Tag Info

This may work for your case: Use a custom LoginUrlAuthenticationEntryPoint instance: public class LocaleLoginUrlAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint { private final ...

But, in the docs (reference), it says that: Spring Security builds against Spring Framework 7.0.6 but should generally work with any newer version of Spring Framework 5.x.*.

Spring Framework 7 and Spring Security 7 both require Jakarta EE 11, which depends on Servlet 6.1 and updated APIs (like JPA 3.2). Spring Framework 6.x, on the other hand, is based on Jakarta EE 9/10 ...

Spring Framework 7 and Spring Security 7 require Jakarta EE 11. This means they rely on Servlet 6.1 (and other updated APIs like JPA 3.2). Spring Framework 6.x is based on Jakarta EE 9/10 (Servlet 5.0/...

do you think there is any way around the spaghetti-like builder pattern?

do you think there is any way around the spaghetti-like builder pattern?

I totally feel your pain on this the Spring Security 6 'lambda spaghetti' is a nightmare. It feels like you're writing a 100-line run-on sentence just to set up a login page. The good news is you're ...

Instead of creating local variables, I'd split it off to separate methods and use method references: @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { return http....

There was a ticket about adding a sample for this exact use-case. The ticket is closed, and the result is to be seen in the demo-authorizationserver sample directory. Long story short, There is a ...

With Spring Boot 4 you need to change the dependency since mostly you need a starter dependency. Change testImplementation 'org.springframework.security:spring-security-test' with testImplementation '...

Native MDC and Spring Security solution is @Bean public ExecutorService virtualThreadExecutor() { return Executors.newThreadPerTaskExecutor(r -> { final Map<String, ...

when looking in the response from your curl call we can see the following: WWW-Authenticate: Bearer resource_metadata="https://example.westeurope-01.azurewebsites.net/.well-known/oauth-protected-...

Have you tried using Micrometer Context Propagation and wrap the executor with ContextExecutorService so MDC and SecurityContext ThreadLocals are captured and restored automatically. import io....

It is safe to reuse the UserDetails from the SecurityContext because the user information has already been loaded from the database and is considered valid for the duration of the request. ...

.requestMatchers("/users/register").authenticated() you're allowing only those who are logged in to register an account, essentially forbidding account creation. By the way, it's better for ...

To forward the OAuth2 access token from the Gateway to your downstream services, you need to configure the TokenRelay filter in Spring Cloud Gateway. When your Gateway acts as an OAuth2 Login client (...

Including spring-boot-starter-security-test will eventually pull in the spring-boot-security-test module. This module contains all test auto-configuration for the security part. Specifically for ...

In my case I have already added <!-- <dependency>--> <!-- <groupId>org.springframework.boot</groupId>--> <!-- <artifactId>spring-...

The issue occurs because @WebMvcTest is a sliced test that scans for Spring MVC infrastructure but does not automatically pull in your custom @Configuration classes where security rules (like ...

Force the validator to stop after the first failure. By using @GroupSequence, if @NotBlank fails, the validation engine won't even look at the @Pattern. @GroupSequence({Required.class, Format.class, ...

Nope. I am suggesting to not use plurals in database table names. Also, trying to label a discussion as "off-topic" in order to suppress it because you don't like the subject is pretty lame.

at first, this is off-topic; at second, user is a reserved keyword for the most DB engines I'm familiar with, technically, you are suggesting to name related table as "user" (note double ...

It is a convention with DBs, to name a table after the object represented by one record.

This is a general design question, and both approaches are valid. Which one is better depends on your real context. If the User class has few attributes and is a rather simple model, having it to ...

why? i think it's a collections of users thats why doing that..

Before it's too late, stop naming database tables in plural.

It should be noted that Argon2 is weaker than bcrypt for run times less than 1 second. (i.e. for authentication) Actually, bcrypt is stronger than Argon2 for authentication (target runtime < 500ms....

Thanks!! I hope l could get some Infos from there

This might be related to this: https://github.com/spring-projects/spring-security/issues/15769?utm_source=chatgpt.com