I have implemented the SAML configurations as mentioned in https://github.com/vdenotaris/spring-boot-security-saml-sample but its not populating the '#CurrentUser User user' in the landing controller method. loadUserBySAML() of SAMLUserDetailsServiceImpl gets SAMLCredential properly.
I have XML based MvcConfig,whereas the WebSecurityConfig(for SAML) is Java based Config. Have added 'bean class = "CurrentUserHandlerClass' in 'mvc:argumentresolvers'. So while invoking the landing Controller method below exception is thrown
please help me out and comment it if you require something
Its now solved as the controller URL was missing in the securitychainfilter
Related
I set up Spring Security with a custom Authentication Provider.
Custom authentication works normally if method security (such as #Secured) is not set.
But when I set up Method Security, AuthenticationServiceException occurs.
I tried debugging.
authenticationManager.authenticate was called once more upon entering a controller with method security enabled. However, the authentication manager was empty(=NoOpAuthenticationManager) at this time.
I called the API below.
#RestController
#RequestMapping("/test")
#Secured("ROLE_USER")
class TestController
I found a solution.
I had set the setting as below.
spring:
main:
lazy-initialization: true
I think the cause was an lazy injection.
I am using spring-security-ldap to add LDAP authentication to my application. It is configured like so:
auth.ldapAuthentication()
.userSearchBase(ldapConfigProperties.getUserSearchBase())
.userSearchFilter(ldapConfigProperties.getUserSearchFilter())
.contextSource()
.managerDn(ldapConfigProperties.getManagerDn())
.managerPassword(ldapConfigProperties.getManagerPassword())
.url(ldapConfigProperties.getUrl())
.and()
.userDetailsContextMapper(ldapContextMapper);
The ldapContextMapper is an instance of a custom class called LdapUserContextMapper that implements UserDetailsContextMapper.
Inside mapUserFromContext() I use the DirContextOperations to retrieve several attributes from the LDAP user to construct a concrete User POJO. However, I just can't get access to operational attributes like memberOf. I tried every solution I could possible find on the web, but nothing seems to have worked.
For instance, ctx.getObjectAttributes("memberOf") returns null. Attempting to call ctx.search("", "", searchControls) with custom SearchControls with SUBTREE_SCOPE yields a not implemented exception from DirContextAdapter.
Any ideas?
I eventually ended up instantiating my own ContextSource and then using a custom ObjectPostProcessor, just as described in this issue.
I have a spring boot application with spring security. It works fine.
I call HTTP://localhost:8080/test request
AuthenticationProvider catches this request and authenticates the user.
MyController starts working
Now I need to add license checking to this chain.
I call HTTP://localhost:8080/test request
AuthenticationProvider catches this request and authenticates the user.
Somebody checks the license and redirect to the next step or returns an exception
if the 3-th step is a success - MyController starts working
I need to understand who is Somebody on 3-th step - Interceptor, Filter, or something else?
I would create a CustomAuthenticationProvider that is using the underlying default functionality for authentication and additionally does your licence checking.
In Spring Boot, what is the purpose of server.error.path property in application.properties file?
The documentation just says:
Path of the error controller
But I want a clear description of this property with an example.
server.error.path - used as part of url for error pages.
site.getBaseUrl() + "/error"
For example some error happen on server side and you decide redirect user to error page like this:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/images/custom-error-page-aws-404-example.png
Code example of error controller you can find here:
https://www.logicbig.com/tutorials/spring-framework/spring-boot/implementing-error-controller.html
You can use this property in #RequestMapping("/error"). But instead of "/error" you can use "${server.error.path}"
UPDATE:
Also, Spring Boot BasicErrorController use server.error.path property
Property server.error.path in spring boot application used to define an error path while dealing with custom error handler. In Spring we create custom error handler using functional interface ErrorController, ths interface has a String type method getErrorPath which helps us to return the error page path(our error page as view).
But from Spring 2.3.0 this getErrorPath() method has been deprecated and replaced with server.error.path to manage the error path.
e.g. server.error.path=/error
For more detail about interface ErrorController, please refer Spring doc for ErrorController
I created web application in spring and handled exception mappings for 404 and 500.If system doesn't find any resources for requested URL it redirects into custom 404.jsp instead of regular 404 page.Everything works fine till have decided to add a webservice in my app.I have included one more controller as a webservice there is no view for this controller and this needs to be invoke through curl command.
User may get into change the curl script.If they changed the URL it should show 404 status code.But it returns the custom 404.jsp as a html response instead of status code.Because dispatcher servlet will takes all urls with /*.
How I can solve this issue?
Please share your suggestions.
Spring 3.2 introduced the #ControllerAdvice, and as mentioned in the documentation:
It is typically used to define #ExceptionHandler
That means you can use the #ControllerAdvice to assist your #Controller like the following:
#ControllerAdvice
class GlobalControllerExceptionHandler {
#ResponseStatus(HttpStatus.NOT_FOUND) // 404
#ExceptionHandler(Exception.class)
public void handleNoTFound() {
// Nothing to do
}
}
For further details please refer to this tutorial and this answer.