example-spring-boot-security's People
Forkers
fabletang tcollins mhuckaby midaboghetich sam-sun-x fiston predoiua zelfa ikane ashishsjsu naasser kimyu92 kamal77 h-t-ren garrit-schroeder rankyung-hong szhaoyu karthik3591 nchime neomtech chinamanfh sleyzerzon cidli thomasdarimont nlonguit minchina vaquarkhan sushiljic tommc3 richqez danielmichalski dawityifter kemalyen frankthelion junlapong congdanh910 adperezmorales peterpoor stevepop dschoi freegians igorshiohara jrocksly jzhu0601 romedawg nbsw clausewitzer eliasyao zhuxinjun cacophonix javausers2014 oraclebox yokobonbon prakashgaikwad benj-c wuuyuexin martinod1 hello-world-ua josezevallos alfonsazhari sarweshs b-mecherrak selwynshen wuchangqi zhangdihong dileep-yadav huyendtt58 hub830 hendisantika nurmuhammad amanurat webcane vquochuy grv-kr shanfei subhankarc isis-github ssisaias androidzhaoxiaogang woodsong mujeeb1238 crystalrain0 janeywong hbowang strandrew oceanbluezhang jelena-marina tyxing007 reddivenkat39 vvillas mandeepmathuria umarhussain keresztesvitez mounir89 gitmadhu eliid ipalbeniz hakimkal tuzhe420 vunguryanexample-spring-boot-security's Issues
Article not found
Link to article from README.md doesn't work
Add plain text admin password to the description
The original password is never mentioned :)
It would be very useful if you would provide it.
session
did you implemented the session??
add oauth2 config, but post to /oauth/token get error: org.springframework.security.core.userdetails.User cannot be cast to com.pingenie.mgt.domain.CurrentUser
@configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
private static final Logger LOGGER = LoggerFactory.getLogger(OAuth2AuthorizationServerConfig.class);
@Value("${config.oauth2.privateKey}")
private String privateKey;
@Value("${config.oauth2.publicKey}")
private String publicKey;
@Autowired
private AuthenticationManager authenticationManager;
@Bean
public JwtAccessTokenConverter tokenEnhancer() {
LOGGER.info("Initializing JWT with public key:\n" + publicKey);
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(privateKey);
converter.setVerifierKey(publicKey);
return converter;
}
@Bean
public JwtTokenStore tokenStore() {
return new JwtTokenStore(tokenEnhancer());
}
/**
* Defines the security constraints on the token endpoints /oauth/token_key and /oauth/check_token
* Client credentials are required to access the endpoints
*
* @param oauthServer
* @throws Exception
*/
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer
.tokenKeyAccess("isAnonymous() || hasRole('ROLE_TRUSTED_CLIENT')") // permitAll()
.checkTokenAccess("hasRole('TRUSTED_CLIENT')"); // isAuthenticated()
// oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()"); // 另外一种写法!
}
/**
* Defines the authorization and token endpoints and the token services
*
* @param endpoints
* @throws Exception
*/
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
// Which authenticationManager should be used for the password grant
// If not provided, ResourceOwnerPasswordTokenGranter is not configured
.authenticationManager(authenticationManager)
// Use JwtTokenStore and our jwtAccessTokenConverter
.tokenStore(tokenStore())
.accessTokenConverter(tokenEnhancer())
;
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
// Confidential client where client secret can be kept safe (e.g. server side)
.withClient("confidential").secret("secret")
.authorizedGrantTypes("client_credentials", "authorization_code", "refresh_token")
.scopes("read", "write")
.redirectUris("http://192.168.1.99:8080/")
.and()
// Public client where client secret is vulnerable (e.g. mobile apps, browsers)
.withClient("public") // No secret!
.authorizedGrantTypes("client_credentials", "implicit")
.scopes("read")
.redirectUris("http://192.168.1.99:8080/")
.and()
// Trusted client: similar to confidential client but also allowed to handle user password
.withClient("trusted").secret("secret")
.authorities("ROLE_TRUSTED_CLIENT")
.authorizedGrantTypes("client_credentials", "password", "authorization_code", "refresh_token")
.scopes("read", "write")
.redirectUris("http://192.168.1.99:8080/")
;
}
}
@configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/oauth/**", "/respond/**", "/html5shiv/**", "/images/**", "/css/**", "/js/**", "/jquery/**", "/bootstrap-3.3.6/**", "/angularjs/**").permitAll()
.antMatchers("/users/**").hasAuthority("ADMIN")
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login?error")
.usernameParameter("email")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.deleteCookies("remember-me")
.logoutSuccessUrl("/")
.permitAll()
.and()
.rememberMe();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(new BCryptPasswordEncoder());
}
}
Getting a popup for credential
Hi,
When I used the same approach in my application I'm getting window popup for authentication. Not able go on login screen.
Also I'm using HTML 5 Angular JS and Rest Controller. Please suggest if I need to do some extraa configuration.
Thanks,
Nirmal
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.