I'm new to both Grizzly and Spring Security.
I'm trying to implement an oAuth 2 Resource and Authentication server and would like to use the spring implementation. Assuming that the server would receive a big number of requests I'd want the server to handle the request asynchronously. Is this possible?
Currently i'm following GitHub which is using grizzly-webserver, which if i'm not mistaken is synchronous.
Thanks
Related
I have an Apache Ignite server running in a basic Java application. The Ignite REST api is exposed on a certain port. When I hit it from the browser, it is returning the desired response. However, from an Angular app, I am getting CORS error.
Is there any solution to this? Note that this application runs Ignite REST api (the one which is giving the CORS). How do I allow cross-origins inside the Ignite REST api?
Unfortunately I haven't heard about the right way to achieve that.
CORS filtration in Jetty is configurable through Servlet filtration API. This functionality is provided by ServletHandler. It seems that Ignite utilizes its own Handler to serve HTTP requests. As far as I understand it doesn't support cross-domain requests.
In general I don't think that it's good idea to direct HTTP request to an Ignite cluster from a browser. It doesn't look absolutely secure and architecturally correct. I'd prefer to have separate back-end application which should be responsible for processing of your Angular application load.
this question is more of a design/architecture question. Let's say I have a server application that provides Spring-based webservices and a client application. So currently I have a few Java classes on the client side where the endpoint of the service is hardcoded (e.g. http://myserver/some/webservice).
What is a good way to map the client side properly with the webservice? Just off the top of my head: is there a library that helps evaluate URLs with parameters and maps them to the properties of a POJO using reflection?
As I understand your question, 2 options pop into my head:
1) Eureka- Service Discovery for Spring Cloud.
It can help you by giving your client the Eureka URL and the Eureka will supply the client with the desired service URL. so if there the server is going down Eureka can point the client to a back up server (it will be seamless to the client) or even different URL's to different services on the same server.
2) Spring Cloud Config
A configuration service that contains the URL's in the DB, the client will pull those URLs from there and will make the calls to a configurable URI's.
Spring allow you to update those URL's in the DB and it will use spring cloud config to push the new URL's down to the clients without any downtime... (might fit you better if you are not interested in load balancing and other features provided by Eureka)
i need to secure simple rest service in Camel, like these
<cxf:rsServer id="usrServer" address="${host}"
serviceClass="..."
loggingFeatureEnabled="true" loggingSizeLimit="20"/>
but i have no idea how to enable authentication on this endpoint, for examle Digest authentication.
You have essentially two ways of achieving this:
Configure your apache-camel runtime container to handle the authentication i.e. if you are deploying to Tomcat then configure Tomcat to handle the Digest authentication. ServiceMix and Karaf will use the OSGI PAX web server which will need to be configured.
To secure your CXF REST service please review the CXF documentation around REST service security
There's somes ways to secure a rest service and in my opinion it doesn't depends on Camel.
For example, you want to allow access to the service event if the client is not logged. So you have to check his information in the body of you service.
That's one way.
One other way, is to use authentication (by login/pwd, token, etc...). That force to have 1 request to obtain your credentials, and 1 request to the service you want.
So, it you want to use Digest authentication, why not. But you have to configure it in your web server, not on the rest service configuration.
Here are a link for apache : http://httpd.apache.org/docs/2.2/fr/mod/mod_auth_digest.html
and a like for tomcat http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
I'm not very used to security, so i don't know if it's help.
cheers
I'm configuring Spring Security OAuth 2.0 to secure a number of Jersey exposed REST services. I'll be using an external identity server as the authorization server. It'll be responsible for issuing and storing access tokens to its own token store. So, token validation process should be done against this server through a validation web service.
How should I configure Spring Security to work only as a resource server?
All the examples I found uses Spring Security to create both authorization server and resource server (which have access to the token store). This is not possible in my case.
Thanks.
I figured out how do it. A sample configuration is posted here, I hope it would be useful for someone in the future.
How can I make Grizzly HTTP server allow JaaS for simple HTTP AUTH?
I can't see any code/sample out there: There's another post here in StackOverflow that directly assumes that jaaS is available in Grizzly, but doesn't explain how to add it.
I don't think the Grizzly HTTP server provides basic auth 'out of the box'. If you do not want to use a full-blown implementation like glassfish, you can implement your own filter and add it to the list of grizzly filters. Here is an example of how to extract the login data via HTTP basic auth and how to integrate it in JAAS objects within the grizzly context. But it requires a significant amount of coding.
http://java.net/projects/jersey/sources/svn/content/trunk/jersey/samples/https-clientserver-grizzly/src/main/java/com/sun/jersey/samples/https_grizzly/auth/SecurityFilter.java?rev=5160
Hope that helps.