When I update the user who is logged in, it does not refresh the data on the fly, when I call it from User userDetails = (User) authentication.getPrincipal();

I am using JDBCUserDetailsManager to create users but when I try to login using the same details, I get Bad credentials error. Not sure what am I doing wrong. Can someone please help me understand what am I missing?

I have a Spring Boot application that uses Spring Security. My configuration worked fine in version 6.0.1, allowing access to APIs specified in the AUTH_WHITELIST. However, after upgrading to Spring Security 6.3.3, my custom /login REST endpoint returns a 401 Unauthorized error, even though it is included in the AUTH_WHITELIST.
Previous Configuration (Spring Security 6.0.1)

In a Spring Boot application I have created a custom ErrorController that handles all errors and decides the appropriate response, following the approach described here.

While we were using Spring Security 5.xx, SecurityContextHolder.getContext().getAuthentication().getName() was giving user name but after upgrading spring boot to 3.xx which uses spring security core 6.2.2 i am getting result as anonymousUser . This is how i did WebSecurityConfig

package com.scm.configurations; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; @Configuration public class SecurityConfig { private final SecurityCustomUserDetailService securityCustomUserDetailService; SecurityConfig(SecurityCustomUserDetailService securityCustomUserDetailService){ this.securityCustomUserDetailService = securityCustomUserDetailService; } @Bean public AuthenticationProvider authenticationProvider() { DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider(); daoAuthenticationProvider.setUserDetailsService(securityCustomUserDetailService); daoAuthenticationProvider.setPasswordEncoder(passwordEncoder()); return daoAuthenticationProvider; } @Bean public PasswordEncoder passwordEncoder() { return new […]

Certainly! Here’s the text you can paste directly into your Stack Overflow question:

I am trying to use AuthenticationManager.authenticate method in a login controller . However, when ever I try to authenticate any user , I get StackOverFlow error.

@Configuration @EnableWebSecurity public class EMediaSecurityConfig { @Autowired private UserDetailsService userDetailsService; @Bean public AuthenticationProvider authProvider() { DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); provider.setUserDetailsService(userDetailsService); provider.setPasswordEncoder(NoOpPasswordEncoder.getInstance());// plain text passsword return provider; } @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests((requests) -> requests .anyRequest().authenticated() ) .formLogin((form) -> form .loginPage(“/user-login”) .permitAll() ) .logout((logout) -> logout.permitAll()); return http.build(); // Build […]

I’m implementing SecurityFilterChain and setting it up so that only admins have access to that endpoint. When I log in with the admin account, it doesn’t allow me access.