29,110 questions
-4
votes
0
answers
156
views
Deterministic TextEncryptor
I want this encryptor to return the same value for the same input. It makes sense for card numbers. Otherwise, you wouldn't be able to enforce the UNIQUE constraint (and would lose the ability to ...
- 3,037
-2
votes
0
answers
55
views
Spring Security 7.0: CacheSaml2AuthenticationRequestRepository should read relayState from authenticationRequest
I recently upgraded my project to Spring Boot 4 and found that SAML SSO is broken.
It appears the CacheSaml2AuthenticationRequestRepository does not yet include the fix mentioned in gh-18243 within ...
- 10
Advice
0
votes
0
replies
62
views
MFA in Spring Security and Spring Authserver's authorization grant type flow
I'm wondering if people have experience setting up an Spring Authserver that has MFA enabled using Spring Security 7.x.x. The goal is for a user to start the authorization grant type flow by accessing ...
Advice
0
votes
1
replies
57
views
Regarding Implementation and understanding Filters in SpringBoot
I am a recently graduated student.I made a decision to become software developer,I know its weird because of current AI trend and impact on developers.But its not about that,I started learning java ...
Best practices
1
vote
0
replies
94
views
Configuring Spring Boot 3 (Spring MVC & Spring Security 7) for CORS public access (with credentials)
There are lots of good examples for how to configure Spring Boot for CORS online, but it seems to be very hard to find anything with an intersection of:
Using the APIs in Spring Boot 3 rather than ...
- 15.3k
1
vote
1
answer
133
views
How to have a CorsConfigurationSource in an Autoconfiguration in Spring Boot?
I am building a company-specific Spring Boot autoconfiguration. The code looks something like this:
@AutoConfiguration
@AutoConfigureBefore(SecurityAutoConfiguration.class)
@...
- 27.4k
0
votes
1
answer
124
views
Spring Boot OAuth2ResourceServer Excluding Paths (Cloudflare Turnstile)
I have a Spring Boot REST API written in Kotlin using Keycloak with Spring Security for authentication and authorization. I want to expose one endpoint publicly but protect it with Cloudflare ...
- 11
0
votes
1
answer
52
views
Use OpenFeign to call microservices within an authenticated user session
I have a setup where I use Keycloak for user authentication. I use Spring Boot and Spring Security. My backend successfully performs the authentication with Keycloak using authorization_code grant and ...
- 3,059
0
votes
0
answers
47
views
The sec tag cannot be displayed in thymeleaf?
I'm learning the spring security module.
Here is my security configuration class:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {
@Bean
public SecurityFilterChain ...
- 13
Advice
0
votes
2
replies
106
views
Is Spring framework 6.x compatible with Spring Security 7.x?
Is Spring framework 6.x compatible with Spring Security 7.x? I need to upgrade a servlet-based web application to the latest version of Spring Security, but due to some dependency limitations I can't ...
Best practices
0
votes
4
replies
79
views
Working around spaghetti lambdas and builder in Spring Security v6
I am working to adapt Spring Security v6 in my application and one of the GitHub projects I am using as a model has the following filterChain implementation in its @EnableWebSecurity Configuration ...
- 31.8k
2
votes
1
answer
358
views
MDC and SecurityContext propagation failing when using Virtual Threads (Executor)
I am migrating a Spring Boot 3.x application to use Java Virtual Threads. I have replaced my standard async executor with a virtual thread executor:
@Bean
public Executor taskExecutor() {
return ...
- 429
0
votes
1
answer
82
views
Spring Boot + Auth0: Health endpoint returns 401 on Azure App Service but works locally even though path is excluded from SecurityFilterChain
I'm implementing authentication with Auth0 in a Spring Boot application using the OAuth2 resource server.
Everything works correctly locally, but after deploying to Azure App Service, I cannot access ...
- 65
Best practices
0
votes
1
replies
143
views
Is it safe to reuse UserDetails from SecurityContext instead of querying the database again?
I am implementing JWT authentication with Spring Security. In this filter I validate the JWT, extract the email, and then load the user using UserDetailsService.
@Component
@RequiredArgsConstructor
...
0
votes
0
answers
167
views
Keycloak logout is returning Success status in Saml Logout Response and application is redirected to the home page but session still exist in Keycloak
My enterprise application code was working earlier for a long time, but without any change to it the SSO Logout for the SAML protocol using Keycloak (version 26.0.0) has stopped working.
Basically, I ...
- 446
