So I'm busy with a Spring Boot REST server which connects to a PostgreSQL database.
My goal is to make an application which can easiliy be ported to android that is able to send a login JSON POST request and then maintain a session so that you don't require to send the credentials again for other GET requests. What are some ways that I could implement something like this?
I'm a bit confused as to what to use. Because there are so many library's, I also heard about a Spring Sessions library and Auth2. Auth2 however seems to be more applicable for integration with facebook/google login, which I do not want.
You will want to add spring-security to that spring boot in order to handle and maintain sessions. Take a look into their documentation and view this blog post to help you out. You will have some reading fun time, yeah!
Related
Does any of you have some example of Custom Spring Security Login form using REST Api? I am actually trying to create my own, and the problems I'm facing are:
How should be named classes, is it User and Role? Cuz I seen many different versions of it.
Where should I post JSON file with login and password?
How should it look like?
Thanks in advance for all answers and examples of your code (github or something).
REST APIs are usually stateless. It does not know something about a session. So i think you're looking for an basic auth to protect your API.
Or you could use openid connect and check the roles based on a token. This would give you more flexibility for pre conditions and post conditions processing a service call.
Here is a good example of openid connect with spring boot and google implementation. Other provider are adaptable. Baeldung - Spring Security openid connect
If you're just looking for a simple solution with basic auth, take a look here
Baeldung - Spring Security basic auth
yes, you can use form login and rest API together, but that means that your rest API isn't going to be stateless, it means that a session will be created and rest APIs are usually stateless, that's why you have to use basic auth, jwt, etc when creating a rest API, but if you really want to use rest API with form-based authentication, I made an example for you, check this link
This example uses Spring Boot, Spring MVC, H2, Spring Security with custom form login, Spring Data Jpa, but again it's not recommended to use form login for rest API.
Regarding to your questions
How should be named classes, is it User and Role? Cuz I seen many different versions of it.
It's up to you
Where should I post JSON file with login and password?
If you are using spring security form-based authentication, there no need to post a json
I am actually working to my university junior project.
I want to make a game using spring boot, this game will need a WebSocket.
I will surely need to make a REST API for user registration, deleting, updating, posting and getting data.
Am I going to be able to use WebSocket along with REST?
If yes please send me resources that can help me, otherwise please tell me what should I do.
I'm sorry if my question was not so smart but I am new to all of this.
Yes, your Spring application can easily use both WebSocket and REST APIs. If you're going to use Spring Boot, I'd suggest to take a look into their example projects (note the spring-boot-sample-websocket- directories). I think it's the best way to learn.
More on WebSockets, I'd suggest to use STOMP protocol. There is also a nice guide for it on how you can get started.
For your RESTful API, you'll be making simple controllers / services, there is tones of resources for this. You can also follow this guide to get started as well.
While Spring applications support both Websocket and REST API's individually, you can use Websocket connection to send requests to your rest API's too. Needs a little glitching tho, but I've made it work in this github repo. Using this library you can represent your rest-api's in a websocket based protocol.
I also made java (and springboot starter) for client.
I want to build a server for my android application.
My application lets users register and allows each user to request a list of all users registered to my application, so my server will be mainly in charge of receiving data from a user, updating the database, and sending data back to user on request.
Since I've never built a server I looked into what would be the ideal way to achieve my goals and after some reading I've found that Spring would be the right way to go, But I also found that there are all kinds of springs.
Eventually I've narrowed my options down to Spring MVC and spring Boot,
I've read that spring boot is a good start but I also read that spring boot does all the configurations for you and I want to really know how stuff works so I fear that spring boot will do all the work for me , So I thought of maybe using spring MVC but I couldn't completely figure out if Spring MVC would be good to achieve my goals or if it's mainly used for building web pages
So what would be the best suitable spring to use ?
I would prefer Spring boot. It's not just about it doing all the configuration for you. It's about Spring saving you from writing a lot of boilerplate code (you still have to do a fair bit of configuration though). Plus, it will be easy to spin up the app and test it locally (you can even test it with local file based h2 database, meaning you don't need to install any database into your machine).
Adding Spring Data JPA dependency with Spring boot will take care of persistent layer as well. And if you want to write jsp or html pages then I would recommend having a look at this thymeleaf example.
Here's the sample CRUD application I have developed with Spring boot and here's my own blog about it.
Spring MVC stands for model,view,controller. View, in general is something which is returned after your business logic has been executed and mainly suggests webpages. Spring Boot would be the easiest way to set up your server for the application. However, if you want to know how things work you can go with the basic spring. Spring, too provided classes like JdbcTemplate to reduce your boilerplate code, however it forces you to configure things yourself.
You do not have the comfort of annotating a resource and watching as the magic happens. If you want to speed up setting up a server and make things less complex go for Spring Boot.
I am currently working on a Spring MVC web application which calls separate AuthServer (resource owner password credentials). My question is it ok for the Spring MVC web app to implement and handle its own login interface while it needs to be integrated with the separate AuthServer. Any idea on how to handle it using Spring Security? I wonder if is it possible to put authentication (OAuth password grant) in WebSecurityConfigurerAdapter. BTW, AuthServer is on the same server but different application, not on a separate server like Facebook or Google AuthServer.
I have done my research but did not found an answer on the possibility. Hope someone could help me on this. Thanks in advance.
I have implemented such a thing. I am not sure if this is the best way to do it, but it is maybe the fastest. So in the WebSecurityConfigurerAdapter- authenticate method - just work with your other authorization server and handle the exceptions there- you can wrap the other server responses and exceptions with your own corresponding to your structure. That worked for me.
I have followed a bunch of guides to no avail.
I think I have a pretty simple case so here goes:
I want to create a REST API using Spring (Boot). I have a user database which I access using Spring Data and I have already prepared a UserDetailsService for it.
Now I want to add OAuth2 security using the implicit flow, however I have not been able to get this to work. I do not wish to separate the Authorization server and the Resource server since the key is to keep deployment simple.
How would you go about this?