I have established connection between my Spring project and MySQL DB, I also have an existing HTML site with login and register templates. Can someone point me into the right direction on how to connect Spring with my existing HTML?
In order to implement login and register workflow you need to implement few things:
REST API http endpoints for login and register - you can use Spring for that
Data base of some sort to to store users data (that should be encrypted) - you can use MySQL for that
Some sort of mechanism to authenticate users - I recommend using JWT for that
Considering your tech stack, which include Spring (I guess it is Spring Boot), and MySQL I can suggest going through this great article which walks you through building login workflow using Spring boot, MySQL and JWT
I can also recommend using existing technology for managing user data, specifically I recommend KeyCloak which is a Open Source Identity and Access Management.
Related
I have an Admin Dashboard React Bootstrap Template and I want to create the backend for it.
I have built a separated REST API on a separate port using Spring that queries a Postgres DB. The frontend just fetches the API.
The problem is that I want to have different user roles: different Navbar items, different page content, etc. based on permissions/role.
I've tried using spring-security and it works when accessing API, but I don't know how to connect it to the front.
How can I implement RBAC for a separate React Front, Spring API Back web app?
Spring Security doesn't have any direct support for front-ends, though Spring does have a few blog posts that describe how a JavaScript front-end can coordinate with a Spring Security-protected back-end.
The key insight is a /user endpoint for transmitting the user's details to the front-end.
Does any of you have some example of Custom Spring Security Login form using REST Api? I am actually trying to create my own, and the problems I'm facing are:
How should be named classes, is it User and Role? Cuz I seen many different versions of it.
Where should I post JSON file with login and password?
How should it look like?
Thanks in advance for all answers and examples of your code (github or something).
REST APIs are usually stateless. It does not know something about a session. So i think you're looking for an basic auth to protect your API.
Or you could use openid connect and check the roles based on a token. This would give you more flexibility for pre conditions and post conditions processing a service call.
Here is a good example of openid connect with spring boot and google implementation. Other provider are adaptable. Baeldung - Spring Security openid connect
If you're just looking for a simple solution with basic auth, take a look here
Baeldung - Spring Security basic auth
yes, you can use form login and rest API together, but that means that your rest API isn't going to be stateless, it means that a session will be created and rest APIs are usually stateless, that's why you have to use basic auth, jwt, etc when creating a rest API, but if you really want to use rest API with form-based authentication, I made an example for you, check this link
This example uses Spring Boot, Spring MVC, H2, Spring Security with custom form login, Spring Data Jpa, but again it's not recommended to use form login for rest API.
Regarding to your questions
How should be named classes, is it User and Role? Cuz I seen many different versions of it.
It's up to you
Where should I post JSON file with login and password?
If you are using spring security form-based authentication, there no need to post a json
I have followed a bunch of guides to no avail.
I think I have a pretty simple case so here goes:
I want to create a REST API using Spring (Boot). I have a user database which I access using Spring Data and I have already prepared a UserDetailsService for it.
Now I want to add OAuth2 security using the implicit flow, however I have not been able to get this to work. I do not wish to separate the Authorization server and the Resource server since the key is to keep deployment simple.
How would you go about this?
I have several multi module spring web application each application like below, each of them differently develop no inter - connection.
war
|...webModule
|...coreModule
I want to integrate them with one admin module with security settings.
How can i do that?? is their any frameworks for that??
I go through the OSGI approach but it has lot migration work. What about component based (I never do that)... Can any one suggest some way to create my integration application which can handle common login & security for other sub application ? (need single sign on multiple war solution)
I strongly advise reading up on the Angular JS and Spring Security series, especially related is the https://spring.io/blog/2015/01/20/the-resource-server-angular-js-and-spring-security-part-iii
The approach that they describe seems completly viable for you. Key points
Spring Security uses the HttpSession to store authentication data by
default. It doesn’t interact directly with the session though: there’s
an abstraction layer (SecurityContextRepository) in between that you
can use to change the storage backend.
After authenticating through your admin module you should store your authentication data into a storage accessible to all your other modules, and using a session id as a key for the data. You can easily achieve this with a help of Spring Session where you can use an out-of-the-box supported Redis as your shared storage for authentication data.
Finally, the key will be set inside a custom header of the requests that target other modules, which will use this custom header and a changed session strategy to pull the authentication data from the storage and authenticated the user
There are quite a few details behind the approach, but the series come with the sample implementation so you should be able to find your way
I currently have a web application that is using the Spring Framework for authentication and authorization. I have a customer base that is wanting to implement Oracle Access Manager for authentication and authorization. Does anyone have any ideas how complex this migration will be given my current web application setup below?
Current Web Application:
uses custom Spring based filter for Single Sign On authentication
uses Spring form based security
web application currently uses MySQL and implements the Spring org.springframework.security.core.userdetails.UserDetailsService to authenticate a user against a MySQL table that has a username and encrypted password
UI is written in JSF/Facelets and uses Hibernate JPA implementation for all CRUD operations to MySQL
I've done a reverse migration once, from Sun Access Manager to plain Spring Security.
From what I've seen in legacy AM access code, your problem may be solved with single custom Spring Security filter, that accesses AM for authentication and authorization using this API (link may be outdated). So customer will be able to manage users and roles in Access Manager, but no architectural changes will be required for application itself.
AM access snippet (not tested):
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
AMIdentityRepository repo = new AMIdentityRepository(adminToken, "realm_name");
IdSearchResults res = rep.searchIdentities(IdType.USER, uid, new IdSearchControl());
I've never done such integration myself, so maybe more proper ways exist.