No default password encoder method in above program
Can you please specify it

Background

Deleting a user requires ROLE_ADMIN authority
From my experiments, it's vital to place authorization expression before authentication

Video Shows (m1-l3)

The video tutorial is showing the following code:

         http
                .authorizeRequests()
                .anyRequest().authenticated()
                .antMatchers("/delete/**").hasRole("ADMIN")

Which results in in the delete operation being permitted, when the goal of the lesson was to show it is being denied since the user has a USER role only.

Next Lesson Has (m1-l4)

The correct expression is:

         http
                .authorizeRequests()    
                .antMatchers("/delete/**").hasRole("ADMIN")
                .anyRequest().authenticated()

Hello @eugenp,

First of all congratulations on the course, I'm learning a lot.

I'm having a problem logging out in the "oauth-client-end--client". When I'm logged in and I press the logout button, the client logs out locally but not on Keycloak. When I press again in the log in button, I'm still logged in because the session in Keycloak still exists.

I did some research and I found this (https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_security_adapter) and I was thinking if there is anything missing in the logout code.

Am I doing something wrong?
Thank you for your time.

Hello team,

I do keep an eye on the latest developments in this space (eugenp/tutorials) - can we have a SpringServlet-Intialization too to the main method? That would ensure the spring-boot dependency would be auto-fetched to the dependency-library when the code is built.

Main class for the Spring-data-jpa-enterprise-2 module given below.

https://github.com/eugenp/tutorials/blob/master/persistence-modules/spring-data-jpa-enterprise-2/src/main/java/com/baeldung/multipledb/MultipleDbApplication.java

Hei Eugen,

I read your nice blogs concerning Spring Security from baeldung.com. I'd like to consult you with one question, creating my custom Provider Manager.

In my Spring Boot application, I've come out my custom MyProviderManager where I'd like to control the logic inside method authenticate

public Authentication authenticate(Authentication authentication) {
     // instead of iterating in the AuthenticationProvider list one by one
     // I'd rather choose the right AuthenticationProvider based on the currently requested URL path
     RequestDetails requestDetails = authentication.getDetails();
     if ("/ad/sso".equals(requestDetails.getPath())) {
         return adAuthenticationProvider.authenticate(authentication);
     } else if ("/saml/sso".equals(requestDetails.getPath())) {
         return samlAuthenticationProvider.authenticate(authentication);
     } else if ("/oidc/sso".equals(requestDetails.getPath())) {
         return oidcAuthenticationProvider.authenticate(authentication);
     } else  {
         return ldapAuthenticationProvider.authenticate(authentication);
     }
     return null;
 }

However, I'm now having it hard to inject my custom MyProviderManager with AuthenticationManagerBuilder so that the method performBuild() in AuthenticationManagerBuilder will return MyProviderManager instead of the default one from Spring Security

I had even tried to come out my custom MyAuthenticationManagerBuilder exends AuthenticationManagerBuilder and overridden performBuild() method, but I faced the same issue of how to inject my custom AuthenticationManagerBuilder to Spring Boot

It is really appreciate if you could shed the light on the issues here or have better alternative ideas tackling my special requirements

I did not found Role Privilege implementation found in m9-l3, There is only Role based ACL not Role Permission based ACL.