Search:

Different <http> blocks define separate filter chains. The point is that you can use different <form-login> configurations for each chain, for example. That's exactly what it's intended for. If one...

This is explained pretty clearly in the manual.

hasIPAddress is implemented by calling the HttpServletRequest object and so is only available in web expressions. There's no guarantee that a method...

Don't use SaltSource or the old interfaces unless you have a legacy application which requires them. Use an encoder which generates its own random salt where you don't have to worry about it....

No, it's no longer maintained. The original developer did not keep it up to date and it's not something there has been much demand for or interest in maintaining from elsewhere.

In these...

Also, please stop posting lots of versions of the same question everywhere - i.e. here and all over stackoverflow.

If you are using bind authentication, you don't need a password encoder. How the password is stored in the LDAP directory is irrelevant from an authenticating client's perspective. Any encoding of...

The 3.0.x code is actually still built using Maven, so "mvn install" is the way to go there. We didn't move fully to gradle until 3.1.x.

Also, I would recommend you use the latest release rather...

No, there's no functionality for checking CRLs. The SSL handshake is performed by the servlet container, so that is most likely where any CRL checking ought to occur. Spring Security's X.509...

The log shows a failed authentication



followed by the re-rendering of the login page.

Hi all,

We've finally put out the first GA release of Spring Security 3.1.

There's a summary of changes in the reference manual and you can find more details of the issues which have been...

You are confusing configuration of the FilterSecurityInterceptor with the FilterChainProxy. The latter maintains the filter chains which requests are mapped to - you should configure an empty filter...

Precisely. Unless they can explain in detail why it is insecure, then they are wasting your time. If it is someone who is sales-driven, the chances are that they do not even understand the technology...

Check out https://jira.springsource.org/browse/SEC-1847

Probably because it isn't stored in the session. If you have a valid logged in user, then use the standard servlet API methods to retrieve the user name, as Spring Security implements these.
...

Look at the tutorial sample. It is used there.

I believe there's a version of RestTemplate in Spring Android. I'd suggest you start by looking at that. Otherwise, I'm sure you'll find other resources on the web on developing a REST client for...

A good starting point would be to take a look at the docs. In particular the Javadoc for the package.

By default, X509AuthenticationFilter catches authentication exceptions from the AuthenticationManager. So you must be doing something different in your custom filter.

Post your code, configuration...

I've removed the use of the methods so hopefully it shouldn't occur with future builds (see https://jira.springsource.org/browse/SEC-1830).

You aren't using those methods.. at least not in what you've posted. It just so happens that Spring Security is using them internally.

Sounds like STS is being smart and reporting that deprecated methods are used in the bean parsing code. I'm not sure it should be doing that, since it doesn't actually represent a problem with your...

I'm not aware of any alternative intergration options, but I don't really know much about portlets when it comes down to it.

Hi. No, the portlet code is unmaintained and is likely to be dropped in future. You are welcome to fork it and use it as you see fit.

This is rather vague ("Spring suddenly stops reading cookies"). You'll need to provide some debugging information. What have you done to monitor the cookies being exchanged? Have you related this to...

The annotations are just a holder for security metadata attributes for the security interceptor to process. I've never heard of anyone using empty values in them before, so previously you were really...