I have a jasper server 6.3 commercial version. I have created set of users in jasper. Also I have a an application where the same users will be authenticated and have the auth token. I need to pass the token with the request to jasper and login by that user. without getting the login screen,
I read the token based authentication cookbook and it only covers the authentication with external users who are not previously created in jasper.
I thought of putting a custom authentication provider for this. would that be a good option ?
Please help.
Thanks.
Thusira.
Related
In our spring boot app, we are using keycloak and we configured multiple external IDP. Everything is working successfully on browser based. The login page that is provided by keycloak is showing direct grant option in addition to login with IDPs then if user clicks to login using IDP, he is redirected to IDP's login page then our keycloak receives the token.
What I want to change in that flow is that instead of showing user login page of keycloak I want to show him login page from my app(my FE) which is dealing with my BE api. My BE would dealing with KC. then If user select to login with IDP I want to get the redirect url from KC to pass it to my FE. Then after getting the token I want to redirect user to my FE immediately.
In other words I don't want users to access KC directly this should be throughout my BE
Your client applications should never have access to users credentials.
I'd consider things an other way arround (I make assumptions on your setup because you didn't give much details about it):
provide Keycloak with a custom theme to match your client application(s) look & feel
probably change your Spring backend configuration from client to resource-server. In OAuth2 wording, REST APIs are resource-server, not clients.
probably switch from 302 (redirect to Spring's oauth2Login) for unauthorized request to 401 (which is the standard HTTP status for unauthorized request)
probably, in your SPA client(s), use one of certified OIDC client libs to handle authorization-code flow with PKCE, silent token refreshing before it expires, HTTP interceptor to insert access token, route guards with auto-login,... My favorite for Angular is angular-auth-oidc-client
If I'm right about your REST API being configured with spring-boot-starter-oauth2-client and if you don't know yet how to configure it with spring-boot-starter-oauth2-resource-server, you can refer to Spring official doc or to this tutorials i wrote.
I have SiteA storing user information(name, office, department etc.).
The back end has exposed REST WS that give the information to the front end. The site uses Google OAuth2 authentication - Users log in via Google account. With OAuth2 we let google handle the login(without asking for username and password). Google generates an authorization code that is used with the client_id and client_secret to generate an token for the user.
I have SiteB. I am creating a job that is going to be executed once a day.
I need it to login programmatically to SiteA so I can get a security token that I can use in requests to the REST WS API provided by SiteA and fetch the needed information.
I was unable to find a similar question online. Everything usually ends up to the user opening a browser and navigating to an approaval URL.
Something similar is Google Drive API - OAuth2.0: How to Automate Authentication Process? Doubts and Questions, but it is about connecting to Google Drive without login.
I am starting to doubt that it is possible. Have anyone figured out how to implement this way of communication between systems?
The only option that I could thing of is connecting to SiteA DB and extracting records manually, but that would duplicate the login in SiteA and SiteB.
What I was asking is not possible in the time of writing the question.
What we did to solve the issue is to extend the life of the token for the account that is used to login to SiteA and set it it in the header of the request from SiteB:
connection.setRequestProperty("Authorization", token);
We changed the lifespan of the token from the database and since this are internal systems the long life of the token is not a problem.
Another option is to follow How to get offline token and refresh token and auto-refresh access to Google API and generate an offline token, but the idea is still the same.
Hope this helps someone.
I want to know how the token based authentication is done in Java. I want that if I hit my application then the system should redirect it to the login page and once the user enters the credentials, the user shall be validated and authenticated. Once authenticated a token should be generated which shall be handled across client and server. My concern is if the token is generated, how it is being passed to the client and how the client sends it back to the server on every request processing. I know that it has to be set in header. But my question is how exactly. I know we have spring and all but I want to know how it is being done using jsp and servlets.
I went across few websites but unfortunately could not find the expected result. A small demonstration shall be very helpful. Thanks in advance.
There is no such authentication token. There is a session token defined in J2EE Web Application server standard (https://docs.oracle.com/cd/E19644-01/817-5451/dwsessn.html). Once the JSessionId is established between server and client it is used to manage the user.
For example if you build you own authentication system you can bind the jsessionid with user login attempts, and keep a list of jsessionids which has logged in successfully. This is basically what authentication frameworks do.
Also, you can check this Under what conditions is a JSESSIONID created? and this: Spring security FAQ
I managed to get Azure AD Authentication to work by using the sample apps from ADAL4J library from GitHub.
Here it is working.
My question is:
Can the same result be accomplished without the redirect to the Microsoft page?
The customer wants to use his own internal login page.
I'm thinking some sort of behind the scenes POST request to the same URL, and getting the reply. This means my app will see the user credentials, I am ok with that.
Is this supported by Azure AD?
Environment:
Java server side (Spring), AngularJS UI.
Thanks.
The redirect is necessary. Only AAD should be collecting AAD credentials. See this answer for more information on why that is:
How to authenticate user with Azure Active Directory using OAuth 2.0?
I am working on a JSF application.
In which a user should be able to login with gmail/google apps account (redirected to google login page and returned after authentication)
and user should be able to check/delete emails (using Java Gmail) in the subsequent screen.
This application is to be hosted in jboss/tomcat server and not in GAE appspot.
I checked examples to create login and logout urls using GAE API or OAuth2.
https://developers.google.com/appengine/docs/java/users/overview
But it seems it is not possible to access gmail after authentication in the above method.
If somebody can provide any inputs, it is highly appreciated. Thanks for your time.