Nothing in AbstractRoutingDataSource forces you to use a static map of DataSourceS. It is up to you to contruct a bean implementing Map<Object, Object>, where key is what you use to select the DataSource, and value is a DataSource or (by default) a String referencing a JNDI defined data source. You can even modify it … Read more
java.lang.IllegalStateException: Cannot initialize context because there is already a root application context present – check whether you have multiple ContextLoader* definitions in your web.xml! In your WebAppInitializer, you are registering a ContextLoaderListener. Because you are using AbstractSecurityWebApplicationInitializer with the super constructor that accepts a Class[] Creates a new instance that will instantiate the ContextLoaderListener with … Read more
Quote from the Spring reference doc: Upon initialization of a DispatcherServlet, Spring MVC looks for a file named [servlet-name]-servlet.xml in the WEB-INF directory of your web application and creates the beans defined there… Your servlet is called spring-dispatcher, so it looks for /WEB-INF/spring-dispatcher-servlet.xml. You need to have this servlet configuration, and define web related beans … Read more
Spring security adds the prefix “ROLE_” by default. If you want this removed or changed, take a look at How to change role from interceptor-url? EDIT: found this as well: Spring Security remove RoleVoter prefix
I had the same problem the other day. After some debugging of Spring Boot 1.3 I found the following solution. 1. You have to setup the headers on your Apache proxy: <VirtualHost *:443> ServerName www.myapp.org ProxyPass / http://127.0.0.1:8080/ RequestHeader set X-Forwarded-Proto https RequestHeader set X-Forwarded-Port 443 ProxyPreserveHost On … (SSL directives omitted for readability) </VirtualHost> … Read more
Waited for 2 days and didn’t get any help here. But my research provided me a solution 🙂 Solution @Configuration @EnableWebMvcSecurity @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, proxyTargetClass = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter{ @Autowired private AuthenticationProvider authenticationProvider; @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(authenticationProvider); } @Configuration @Order(1) public static class ApiWebSecurityConfig … Read more
You need to define a Spring Bean which implements ApplicationListener. Then, in your code, do something like this: public void onApplicationEvent(ApplicationEvent appEvent) { if (appEvent instanceof AuthenticationSuccessEvent) { AuthenticationSuccessEvent event = (AuthenticationSuccessEvent) appEvent; UserDetails userDetails = (UserDetails) event.getAuthentication().getPrincipal(); // …. } } Then, in your applicationContext.xml file, just define that bean and it will automatically … Read more
I know this is not a direct answer, but people (as me) usually don’t specify spring’s version when searching for this kinds of questions. So, since spring security a method exists that lets ignore some routes: The following will ensure CSRF protection ignores: Any GET, HEAD, TRACE, OPTIONS (this is the default) We also explicitly … Read more
The security’s authorization check part gets the authenticated object from SecurityContext, which will be set when a request gets through the spring security filter. My assumption here is that soon after the login this is not being set. You probably can use a hack as given below to set the value. try { SecurityContext ctx … Read more
If you haven’t actually registered any users with your existing format then you would be best to switch to using the BCrypt password encoder instead. It’s a lot less hassle, as you don’t have to worry about salt at all – the details are completely encapsulated within the encoder. Using BCrypt is stronger than using … Read more