i am developing in JSF a Spring Security application.
the login form is fine.
however, when i try to retrieve the authentication object, in future code, i always get the authentication pricipal as anonymous.
i try to fetch is like this:
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
HEy!
The problem was that i didn't add
to the http in the security
Related
I have an MVC project using Cookie Authentication, but I want a single action to use basic authentication.
My problem is, that if the basic authentication fails, the user is redirected to the login page, specified in the cookie setup, instead of being issued a challenge.
My basic authentication code is from this page: http://www.ryadel.com/en/http-basic-authentication-asp-net-mvc-using-custom-actionfilter/
How do I prevent this redirect?
Adding the line:
filterContext.HttpContext.Request.Headers.Add("X-Requested-With", "XMLHttpRequest");
to the authentication attribute, will prevent the server from returning the login page.
I've a application with login form, this works well.
Now I've some provider that send url as "http://server/springapplication/country?username=user&password=pass" to my spring program
How to implement authentification of this url and redirect to controller country?
I work withy spring security anottations.
Thank you very much.
In these days I have been experimenting situations for this implementations. I have other case. Some customers send to my spring aplication some xml document in the post request. This document contains user and password in it, i need process this data to login my aplication. If I implement http.basic() and my class extends WebSecurityConfigurerAdapter, spring security doesn't authentificate the request. I had thinking implement the authentification request in controllers when custumer send xml document, but I think this isn't a good idea.
What do you think about this.?
I have built a simple Spring Boot application that acts as an OAuth 2.0 client using the #EnableOAuth2Client annotation. My application is creating an OAuth2RestTemplate and the OAuth dance succeeds nicely.
The problem is that when I access my application e.g. at http://localhost:8080/someRequest (where the method serving this resource uses the OAuth2RestTemplate#getObject method to retrieve some remote resources, I end up with sth. like http://localhost:8080/someRequest?code=ABC&state=DEF in my browser.
Is there a way to get rid of these parameters using some Spring configuration magic or do I have to do that myself? I saw that the sample Tonr application suffers from the same problem.
The issue is that you have to handle the callback url that u have registered with OAuth2 provider. when you transfer code and state parameter to the provider Server for access token and refresh token, the provider sends request back to ur callback URL with access token. In callback URL u now have to check if access token is available, you redirect to the original request(u need to save original request before OAuth2 dance).
I know this stuff theoretically, but didnot find Spring-Security-OAuth2 example for handling the callback URL.
I asked same question, but didnot get any answer.
OAuth2 Dance With Spring Security
However without using spring security, i found one link which shows handling callback url manually.It will help u in understanding the flow.
Google Handle callback URl
If u found any example of spring secrity handling callback url , Share with me.
I found this as an issue with spring security oAuth2. Check this JIRA Issue
I have web application ( built using Grails ) in which I am using Spring Security with LDAP.
Login and logout behaviour works fine in application.
Now, I wanted to build the functionality where if admin is logged in application first time forward user to specific page instead of sending user to index/home page.
I modified LoginController ( auth method ) and tried to keep track of login by new domain class. But after login Login controller "auth method" is not called.
can anyone point me to right direction ? is there other controller I need to modify ?
The default Spring Security login form POSTs to a special URL: /j_spring_security_check (the exact URL used can be changed through the apf.filterProcessesUrl configuration parameter) This POST request is handled by the Spring Security internals. To add custom login logic, you can implement your own AuthenticationSuccessHandler as described here.
I have a webapplication using spring security. I'd like to login using an account i have configured on the WSO2 identity server using OpenID.
I can login just fine, the identity server asks for the password and redirects me back to my webapplication. So far, so good. However, when i try to request additional attributes using the attribute-exchange, i get empty values.
I have tried a few different types:
schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
axschema.org/namePerson/first
urn:scim:schemas:core:1.0:name.givenName
schema.openid.net/2007/05/claims/nickname
wso2.org/claims/givenname
But none of them seem to yield any results.
Am i missing something obvious?
The reason may be the fields are empty as well.
Can you try with the following claim URI, http://wso2.org/claims/role. By default all users have the everyone role. So that value should be returned.