!tyUkzuxcwjMphNuxek:matrix.org

spring-security

62 Members
Welcome. Ask away! Unless otherwise specified we assume you're using the latest 5.x version of Spring Security1 Servers

Load older messages


SenderMessageTime
6 Jan 2021
@gitter_fdutton:matrix.orgfdutton (Gitter) joined the room.02:25:22
@gitter_fdutton:matrix.orgfdutton (Gitter)Hi all,02:25:22
@gitter_fdutton:matrix.orgfdutton (Gitter) I'm rewriting our Zuul-based gateway to use Spring Cloud Gateway and have encountered some difficulty. I understand that Spring Cloud Gateway is based on WebFlux instead of WebMVC. What I noticed is that my implementation of WebSecurityConfigurerAdapter is not getting invoked. Is there a WebFlux equivalent to WebSecurityConfigurerAdapter or am I looking in the wrong place? 02:31:47
7 Jan 2021
@gitter_eightmonth:matrix.orgEightMonth (Gitter) left the room.02:09:30
8 Jan 2021
@lazyprophet:matrix.orglazyprophet joined the room.08:13:57
11 Jan 2021
@gitter_dsteegen:matrix.orgdsteegen (Gitter) left the room.12:39:18
@rchrd:matrix.orgrchrd joined the room.15:01:47
12 Jan 2021
@gitter_kidfrom:matrix.orgkidfrom (Gitter) joined the room.07:21:15
@gitter_kidfrom:matrix.orgkidfrom (Gitter)Hi, do anyone here have bootcamp class for Spring WebSocket with Spring Security?07:21:16
13 Jan 2021
@gitter_nickmelis:matrix.orgNick (Gitter) joined the room.10:24:11
@gitter_nickmelis:matrix.orgNick (Gitter) Hi there, does anybody know what the plans are with spring-authorization-server? I'm in the process of building my own OAuth2 Authorization server, and I found that the current version of spring-authorization-server still has some limitations (RSA keys only, fixed JWT expiry, no custom claims, etc...) and was wondering what the best approach is right now. I heard the old @EnableAuthorizationServer has been deprecated, so what's the best way to build my service? 10:24:11
@gitter_orangedog:matrix.orgJames Howe (Gitter)spring-security-oauth2 still works11:24:02
@gitter_orangedog:matrix.orgJames Howe (Gitter) (edited) ... still works => ... still works, spring-authorization-server isn't finished. Those are your options. 11:24:24
@gitter_orangedog:matrix.orgJames Howe (Gitter) (edited) ... your options. => ... your options if you want a Spring auth server. 11:24:33
@gitter_nickmelis:matrix.orgNick (Gitter) @OrangeDog do you know when the first release of spring-authorization-server is planned for? 12:10:59
@gitter_orangedog:matrix.orgJames Howe (Gitter) I haven't really been involved. "When it's done" I think. 12:11:24
@gitter_nickmelis:matrix.orgNick (Gitter)I see, thanks. It seems that my best option is to stick with the old spring-security-oauth2 for the time being12:12:11
14 Jan 2021
@gitter_aaugusta:matrix.orgaaugusta (Gitter) I've got a WebFlux/Netty RSocket-over-WebSocket setup.
Is there any way to have the Authentication established at the time of the websocket connection be made available to my @MessageMapping method?
14:17:37
@gitter_mastap:matrix.orgPavel Grigorenko (Gitter) joined the room.14:17:45
@gitter_mastap:matrix.orgPavel Grigorenko (Gitter)Hi, were you able to solve this?14:17:46
@gitter_ghahramani:matrix.orgNavid Ghahremani (Gitter) joined the room.14:55:38
@gitter_ghahramani:matrix.orgNavid Ghahremani (Gitter) Hey guys, I found a very critical bug in spring security rsocket, could anyone help me to understand why this is happening?
spring-projects/spring-security#9345
14:55:38
@gitter_maxtorchio:matrix.orgmaxtorchio (Gitter) joined the room.19:01:57
@gitter_maxtorchio:matrix.orgmaxtorchio (Gitter) Hi people! I'm using "org.springframework.boot:spring-boot-starter-oauth2-client" (with gradle plugins 'org.springframework.boot' version '2.4.1' and 'io.spring.dependency-management' version '1.0.10.RELEASE') and i'm having an error "Caused by: org.springframework.security.oauth2.core.OAuth2AuthorizationException: [invalid_token_response] An error occurred parsing the Access Token response: Unexpected type of JSON object member with key "scope" ". It's supose it's fixed at "spring-security:5.4.2" (dependency i should have with spring-boot 4.2.1 ) but still doesn't work :( . Any help? 19:01:57
@gitter_maxtorchio:matrix.orgmaxtorchio (Gitter) (edited) ... Any help? => ... Any help? 19:34:23
@gitter_maxtorchio:matrix.orgmaxtorchio (Gitter) I'm using WebFlux and reactive configs 19:34:24
15 Jan 2021
@gitter_ghahramani:matrix.orgNavid Ghahremani (Gitter) (edited) ... happening? https://github.com/spring-projects/spring-security/issues/9345 => ... happening? https://github.com/spring-projects/spring-security/issues/9345 03:07:56
@gitter_ghahramani:matrix.orgNavid Ghahremani (Gitter)I found a workaround03:07:56
@gitter_ghahramani:matrix.orgNavid Ghahremani (Gitter) (edited) I found a workaround => Hey guys, I found a very critical bug in spring security rsocket, could anyone help me to understand why this is happening? https://github.com/spring-projects/spring-security/issues/9345 03:08:07
@gitter_ghahramani:matrix.orgNavid Ghahremani (Gitter)

I have no idea why this is happening but I could fix it via using unicast. Here is my WebClient part. Have a look into using Flux.merge and Sinks.many().unicast().onBackpressureBuffer<ByteArray>()

@MessageMapping("not-working")
    fun notWorking(@Payload data: Flux<ByteArray>): Flux<Result> {
        val sinks = Sinks.many().unicast().onBackpressureBuffer<ByteArray>()
        return Flux.merge(
            data
                .doOnNext { result -> sinks.tryEmitNext(result) }
                .doFinally { sinks.tryEmitComplete() }
                .flatMap { Mono.empty<Result>() }
                .log()
                .subscribeOn(Schedulers.parallel()),
            webClient
                .post()
                .uri(
                    UriComponentsBuilder
                        .fromUriString("http://localhost:9999/api/v2/uploads.json")
                        .queryParam("filename", "TestFileName")
                        .build(true)
                        .toUri()
                )
                .contentType(MediaType("application", "binary"))
                .body(
                    sinks.asFlux(),
                    ByteArray::class.java
                )
                .retrieve()
                .bodyToFlux()
        )
    }

So this works, but I am not sure this is the best solution as it is just a workaround. I think the framework should not throw that error. I let the spring security guys decide about it.

03:08:07

There are no newer messages yet.


Back to Room List