29,113 questions
Advice
0
votes
1
replies
44
views
Regarding Implementation and understanding Filters in SpringBoot
I am a recently graduated student.I made a decision to become software developer,I know its weird because of current AI trend and impact on developers.But its not about that,I started learning java ...
Best practices
1
vote
0
replies
79
views
Configuring Spring Boot 3 (Spring MVC & Spring Security 7) for CORS public access (with credentials)
There are lots of good examples for how to configure Spring Boot for CORS online, but it seems to be very hard to find anything with an intersection of:
Using the APIs in Spring Boot 3 rather than ...
- 15.3k
1
vote
1
answer
106
views
How to have a CorsConfigurationSource in an Autoconfiguration in Spring Boot?
I am building a company-specific Spring Boot autoconfiguration. The code looks something like this:
@AutoConfiguration
@AutoConfigureBefore(SecurityAutoConfiguration.class)
@...
- 27.3k
0
votes
1
answer
113
views
Spring Boot OAuth2ResourceServer Excluding Paths (Cloudflare Turnstile)
I have a Spring Boot REST API written in Kotlin using Keycloak with Spring Security for authentication and authorization. I want to expose one endpoint publicly but protect it with Cloudflare ...
- 11
0
votes
1
answer
47
views
Use OpenFeign to call microservices within an authenticated user session
I have a setup where I use Keycloak for user authentication. I use Spring Boot and Spring Security. My backend successfully performs the authentication with Keycloak using authorization_code grant and ...
- 3,059
0
votes
0
answers
45
views
The sec tag cannot be displayed in thymeleaf?
I'm learning the spring security module.
Here is my security configuration class:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {
@Bean
public SecurityFilterChain ...
- 13
Advice
0
votes
2
replies
99
views
Is Spring framework 6.x compatible with Spring Security 7.x?
Is Spring framework 6.x compatible with Spring Security 7.x? I need to upgrade a servlet-based web application to the latest version of Spring Security, but due to some dependency limitations I can't ...
Best practices
0
votes
4
replies
75
views
Working around spaghetti lambdas and builder in Spring Security v6
I am working to adapt Spring Security v6 in my application and one of the GitHub projects I am using as a model has the following filterChain implementation in its @EnableWebSecurity Configuration ...
- 31.8k
2
votes
2
answers
312
views
MDC and SecurityContext propagation failing when using Virtual Threads (Executor)
I am migrating a Spring Boot 3.x application to use Java Virtual Threads. I have replaced my standard async executor with a virtual thread executor:
@Bean
public Executor taskExecutor() {
return ...
- 429
0
votes
1
answer
73
views
Spring Boot + Auth0: Health endpoint returns 401 on Azure App Service but works locally even though path is excluded from SecurityFilterChain
I'm implementing authentication with Auth0 in a Spring Boot application using the OAuth2 resource server.
Everything works correctly locally, but after deploying to Azure App Service, I cannot access ...
- 65
Best practices
0
votes
1
replies
134
views
Is it safe to reuse UserDetails from SecurityContext instead of querying the database again?
I am implementing JWT authentication with Spring Security. In this filter I validate the JWT, extract the email, and then load the user using UserDetailsService.
@Component
@RequiredArgsConstructor
...
0
votes
0
answers
165
views
Keycloak logout is returning Success status in Saml Logout Response and application is redirected to the home page but session still exist in Keycloak
My enterprise application code was working earlier for a long time, but without any change to it the SSO Logout for the SAML protocol using Keycloak (version 26.0.0) has stopped working.
Basically, I ...
- 446
0
votes
1
answer
165
views
@WebMvcTest behaviour related to security is different in Spring Boot 4.x compared to Spring Boot 3.x
Updated the question with my observations.
I am trying to understand Spring Security and i am stuck when implementing tests with @WebMvcTest.
I have a Spring Boot 4.0.3 project with spring-boot-...
- 664
0
votes
1
answer
108
views
How to disable security on tests annotated with @SpringBootTest?
I am trying to understand Spring Security and i am stuck when implementing the integration test.
I am using Spring Boot 4.0.3 with spring-boot-starter-webmvc, spring-boot-starter-webmvc-test, spring-...
- 664
0
votes
0
answers
89
views
@Pattern and @NotBlank on password field still triggered even when password is null, validation groups cause MapStruct mapping issues
I have a PATCH endpoint for updating user details. My UserRequest record has @Pattern and @NotBlank on the password field. I am facing two problems, one before using validation groups and one after.
...