Using Angular JS for my front-end and Spring MVC for web services. Based on SOA architecture, front end and back end are loosely coupled.
I want to use Windows Authentication to login in the web application without asking any username and password in the login page.
I am getting struck in Spring Security Kerberos and want to authenticate from the LDAP and then Use Spring JWT oAuth protocol to continue further.
Can someone help where am I missing or what will be the robust way for this architecture.
P.S. : Spring MVC + Angular JS
High level: If your doing the authentication via the Internet i.e where you don't have access to get Kerberos tickets via Spring Security, you need to consider using SAML or OAuth. Otherwise if you have local access and can talk directly to the authentication servers from your server hosting your code you can use Kerberos.
SAML and OAuth are very different to LDAP and Kerberos. Kerberos and LDAP can generally only be used if you have direct access to the authentication servers, i.e when are you in the same windows domain.
For further help please post code samples and an outline of what your trying to achieve.
Related
We have a requirement of implementing SSO for a customer(OKTA is his IDP) and we also have other client asking for SSO(ADFS and One Login).
And all other clients authentication will be database authentication.
So based on each client the authentication mechanism should change. Is this possible?
My application is Multi Tenant SaaS. Where its deployed on AWS and a load balancer will switch servers randomly.
We use Angular 5 and Spring boot 2.1 for Services.
How can i achieve this? Please guide.
I need to make a SOAP webservice and a web client. I have been trying for several days to implement and configure spring security on the ws to control authentication with a database but without success.
I use spring boot 2.2 with spring security.
I would like the user to authenticate only on certain actions and from a database and not by putting the password in hard.
Could you explain me how works spring security with soap ? I didn't find good and simple explanation.
Thanks for your help
AWS Cognito primarly meant for Serverless user authentication from Mobile or Web application (Javascript).
The primary concern is that, we need to do client implementation for each of the client like Android, IOS and Javascript.
Instead of that can we have spring boot server which will expose a login/signup/action rest endpoint for all the above clients where the spring boot will authenticate/signup with Congnito on behalf of the clients and send the access_token response back to the client. This way, Conginto integration will be done only in one place which is the Spring boot application.
Can we go ahead with this approach? Does AWS SDK supports Java for cognito access from Server?
Here's an article which shows an example of implementing a Spring boot application that is able to authenticate the user against Amazon Cognito using OAuth 2.0 authorization code grant and JSON Web Tokens.
This github repo contains the example code in Kotlin
Probably, this is in some ways, similar to your usecase.
I'm creating an Authentication Server and which some of my existing applications can use to authenticate. I'm using the OAuth2 with Spring Boot by following this sample project and tutorial https://github.com/dynamind/spring-boot-security-oauth2-minimal.
But in my case my existing applications are built using Spring MVC and angular. So there is no separate Resource Server. Resources are also located in same application(Resources are my Secured Request Mappings in same application).I just want to separate the authentication process from my client applications and use a common Authorization Server. (Currently they use the Google Authentication + Spring Security to secure the application).
So I tried to use #EnableResourceServer and #EnableOAuth2Client in same application but I could not get the expected results.
What is the best way to achieve this task?? Is there any other method that I can follow to authenticate my applications from Oauth2 Server?
You need to configure your web security for form based login and Resource Server Security form REST Endpoints
See my answer to the similar question here
I am building an android application which communicates with the web server on apache tomcat. Web server build in JAVA EE. Currently for authentication and authorization I am using username , password and for managing the session I am using tokens. So when the user logs in I will check mysql database and authenticate the user. When the user tries to do some action , based on the token the sent , I will identify the user and authorize to do that action based on the privileges given to that user. It looks bit cumbersome . I was wondering is there any standard framework which make this task easy.
Is there any tomcat container level authentication and authorization possible , so the request won't reach the web application if its not authorized to do the action ?
Or else Is there any framework which provides standard authentication and authorization in web application ?
Apache Shiro is what you are looking for:
Apache Shiro is a powerful and easy-to-use Java security framework
that performs authentication, authorization, cryptography, and session
management. With Shiro’s easy-to-understand API, you can quickly and
easily secure any application – from the smallest mobile applications
to the largest web and enterprise applications.
I used Spring security (version 3) in couples of projects, the shortcoming was the size of jars you need to deploy (it is Spring!), it's was cumbersome.
Also I have integrated Apache Shiro with magnolia-cms, as far as I can say Apache Shiro has the strength of Spring Security with the ease of use.