Explore

I am trying to secure my spring boot application with spring securitys own csrf library. When I am sending requests to my backend authentication endpoint, the first request i send (without any cookies), gets 403 and my backend saying "Invalid CSRF token found for "http://localhost:8080/api/v1/auth/authenticate" That is sort of expected, since i didnt add the csrf token as a cookie. In the response, i...

I try to go from Spring-Boot 2.7 to 3.1 - its regarding Security. What I have under old version 2. public class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure (HttpSecurity http) throws Exception { http.cors ().and () .csrf ().disable () .authorizeRequests () .antMatchers ("/web/test").permitAll () .antMatchers ("/web/**").hasAnyRole ("USER") .anyRequest ().authenticated () .and () .addFilter (new SecurityAuthenticationFilter (authenticationManager ())) .addFilter (new SecurityAuthorizationFilter (authenticationManager ()))...

I migrated our app to spring boot 3 and spring 6. There were some changes to spring-security, i have adjusted our config, but out authorization stopped working. Before we had SSO with keycloak and oauth2 configured. This is what i had: @Bean public ClientRegistrationRepository clientRegistrationRepository() throws IOException { return new InMemoryClientRegistrationRepository(this.clientRegistration()); } private ClientRegistration clientRegistration() throws IOException { ObjectMapper objectMapper = new ObjectMapper(); Resource...