I'm actually having issues with this in Spring Boot 2.0 and Spring Security. I understand that Spring Security now secures everything, which inclues static resources, and have implemented the suggested line of code:
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
I've added this to my WebSecurityConfig, but it seems like my static resources still cannot be found/mapped/loaded. I'm upgrading from Spring boot 1.5.13 to 2.0.2. Everything is in it's appropriate location.
Anyone else still having this problem? Thanks!
Related
I have a Spring 5 MVC application without Spring Boot that I need to migrate it's current Spring Security LDAP implementatino to a new Spring Security OAuth2 Resource Server implementation. I tried for several days without any luck to convert this application to Spring Boot and I am hoping I can do this migration without Spring Boot, the problem is that all the resources I found so far (examples,guides,etc.) only work with Spring Boot.
Any help is greatly appreciate it.
I'm in the process of migrating away from the spring-security-saml module that has been deprecated to the new SAML support built into Spring Security 5+. I'd really like to not have to migrate this entire project from Spring Framework to String Boot at this time, so does anyone know if there is documentation on how to get Spring Security with SAML working on vanilla Spring Framework, everything I've seen has been only Spring Boot. Any help would be majestic!
I tried to upgrade my sample to Spring Boot 2.1.0.RELEASE, the PostControllerTest which used #WebFluxTest failed due to Spring Security protection. But in the initial version(Spring Boot 2.0.0.M7) it worked.
This is the expected behavior as of Spring Boot 2.1.0. It's been implemented in spring-boot#13632 and a similar issue has been raised already about this. We're aligning with the behavior of Spring MVC auto-configuration here.
You can learn how to improve your test configuration in the Spring Security documentation.
Got a problem with authentication configuration with Spring Security 5.0.0.RC1 in a Spring Boot 2.0.0.M6 application. All the samples I've managed to find are being based on WebSecurityConfigurerAdapter (like this one for example), which on it's turn depends on the javax.servlet.Filter. As spring-boot-starter-webflux by default goes with Netty, expectedly there is no Servlet API implementation included, so the configuration done this way can't even be compiled.
Am I missing some Netty-compatible way of having authentication configured?
I am using spring-boot to develop webservices, but I don't want to use WsConfigurerAdapter to define a WSDL and all, because I want to deploy my war into WAS7 and it does not support Servlet 3.0. So how would I add a web.xml configuration into my application.
Spring Boot doesn't support Servlet 2.5 out of the box, however you can use Spring Boot Legacy to get things working. Take a look at the Google App Engine sample application for an example of how to use Spring Boot Legacy and web.xml.
You may also be interested in this Spring Boot issue which is proposing to make Spring Boot Legacy an official part of Spring Boot.