29,144 questions
-1
votes
0
answers
35
views
How do I customize my Keycloak forms for self-registration
I'm doing a fullstack project, and for some obvious reasons I choose to use OAuth2 with Keycloak, of all tutorials that I've watched no one mention about self-login and self-registration so my primary ...
- 1
-2
votes
0
answers
20
views
postMapping request is throw an error 401 unauthorized even passing jwt token [closed]
i work on springboot , i created three table category ,quize and question . category have n number of quize and quize have n number of question . now i make crud oprations on category and using jwt ...
Best practices
0
votes
3
replies
87
views
What should I use for secure my backend - Java spring boot?
What's up guys? I'm building a scheduling app and thinking about using Spring Security + OAuth2 so I don't have to handle user credentials (email, password, etc.). Keycloak will handle that, so I won'...
- 1
0
votes
0
answers
47
views
Requests to Spring do not seem to go through filters
I am developing a very simple Spring MVC app; for the time being just a controller and JSP. I am having trouble configuring security (so far only with basic auth).
@Configuration
@EnableWebSecurity
...
- 24.9k
0
votes
1
answer
25
views
Way to decrypt with Jasypt spring.cloud.aws.credentials.access-key, spring.cloud.aws.credentials.secret-key before calling AWS parameter store?
Is there a way to have Jasypt encrypted variables in my application.yml file for spring.cloud.aws.credentials.access-key, spring.cloud.aws.credentials.secret-key set to an ENC() value and decrypt them ...
- 45
Advice
0
votes
0
replies
26
views
How to reference a Spring property in @PreAuthorize
I have a Spring controller with a method that should only be callable by users having a certain authority. I've secured the method with `@PreAuthorized`:
@PreAuthorized("hasAuthority('The_Group')&...
- 362
Best practices
2
votes
1
replies
42
views
Spring Boot returns 403 instead of 405 when sending GET to POST-only endpoint
I'm building a Spring Boot REST API with Spring Security. Some of my endpoints only accept POST requests, e.g.:
@PostMapping("/api/v1/products")
@PreAuthorize("hasRole('ADMIN')")
...
0
votes
2
answers
88
views
Spring Boot 4 / Spring Security 6 – @WithMockUser returns 401 Unauthorized in MockMvc test
I’m setting up a project using Spring Boot 4.0.2 (Spring Security 6) and I’m getting a 401 Unauthorized in a MockMvc integration test, even though I’m using @WithMockUser(roles = "ADMIN").
I ...
- 4,256
-4
votes
0
answers
58
views
CSRF disabling not working when done via library [closed]
I have introduced a SpringBoot library which handles security configuration. 'authUser/login' API is written in the same lib. CSRF is disabled for the api - 'authUser/login'. The same has been ...
-1
votes
1
answer
69
views
How should user provisioning be handled between the Microservice Database and Keycloak in a DDD + Hexagonal Microservices Architecture? [closed]
I'm building a microservices system using Java Spring Boot, DDD, and Hexagonal Architecture.
Current Stack:
BFF Service: Orchestrates frontend requests. (Confidential Client) Stores token.
Customer ...
- 114
1
vote
0
answers
103
views
Redis session management in Spring Boot 4 does not work [closed]
I recently migrated my application from Spring Boot 3.5.0 to Spring Boot 4.0.2. In version 3.5.0, Redis-based HTTP session management worked out of the box without any additional configuration.
After ...
- 331
0
votes
0
answers
58
views
Why do I receive a 400 Bad Request instead of 403 when adding @PreAuthorize? [closed]
I have this bookUpdate() API and run it completely fine. But recently, I've added role to my User and @PreAuthorize and before my controller method and @EnableMethodSecurity to my SecurityConfig :
@...
1
vote
0
answers
66
views
Spring Boot 4 with SAML gives InResponseTo validation errors when logging in again after log out
I am using Spring Boot 4 with OpemSaml 5. i have set up for global log out with Okta. Both the log in and the log out works great. However, after a global logout if I try to log in again after an ...
- 127
Best practices
2
votes
2
replies
38
views
Is it better to reuse spring boot PasswordEncoder for hashing different users passowrds?
In spring boot we hash password like this.
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(16);
String hashed = passwordEncoder.encode(plainTextPassword);
Is it a good idea to store ...
- 504
1
vote
1
answer
89
views
In Spring Boot 4.0.2 SAML properties cannot be read from the YAML file
I am seeing a weird problem. My SAML application which was working great in 3.5.9 has problems reading SAML properties from the application.yml file.
I changed to the most basic SAML configuration and ...
- 127
