I am developing RESTFUL Java application in this i use JERSEY library. In my application i have to authenticate user with spring security OAuth 2.0 library. I am in need of both provider and client. I have searched lot in internet.
Can any one share a simple example or any nice tutorial with basic steps
Thanks in advance
Related
I am looking for saml integration with spring application. I have read some of documents but mostly all are based on spring boot application. Can someone help me to integrate saml in spring application for sso Or suggest the good document guide for the same.
Thanks in advance.
You should be able to take advantage of the Spring Security SAML project:
https://github.com/spring-projects/spring-security-saml
There is a sample project in the repository that demonstrates how one may be able to use the library. It's located here:
https://github.com/spring-projects/spring-security-saml/tree/master/sample
Note that the current official release of this extension builds against OpenSAML v2, and there is a develop branch that is in the process of updating to OpenSAML v3. You are welcome to try and see how that might work for you.
There is also the pac4j project which likewise, allows you build SAML2 SP support into your app and integrate with an identity provider:
http://www.pac4j.org/3.6.x/docs/clients/saml.html
We already have an IDP. We already have a metadata.xml.
The Application uses Netbeans, Tomcat and Apache. It is not Maven. Just Java.
We need to implement SAML SSO into this non-Maven application.
What is the most straight forward solution?
There are a number of Java libraries that allow one to integrate with a SAML IdP. Here is what comes to mind:
Spring Security SAML: https://github.com/spring-projects/spring-security-saml with a sample application demonstrating the functionality: https://github.com/UniconLabs/spring-security-saml-java-sp
Note that SS SAML uses OpenSAML v2 which has been long deprecated. There are plans to get it updated "soon", but nothing official yet.
You may also use pac4j: http://www.pac4j.org/2.2.x/docs/clients/saml.html This is a Java library based on OpenSAML v3 that provides most if not all of SS SAML functionality in its own ways.
I'm developing a Java application using JPA, EJB, CDI, JAX-RS and AngularJS, running on a WildFly.
Currently I use basic authentication, but I would like to improve it with other authentication options, such as Facebook, Twitter or Google+.
Spring Social provides a nice set of features to connect with social networks, but I'm not using Spring on my application.
My questions are:
Does Spring Social play well with EJB?
Is there any example?
Is there an alternative to Spring Social in order to connect with social networks?
I'm running a web application using exactly the same stack and I'm successfully using Spring Social for Facebook authentication.
To answer your questions:
Spring Social is a class library, sure you can use it with EJBs, in
my project I've actually created an abstract interface between a
facade EJB and various Spring Social providers;
you can find code
examples on the Spring Social web page, look at Spring Sample
Projects;
every social gives you libraries and tools to connect with
them, whereas the Spring Social library gives you a uniform interface, making your code more simple and maintainable.
I´m building a web application which comunicates server and clients through REST services (I´m planning to build a mobile app in mid term).
I´ve used Spring Security in other web applications without REST services. But I´m not sure if that approach is suitable for my scenario.
Is it possible secure both access to web pages and calls to REST services using Spring Security? What would you recommend?
Backend uses Spring Data + Spring MVC.
Thank you.
Yes, Spring Security is a good way to secure both REST endpoints and traditional MVC webpages. The implementation can be similar for both your REST endpoints and MVC routes depending on your requirements.
Spring Security is a popular and effective way to add security to your Spring application. Since you already have experience with it, you should be able to secure your REST endpoints with relative ease.
Check out this detailed tutorial on securing REST routes with Spring Security to get started: https://spring.io/guides/tutorials/rest/5/
I currently have a Google App Engine app consisting of two parts:
A website using old school JSPs
A RESTful service implemented in Jersey
I've been trying to figure out how to shoehorn authentication into the web service but am rather lost since I've never used Spring before, and it sounds like that's the way to go.
Must I use Spring, or can I use Java EE? Are there any examples of how to accomplish this with Google App Engine?
Also, if I can get a high level description of some best practices for securing web services, that would be cool.
Thanks
Mark
app engine has built in OAuth support, which should do what you want.
I recomend you use apache shiro instead of spring because performance more over if you haven't got experience with spring. Apache shiro is a security framework and it could be integrated with GAE. You also can find a example in githubhow integrate the framework in GAE with Guice library.
Anyway for use Spring in GAE you also can find same best practice on Google Cloud Platform documentation