We have a security issue in our project. An attacker can intercept a login request and modify a 'Host' header in it. The server would respond with a redirect (3
I am trying to setup a REST based web application, where the frontend is using Reactjs and the backend is using Spring Boot. I am also trying to setup a custom
I have a project that JSF works for which I wanted to integrate spring security through the following modifications: Add dependencies in pom.xml: (Updated) <
I was exploring spring security and tried to build a small application wherein I have a an entity name User and a userRepository having a one declared method fi
What is the purpose of AuthenticationEntryPoint in Spring Web Security? The documentation does not provide much details. When should this be used, and does it
I'm trying to learn Java Spring and doing exactly like here: https://spring.io/guides/gs/securing-web/ But my IDE says "cannot resolve 'security' symbol" while
Since security.oauth2 is deprecated, what can be used to generate a KeyPair from .jks file instead of KeyStoreKeyFactory?
I'm following a simple online tutorial for building a Spring + Spring Security + Thymeleaf + Maven project and I'm getting the following error: [ERROR] [tomcat
After receiving ticket unable to login to home screen, how I can debug the spring security part in my application? How can I debug the entry point of the appli
I have a controller with several endpoints. Every endpoint is mapped to a service which could return 200 or throw an exception, that is then handled and will re
I have a spring boot API hosted at Heroku and when I try to access it via a Angular app in Google Chrome (In Firefox it works fine) I'm facing the following pro
I think I have found a bug in Grails Spring Security 3.1.1, and latest Grails 3.2.6. I have installed the Spring Security plugin. From the command line console
I am trying to develop Spring Boot web application and securing it using Spring security java configuration. After placing my static web resources in 'src/main
@Component public class TestInterceptor implements HandlerInterceptor { @Override public void afterCompletion(HttpServletRequest arg0, HttpS
I have deployed and run spring saml sample successfully. From SAML Response (IdP -> SP) shown below, can it be identified whether: the SAML response is sig
I need to authenticate some rest services using a token id in the url (or maybe in the request header - but this is not important for now). I am trying to use j
I am building rest API using Spring Boot v1.3.3. API is secured by Spring Security. I have implemented custom user details service to have custom principal in a
I'm using spring security with REST, and I'm using the URL (/logout) as an endpoint for my logout method. But after calling this method, it redirect me to (/log
I can redirect a user to home page upon session logout.. this was very simple. However, if an user had logged into the app and had the page open, even on sessio
SecurityContextHolder.getContext().getAuthentication() obtains the currently authenticated principal, or an authentication request token, but in which context s
elasticsearch-net