I'm trying to expose a service that needs authentication, but I want to make it transparent to the client
The route looks like this:
client sends a POST
camel calls the WS using config parameters and gets the authentication token
camel calls the WS using client's POST data and the token
I thought "enrich" was the answer but it will route the initial POST to the enricher endpoint.
Is there a way to get the token and put it as a header of the message?
Related
I am implementing oauth2 server using Springboot
I have four microservices
Sales (sales)
Inventory (inventory)
IAM service (Authorization Server, with Oauth2) (http://iam:8089)
Gateway (gateway on http://www.gateway.com)
All these services are behind the Spring clould gateway, and its deployed under K8S, And Gateway is exposed as external interface.
Now if I try to do authenticat user using oauth2 throught gateway like below.
Step 1 :
Http Request http://www.gateway.com/oauth/authorize
So in Response header I am getting like
Location: http://iam:8089/v1/oauth/login (But expectation is http://www.gateway.com/oauth/login)
and because of that browser
redirect me to http://iam:8089/oauth/login
Where Ideally I am expecting that also routed through gateway service something like
http://www.gateway.com/oauth/login
Can someone please help me to solve this.
Thanks
Alpesh
Sounds like a good setup in line with what we recommend at Curity in our IAM Primer Article, with the Authorization Server (AS) behind a reverse proxy or gateway.
In your case the AS listens at http://Iam:8089 but that is an internal URL. The AS also has a 'Base URL' that is used by internet clients, and this is the URL of the gateway, which is http://www.gateway.com in your example:
It will be returned to clients in OpenID Connect discovery requests
It will be returned to browsers in browser redirects during authentication
There should be somewhere in Spring OAuth2 Server where you set the Base URL, similar to that in the Curity Identity Server (see image below). The process should be to set this value and then verify that it is returned in a metadata request. You should then be configured correctly.
In Spring I expect the setting you need is in the fluent configuration somewhere - maybe one of the Configurer classes. I find it pretty hard to find what I'm looking for in Spring though.
I have two applications: Backend - Spring Boot 2 REST API and Frontend - React
In the backend application, one of my controllers receive a POST request from another application that I have no control over. From this controller I want to redirect the client to my react frontend application. Is it possible?
My controller has this method that will handle the redirect
#Controller
#RequestMapping(value="/api")
public class JumpController {
#PostMapping(value = "/{redirect}")
public String jump(#PathVariable("redirect") final String redirect) {
return "redirect:http://localhost:8443/category/" + redirect;
}
}
When I test the applications in debug mode in chrome the client is doing a GET request to http://localhost:8443/category/gallery. And I'm getting a 404 (Not Found) because of the GET request method.
How can I tell the client to visit the actual page at http://localhost:8443/category/gallery without doing a GET operation?
Unfortunately I cannot change behaviour of the other application. I must handle the POST request to my application.
An HTTP 301 or 302 redirect instructs the client to make a HTTP GET request to the indicated location.
This isn't specific to Java, Spring, React or anything, it's just what the HTTP client is expected to do when receiving a redirect response.
Perhaps you're wanting to proxy the client request to the http://localhost:8443/category/... endpoint, in which case you could setup a proxy server (like nginx), add an existing proxy servlet to your application, or you could manually try to proxy the request yourself.
Obviously manually proxying the request yourself would likely be the most work, as it would involve reading the request (headers + body) and then constructing a new request to your localhost:8443 service, handling piping any response (and errors) back to the client.
I would suggest you look at using a proxy server or servlet. A quick Google brings up a potential in HTTP-Proxy-Servlet
There's also at least on previous example on SO How to proxy HTTP requests in Spring MVC?
I have a project in java which utilize j_security_check and ldap for authentication. Now my employer want to change it to an authentication using a webservice provided . What they gave me is actually a link as shown below
"http://11.111.111.111/ADManager/ADlogin.asmx"
I am a total newbie to java and webservice.All I know is if we provide some data to a webservice it will give a response. my doubts are
Is it possible to create a login consuming that link they provided?
Should I ask them for more info?
Is it posible to replace the j_security_check and ldap already configured in my java project?
P.S : The one who assigned me this task doesn't seems to have much knowledge either.
The short answer is you can.
You need to do the following:
Each web resource is protected by a (servlet) filter. This filter checks each incoming request and validates the token which needs to be on the http header. If the token is valid then the request is served. If the token is invalid the filter is going to send back http 401 unauthorized. Then redirect to the loin page.
Login with rest service:
1) Create a custom login page with username/password field.
2) Create a rest web service, receives username/password. It will check the credentials against an external access management infrastructure like OpenAM.
3) First, call auth(username, password) rest api to get the auth token. If the given credentials are okay then just send back the auth cookie to the client with HTTP 200 response code.
4) Then, you can call protected rest apis. You need to send auth cookie with your request each time.
5) Servlet filter (or something similar) checks each incoming request and validates the token. If the token is valid then the request goes forward to the rest method, if not you need to generate an http 401/403 response.
I suggest you not to write your own authentication layer, please use an existing one, for example OpenAM.
This forum topic explain everything you.
I am using Jaxws to consume a webservice. while iam sending request i need to send an object in the request headers. When i am invoking the service from Soap-UI iam successfully getting the data. but the same in java i am unable to get it. I researched a lot on this any one know please help me how to do it.
Here is my java code
//getting the service
MyService servc = new MyService();
MyServiceSoap soap = servc.getMyServiceSoap();
//call the service
System.out.println(soap.SERVICE_A("123456789")); //getting null as response because i am not setting userid, password
I want to set the userid,password to the Authentication pojo object and set it to the soap headers and send the request. how i can do this.?
Here is my Soap-ui request screenshot
Please see the SoapUI request format
My Questions is : How to send a java object in the soap request headers.?
Thanks in Advance,
Praneeth.
From my understanding, what you're lacking is the Basic Authentication headers, where you pass the following in the HTTP header:
Authorization: Basic <Base64(username:password)>
Check in your SOAP-UI if the request sends this.
Here are some SO topics that may help you implement it:
Java Web Service client basic authentication
How do I consume a web service protected with HTTP basic authentication using the CXF framework?
I have followed the techinical guidance in the below link. But I am not able to get a clear idea how i can configure that in my spring rest framework.
Offloading https to load balancers with Spring Security
My requirement is before the actual request comes to my rest api, it's hitting the Amazon elb. Elb is converting https to http. But I need to check the original request is HTTPS and it's properly converted to HTTP using the ELB.
I have gone through the SecureChannelProcessor and InsecureChannelProcessor.
I am expecting my request should be HTTPS before hitting the ELB and after the ELB it should be HTTP. That validation check should be handled in my REST API Code. END USER REQ ---(https)----> ELB -------(http)--> REST API in my rest api, I should be able able to check the X-Forwarded-Proto (Or request type) should be https and it's been converted as http in my ELB.
But Not getting a clear idea. Any help will be appreciated.