@Bean
public Executor taskExecutor() {
return ...
- 1
0
votes
1
answer
67
views
Spring Boot + Auth0: Health endpoint returns 401 on Azure App Service but works locally even though path is excluded from SecurityFilterChain
I'm implementing authentication with Auth0 in a Spring Boot application using the OAuth2 resource server.
Everything works correctly locally, but after deploying to Azure App Service, I cannot access ...
- 65
Best practices
0
votes
1
replies
123
views
Is it safe to reuse UserDetails from SecurityContext instead of querying the database again?
I am implementing JWT authentication with Spring Security. In this filter I validate the JWT, extract the email, and then load the user using UserDetailsService.
@Component
@RequiredArgsConstructor
...
0
votes
0
answers
155
views
Keycloak logout is returning Success status in Saml Logout Response and application is redirected to the home page but session still exist in Keycloak
My enterprise application code was working earlier for a long time, but without any change to it the SSO Logout for the SAML protocol using Keycloak (version 26.0.0) has stopped working.
Basically, I ...
- 446
0
votes
1
answer
146
views
@WebMvcTest behaviour related to security is different in Spring Boot 4.x compared to Spring Boot 3.x
Updated the question with my observations.
I am trying to understand Spring Security and i am stuck when implementing tests with @WebMvcTest.
I have a Spring Boot 4.0.3 project with spring-boot-...
- 644
0
votes
1
answer
94
views
How to disable security on tests annotated with @SpringBootTest?
I am trying to understand Spring Security and i am stuck when implementing the integration test.
I am using Spring Boot 4.0.3 with spring-boot-starter-webmvc, spring-boot-starter-webmvc-test, spring-...
- 644
0
votes
0
answers
87
views
@Pattern and @NotBlank on password field still triggered even when password is null, validation groups cause MapStruct mapping issues
I have a PATCH endpoint for updating user details. My UserRequest record has @Pattern and @NotBlank on the password field. I am facing two problems, one before using validation groups and one after.
...
Best practices
0
votes
6
replies
160
views
Should I implement UserDetails directly in my User entity or create a separate UserPrincipal class in Spring Security?
I am building a Spring Boot application with Spring Security and JPA. I have seen two approaches for implementing UserDetails and I am confused about which one to use and why.
Approach 1:
@Entity
@...