Questions tagged [security]

26921 questions
0

votes
0

answer
30

Views

Using Variables in a Firestore Security Rules “List” operation

I'm attempting to setup security rules that allow access to a collection, based on the value of a document field in a subcollection. This works as expected when retrieving an individual document by id, which is a get operation. However, when querying main_collection (a list operation), this fails w...
cokeman19
1

votes
2

answer
2.4k

Views

Spring Boot keycloak and basic authentication together in the same project

I have an issue with Spring Boot security. What I want is to have two different authentication for the same project at the same time in Spring Boot. The one is SSO (keycloak authentication) for all path except '/download/export/*' , the other one is Spring Boot basic authentication. Here is my conf...
gubak
1

votes
1

answer
194

Views

Invalidating JWTs on sign out?

I'm new to JWT and was wondering if it is possible to invalidate/void JWTs on the server-side when a user signs out of an application (I'm also wondering if it even makes sense to do so!). Idea is: User clicks a sign out link in their app App makes a call to POST https://api.myapp.example.com/auth/i...
smeeb
0

votes
0

answer
4

Views

Perplexities in spring security method POST and GET

I have a strong doubt in the use of Spring security specifically I want to know how to defend functions connected to the controller (GET and POST). Let me explain better, to defend I do not intend to perform that action to authorized users with certain roles, I intend to defend that action even by a...
Luca De Angelis
1

votes
1

answer
872

Views

How to get userinfo in springboot using keycloak?

I was able to get the username by using: @Autowired private HttpServletRequest request; Principal user = request.getUserPrincipal(); mqMessage.setUserName(user.getName()); But I want to get the firstName & lastName of the user logged in. How can i get the ff. userinfo using SpringBoot keycloak adapt...
LogronJ
1

votes
2

answer
923

Views

Springboot security+jwt 'springSecurityFilterChain' error

I got some error on my springboot code. But i'm not able to know why that is having error and not working. I used Jpa. and that was working well (as on clearly before using security and Oauth,jwt) i added filter to @Configuration. logs are on here org.springframework.beans.factory.BeanCreationExce...
tryAll
0

votes
2

answer
55

Views

trying to secure website but also keep Home (index) page public MCV5 asp.net identity

I have a site with a few pages and I implemented login and register. then I implemented SSL and added redirects for anyone trying to access the site without HTTPS with the following code: first I changed the project to only allow SSL HTTPS in project settings GLOBAL ASAX protected void Application...
Moi Hawk
1

votes
1

answer
42

Views

Is it secure to build a Cipher object with a SecureRandom object which has a fixed seed?

A colleague of mine asked me to check if his code is secure enough. I saw some code snippet like this: private static byte[] encrypt(String plain, String key) throws Exception { KeyGenerator kg = KeyGenerator.getInstance("AES"); SecureRandom secureRandom = new SecureRandom(); secureRandom.setSeed(k...
Mackerel
1

votes
1

answer
22

Views

Password saving for API usage (php and mysql)

I am using Instagram API by mgp25. Here, you can gain access to the IG api via "logging in": the API (in php) requires a password and account id to be in plain text format when gaining the access. Here is the setup that I have: I have a site where there are users and the site has IG API integration....
steve Kim
0

votes
0

answer
4

Views

Spring 4 Security + CORS + AngularJS - Weird redirect

I am having issues with my Spring Backend and an AngularJS Frontend. As an info, I'm pretty new to SpringSecurity an learning with this project as well. Both work seperately and are supposed to be able to run on seperate machines. ATM my frontend is running locally via gulp server on https://localh...
Vortilion
0

votes
0

answer
11

Views

which java community provides fastest java updates and security patches between Oracle, OpenJDK and AdoptOpenJDK?

I have searched the official websites of Oracle, OpenJDK and AdoptOpenJDK to find out release dates of updates provided by the communities. I can clearly see that AdoptOpenJDK takes longer that Oracle and OpenJDK to release the binaries. But I cannot figure out which community among Oracle and OpenJ...
kshitij
0

votes
0

answer
11

Views

How to Implement Spring security in Spring MVC application?

I'm new to Spring security. I have implemented spring security and have generated the JWT token. Now i need to get the user from the token and set it in the session so that the session for that user maintains until the token expires or logged out. On the other hand i need to access the API's from t...
0

votes
0

answer
4

Views

unable to find valid certification path to requested target. No security certificates are applied and yet I get this error. Why?

A test build of a jdk10 app is deployed on a machine. No SSL certificate is applied. This is a fresh set up. And yet I get below error when I try to run the app. Database and app are on the same machine. So is tomcat/nginx etc. Caused by: sun.security.validator.ValidatorException: PKIX path building...
Dhiraj
0

votes
0

answer
7

Views

JHipster WebFilter Not Reusing RememberMeServices

I'm copying SecurityConfiguration from a JHipster 4.14 app over to a new 5.7 app, and I don't expect it all to work uniformly, but I've found myself stumped as to how to properly wire overrided RememberMeServices into the web filtering stack. The AbstractAuthenticationProcessingFilter instantiates a...
patrickjp93
1

votes
0

answer
13

Views

How do I avoid java Security Information popup?

Problem - Java security information popup appears when applet based application loads in the browser. When I click run and check "Always trust content from the publisher" The application runs and certificate is added to java user trusted certificates list. When I run the application the next time, t...
Nishant
0

votes
0

answer
6

Views

Firestore many-to-many security rules?

I have admins that can manage various forums, for example this admin has access to forumA, forumC and forumQ: account.forumAdmin = { forumA: true, forumC: true, forumQ: true }; There are also users that belong to different forums, for example this user belongs to forumA and forumX: account.memberOf=...
Baz
0

votes
0

answer
6

Views

how to protect access to my microservice hosted on AWS from internet and allow only whitelisted IP's of proxy

I have hosted multiple microservices in AWS and these are managed through ECS (multiple service under one cluster). I have configured an ALB with different target groups pointing to these services. I also have route 53 configuration to point to these services. Now i have a requirement to whitelist...
VinothNair
1

votes
4

answer
1.4k

Views

How secure is it to connect to a MySQL database from an Android app?

I am working on an Android app that deals with some slightly sensitive information (Names, Usernames, Passwords, Badge number, etc)... As far as code work goes, I know how to connect to a MySQL database with PHP and pull information from it via JSON. I am just worried about the security of doing th...
Drakogate
0

votes
0

answer
14

Views

Encrypting and then decrypting a string in PHP

My encryption function works fine but I cannot reverse it into decryption function. How to do that? Any thoughts? Here is my code //CORRECT ENCRYPTION METHOD function encrypt($data) { $key = "SiadajerSiadajer"; $iv_size = 16; $iv = openssl_random_pseudo_bytes($iv_size, $strong); $encryptedData = op...
Pozeracz Sloikow
0

votes
2

answer
57

Views

Returning HAL json from HttpServletResponse

I am trying to return a response body in my "successfullAuthentication" method in "UsernamePasswordAuthenticationFilter" using HATEOAS, but is returning the links in this format: "links": [ { "rel": "self", "href": "http://localhost:8080/api/users/5c55ee26911e9f04acb77c91", "hreflang": null, "media"...
Bisgaard
1

votes
2

answer
685

Views

What is the alternative option of self-signed certificates in production for internal systems authentication

I Want to authenticate systems deployed on different servers with each others using certificates. If it wasn't a self-signed certificate, what should it be to let each system has its own certificate and trust in in the other server in the production environment? The signed certificates are paid and...
Homam
1

votes
1

answer
12.7k

Views

SpringSecurity : decode a password encoded with PasswordEncoder

I have stored (and encoded) an email password. I have used PasswordEncoder (Spring security). passwordEncoder.encode(password); Now I need to decode it in order to use it in javax mail. (the password is used to connect to the email provider(yahoo, gmail, etc). Is there a way to decode this password?...
user1260928
1

votes
1

answer
628

Views

Need to Hide information in an activity or a fragment when app running in background

i am using one app, for example chrome with some confidential information and i am switching it to background & i am trying to kill the app. i uploaded the example image when trying to kill the app. even the session the expired it won't close the information in the killing stage when app comes fore...
user3546693
1

votes
1

answer
8.3k

Views

SOAP client request with username and password in header

I have the the following Java client for making a SOAP request: package com.example.petstore.test; import java.util.GregorianCalendar; import javax.xml.datatype.DatatypeConfigurationException; import javax.xml.datatype.DatatypeFactory; import javax.xml.datatype.XMLGregorianCalendar; import org.apach...
Toby Derrum
0

votes
0

answer
4

Views

I am new to spring boot please help me Error creating bean with name 'springSecurityFilterChain'

I got this error when i run the application i tried to solve this problem by reading several posts but make no sense please help me Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled. and org.springframework.beans.factory.BeanCreationExce...
tharinda
1

votes
2

answer
862

Views

secure session management without cookies

Some months ago, I visited a security workshop and we discussed some securitiy problems when using cookies for session management. I was told, that cookies originally were not designed for handling sessions. But how should it be done then?
Franz Deschler
1

votes
2

answer
97

Views

Storing MySQL credentials in a MySQL database

This is a similar question to "Storing MS SQL Server credentials in a MySQL Database" So, in theory, imagine I have 1 MySQL server. I have a "master" database, and then X number of other generic databases. What im looking for, is a way of using an app (for arguments sake, lets say a web app, running...
verenion
1

votes
2

answer
686

Views

InvalidGrantException, Invalid authorization code when running 2 Spring OAuth Server

Two services are there.I am using Netflix stack[Eureka/zuul]. AGGREGATOR-SERVICE USER-SERVICE [Spring OAUTH] when I am running one instance of user-service everything works fine but when I run another instance on another server I am getting below mentioned error and request[login oauth] gets failed....
cody123
1

votes
1

answer
1k

Views

Security difference between X-Frame-Options and Content-Security-Policy headers?

These HTTP headers seem to do the same thing, albeit with the latter having a bit more flexibility. Is there any additional security that the Content-Security-Policy offers?
Cisplatin
1

votes
1

answer
698

Views

Spring generating download link

Is there any way to generate temporary links for downloading file using spring web, security-oauth stack? For example domain.com/document/ed3dk4kfjw34k43kd4k3cc that works only on current session?
Fr0stDev1
1

votes
2

answer
1.4k

Views
0

votes
1

answer
98

Views

Can not get keycloak authorization token in spring

I have web application which and i am trying to make keycloak authorizations on JavaScript side I am going on keycloak login page and authenticating successfully. Here is my code var keycloak = Keycloak({ realm: 'demo', url: 'localhost:8080/auth', clientId: 'justice' }); keycloak.init({ onLoad: 'l...
Gog1nA
0

votes
0

answer
4

Views

Spring WebFlux and Spring Security how long does backend session lives?

I have setup Spring security to use formLogin, after login a session cookie is set in the browser, this session cookie is not persisted but is destroyed when I close the browser tab. However what information about the login is stored in the back end and how/when is this information cleared?
user3139545
1

votes
2

answer
5.6k

Views

symfony Full authentication is required to access this resource

I can not access the admin page from my symfony project. If I visit XXX.XXX.XXX.XXX/admin I get: Full authentication is required to access this resource However going to XXX.XXX.XXX.XXX/security/login gives me the login page. What am I doing wrong? security: # http://symfony.com/doc/current/book/sec...
Redman
1

votes
1

answer
3.4k

Views

Spring ControllerAdvice and authentication/authorization exception handling

In my Spring Boot appliation I have a following web security config: @Configuration @EnableWebSecurity public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { // @formatter:off http .headers().frameOptions(...
alexanoid
1

votes
1

answer
395

Views

What int value gets used for ServletRequestAttributes scope?

How does one know what value to give for the scope parameter when requesting an attribute value from a ServletRequestAttributes object? In particular, I would like to get the value of the _csrf attribute of a request sent to the Authorization Endpoint of this GitHub example app. I have a CustomOA...
CodeMed
1

votes
1

answer
864

Views

can I decompile a signed and installed android app?

I need to store some passwords inside an android app. I have no way around since this particular app cannot do authentication with a remote server. I was looking at this decompiler: http://www.javadecompilers.com/apk yet, I have a simple question that I see different answers online. Is it possible f...
gmmo
1

votes
1

answer
1.3k

Views

Flask Security- check what Roles a User has

I was looking at the flask-security api and i dont see any function that returns the list of roles a specific User has. Is there anyway to return a list of Roles a user has?
David Gonzalez
1

votes
1

answer
980

Views

Using AES Encryption for sensitive data in MYSQL - Implementation Questions

There are a number of questions that discuss storing sensitive information in MYSQL using encryption. Some make great suggestions about hardening the web server, database server, and web application (Store 'sensitive' data in MySQL DB). However, little has been discussed about the exact implementati...
OverlordvI
1

votes
1

answer
92

Views

Can an app-scoped security scoped bookmark be copied from one Mac to another?

I have a sandboxed application that uses a document format which can contain embedded filenames. E.g. some of these referenced files are for image files which the user selects in order to associate the image file with data stored in the document. Whilst such images will sometimes be located in the u...
user876725

View additional questions

Смотреть фильмы онлайн бабушка легкого поведения 2 фильм бесплатно