29,131 questions
0
votes
1
answer
48
views
Spring Boot OAuth2ResourceServer Excluding Paths (Cloudflare Turnstile)
I have a Spring Boot REST API written in Kotlin using Keycloak with Spring Security for authentication and authorization. I want to expose one endpoint publicly but protect it with Cloudflare ...
- 11
0
votes
1
answer
33
views
Use OpenFeign to call microservices within an authenticated user session
I have a setup where I use Keycloak for user authentication. I use Spring Boot and Spring Security. My backend successfully performs the authentication with Keycloak using authorization_code grant and ...
- 3,059
0
votes
0
answers
42
views
The sec tag cannot be displayed in thymeleaf?
I'm learning the spring security module.
Here is my security configuration class:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {
@Bean
public SecurityFilterChain ...
- 13
Advice
0
votes
2
replies
83
views
Is Spring framework 6.x compatible with Spring Security 7.x?
Is Spring framework 6.x compatible with Spring Security 7.x? I need to upgrade a servlet-based web application to the latest version of Spring Security, but due to some dependency limitations I can't ...
Best practices
0
votes
4
replies
70
views
Working around spaghetti lambdas and builder in Spring Security v6
I am working to adapt Spring Security v6 in my application and one of the GitHub projects I am using as a model has the following filterChain implementation in its @EnableWebSecurity Configuration ...
- 31.8k
2
votes
2
answers
206
views
MDC and SecurityContext propagation failing when using Virtual Threads (Executor)
I am migrating a Spring Boot 3.x application to use Java Virtual Threads. I have replaced my standard async executor with a virtual thread executor:
@Bean
public Executor taskExecutor() {
return ...
- 1
0
votes
1
answer
67
views
Spring Boot + Auth0: Health endpoint returns 401 on Azure App Service but works locally even though path is excluded from SecurityFilterChain
I'm implementing authentication with Auth0 in a Spring Boot application using the OAuth2 resource server.
Everything works correctly locally, but after deploying to Azure App Service, I cannot access ...
- 65
Best practices
0
votes
1
replies
122
views
Is it safe to reuse UserDetails from SecurityContext instead of querying the database again?
I am implementing JWT authentication with Spring Security. In this filter I validate the JWT, extract the email, and then load the user using UserDetailsService.
@Component
@RequiredArgsConstructor
...
0
votes
0
answers
152
views
Keycloak logout is returning Success status in Saml Logout Response and application is redirected to the home page but session still exist in Keycloak
My enterprise application code was working earlier for a long time, but without any change to it the SSO Logout for the SAML protocol using Keycloak (version 26.0.0) has stopped working.
Basically, I ...
- 446
0
votes
1
answer
142
views
@WebMvcTest behaviour related to security is different in Spring Boot 4.x compared to Spring Boot 3.x
Updated the question with my observations.
I am trying to understand Spring Security and i am stuck when implementing tests with @WebMvcTest.
I have a Spring Boot 4.0.3 project with spring-boot-...
- 644
0
votes
0
answers
84
views
How to disable security on tests annotated with @SpringBootTest?
I am trying to understand Spring Security and i am stuck when implementing the integration test.
I am using Spring Boot 4.0.3 with spring-boot-starter-webmvc, spring-boot-starter-webmvc-test, spring-...
- 644
0
votes
0
answers
87
views
@Pattern and @NotBlank on password field still triggered even when password is null, validation groups cause MapStruct mapping issues
I have a PATCH endpoint for updating user details. My UserRequest record has @Pattern and @NotBlank on the password field. I am facing two problems, one before using validation groups and one after.
...
Best practices
0
votes
6
replies
158
views
Should I implement UserDetails directly in my User entity or create a separate UserPrincipal class in Spring Security?
I am building a Spring Boot application with Spring Security and JPA. I have seen two approaches for implementing UserDetails and I am confused about which one to use and why.
Approach 1:
@Entity
@...
Advice
0
votes
1
replies
111
views
Spring Security help needed
I'm really new to Spring Boot and especially Spring Security. I build the backend for a Project and I can't get my head around the concept of Security. I know what it does and what I really need.
I ...
- 3
Best practices
0
votes
2
replies
74
views
Spring Boot 3.3.0 → 3.3.11 upgrade: Spring Security behavior changes
I recently upgraded Spring Boot from 3.3.0 to 3.3.11 (which also upgrades Spring Security to 6.3.x), and I’m trying to understand whether there were any behavior changes related to CORS handling in ...
- 1
