I have to work on an application that old interns started. The backend is made with spring-boot and using Kotlin, which I'm very new to both. The backed is a RESTful API and I need to implement an authentication and authorizations to limit the access to specific users the CRUD methods.
There's basically two user roles I need to create, an admin and a moderator one that can have access to less methods.
Does anyone have a guide on to how to make it possible?
I've found this tutorial which seems like to do what I'm looking for but it's in java and I'm not able to code everything back into Kotlin.
Also, add access restriction on a websocket as well?
There is official guide for configuring security on Kotlin:
https://spring.io/blog/2020/03/04/spring-tips-kotlin-and-spring-security
Security for websockets has two parts for configuring:
for controllers
for message brokers
There is guide for that https://www.baeldung.com/spring-security-websockets on Java, but following the example in security configuration on Kotlin you will be able to convert Java to Kotlin, anyway you can always convert Java classes in Kotlin classes in your Intellij Idea as on image:
Related
So I have to build an offline project using MongoDB (with morphia), Java and React/Angular. I'm planning to work with react but all the solutions point to me using Spring Boot or Spring Data for this purpose. Is there no other framework that I could use to make this?
Its a very simple application where we need to list out some database entries and allow a user to make a request and change the entry values based on it.
I know Struts is also an option but remember that Im not actually going to deploy this online. This is like a show and tell to these lecturers on my own device.
NOTE I would have used Spring Data but as far as I know it doesnt have proper support for morphia? I could be wrong. Please let me know if it does
There are literally dozens of Java [micro]frameworks to chose from:
Vert.x
Javalin
Spark
Micronaut
Ratpack
Dropwizard
Ninja
Rapidoid
... and many more.
You can also try Play or Ktor or Grails. Or do some hardcore with Netty or Undertow.
Not to mention plain old servlets...
Vert.x in particular supports reactive MongoDB drivers: https://vertx.io/docs/vertx-mongo-client/java.
I have followed a bunch of guides to no avail.
I think I have a pretty simple case so here goes:
I want to create a REST API using Spring (Boot). I have a user database which I access using Spring Data and I have already prepared a UserDetailsService for it.
Now I want to add OAuth2 security using the implicit flow, however I have not been able to get this to work. I do not wish to separate the Authorization server and the Resource server since the key is to keep deployment simple.
How would you go about this?
I would like to add a Web User Interface for an existing Java project I did time ago. I learned basics of AngularJS on codeschool.com courses and now I know how to send an http or REST request to get data for my web UI.
My Java project has a set of methods that elaborate some data from a local database and return integers or integers arrays.
The goal of the interface would be to show a bunch of charts and data directly from that Java project.
What would be the most appropriate way to do this? I heard of implementing REST services on my Java project but it seems overkill for the purpose and i'm totally confused by all the frameworks for this. What would you use?
Thanks everyone for your answers!
I would use SprinvMVC to provide data from server to client side.
Here is my project from which you can start and learn basics :
https://github.com/xwid/thaimaster
Basicly you should create spring controllers mapped to urls, by doing it this way, you will be able to retrive server data using angular js.
http://www.javabeat.net/spring-mvc-angularjs-integration/
If you don't want to use a full REST framework such as Jersey, another possibility would be to use an embeddable HTTP server (there are several) and handle the requests yourself. This would mean that requests to something like /myapp/ would return your AngularJS filled HTML page, and requests to /resources/* would provide with REST functionality.
This would give you a standalone Java program that doesn't need a servlet container, but it would be a somewhat hacky solution. Not production grade, but you'd probably learn something from having to handle the HTTP traffic yourself.
With the Spring Framework's SprigBoot, it's quite easy to implement a REST service and have a runnable java application. You can follow this Building a RESTful Web Service guide from spring.io. They are clear and quickly understandable.
Also if you are not already familiar, through these guides you can have a glimpse of gradle and maven as well.
I have used various OAuth2.0 authentication based web application(facebook, twitter, quickbook, etc) and accessed their APIs for fetching data services. Now I am looking for developing an web based application which implements OAuth2.0 based authentication itself. User can create apps and get token and secret and other details. My programming language is Java. I could not find enough literature over the same.
I need some help in exploring the way to implement OAuth2.0 authentication or any specifications which can be implemented ?
I suggest working with Spring Security. It has very good extension for oAuth 2.0.
If you want an example in Java, based on Spring, have a look here.
Then, when you want to implement all necessary flows, like 'create account', 'forgot password', etc - you can use this project, that implements all these flows!
You can take a look at ApiFest OAuth20 project - https://github.com/apifest/apifest-oauth20.
It's written in Java and uses Netty as a server. As a storage, it currently uses Hazelcast(by default), MongoDB or Redis. Also, you can easily add another backend storage.You can see more about the project on http://apifest.com.
Good luck!
Which one is the best approach/method to implement security in Java EE?(JPA/JSPs)
I'm working on a personal project so I can learn Java EE and I am a little confused on how to approach the AUTHORIZATION and AUTHENTICATION process on my website.
I have different roles and I don't want certain users to access certain parts of the website. So I've been searching for docs and tutorials and etc, but everything I find dates to more than 3-4 years ago. Is there anything more recent that I should look into?
Here are some of the things I found:
http://www.oracle.com/technetwork/developer-tools/jdev/oc4j-jaas-login-module-083975.html
Any help would be greatly appreciated!!! :)
Spring Security. Although it is branded as Spring, you might find it useful for web applications; do note that you don't need to write a Spring app to use Spring Security.
If you wish to stick to JAAS, I would suggest using one of the container's login modules, just to get started, before you attempt to write your own login module. Be forewarned that you might end up writing one, if the container supplied modules do not meet your requirements. And, there is a good book on JAAS to help you understand it in detail.
Moreover, take a look at Servlet spec 3.0, to see how annotations can be used declare the roles (#DeclareRoles, which came in servlet spec 2.5) in the servlet itself, before defining what roles have access to what HTTP method (using #RolesAllowed). You can also employ annotations like #DenyAll and #PermitAll, to permit or forbid access to all users. #TransportProtected will ensure that the HTTP method is accessed over HTTPS. All one needs to do, is to map these roles in the source code, to actual roles in the JAAS realm; this often done using a container specific descriptor file.
ADDENDUM
Since you are using JSPs and not Facelets or any other technology for the presentation tier, you might be interested in the JSP tags offered by Spring Security. It is much cleaner that maintaining all of the authorization metadata in a humongous web.xml file.
As far as JPAs are concerned, well, the underlying access to them is usually enforced at the servlets or EJBs. Of course, you can build in more programmatic security, based on your needs - using entity listeners would help in this process as you would be able to intercept load, update and persist operations (if you are that particular, but for the most part building security before your business logic is executed usually is sufficient).
And oh, take a look at JBoss Seam (and Seam security), for it is a complete application development framework built on Java EE.
Something more recent than JAAS is the Spring Security framework. It supports JSR-350 (EJB 3) and thus would work fine in Java EE.
I worked on a Java EE application recently with JAAS. It's pretty current, you can check it's home page at Oracle.
It works with roles, authentication, etc.
You can use it in JBoss and Glassfish, probably the rest of the ASs too.
Spring security tutorial https://www.packtpub.com/spring-security-3/book. Highly recommended.