Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
Can anybody tell me how to implement single signon in my spring application.(Tomcat or Jboss server)
share me any documentation or link to bring this feature in my spring app.
I am using spring 2.5.6 .
Pls do the needful.
What you need is spring-security.
It supports both OpenID and CAS out of the box, but you'll need to do some research on your own on those.
If you need just basic SSO functionality I can recommend just implementing your own UsernamePasswordAuthenticationFilter and/or AbstractPreAuthenticatedProcessingFilter and using cookies. This answer will help you do that.
You also should have a look at the spring-security docs and then ask a more specific question if you need to.
You can use CAS (Central Authentication Service)
http://www.jasig.org/cas
If you're looking for an out of the box solution Cloudseal could be a good option as it includes single sign on, user management and two factor authentication. There is a dedicated Spring client available for the platform
N.B. I work for Cloudseal so I'm biased!
You might also want to consider Kerberos. Below is a detailed Javadoc on the same --
http://download.oracle.com/javase/1.4.2/docs/guide/security/jgss/single-signon.html
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
I want to do my own custom registration system like we have on most of web sites:
User put password username e-male and so on
After registration process tries to log in with inserted user name and passwords from registration form.
I was considering to do this with spring-security, but I want to do this with servlets because it's essential things to know for each web developer.
As my particular view I was thinking to use filters.
Would you suggest something for me to read about filters and also how to perform security with servlets and filters??
Thank you with best regards.
You have not mentioned if its a homeowork assignment. If you are working on a real web application which is going to be used by people, don't reinvent the wheel. I would strongly recommend spring-security or other out of box frameworks.
If you are looking for playing around the things for the sake understanding, you can go ahead with whatever you are looking for (filters/servlets).
Also have a look at realms and valves (at least in Tomcat). But Servlets are definitely the easiest way.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
I am doing a Java-based web application. It allows users to enter content, which is displayed to other users.
Naturally for security reasons, I have to filter user content to prevent XSS and other attacks.
I understand that filtering user content is a much-discussed topic. I found many posts at SO, but they are related to theory discussion, PHP, ideas, etc. I need a Java library to use to avoid re-writing/inventing everything. I feel there must be one out there.
Is there such a library I can use?
Thanks for any info!
If you want to sanitise user input to prevent XSS then OWASP provide the standard implementation for doing that in their AntiSamy project.
There is a better implementation of this on google code called owasp-java-html-sanitizer, this allows you to define policies programmatically and then run the suspect HTML through the policy which will strip out all nonsense.
Here is an example from their website:
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String safeHTML = policy.sanitize(untrustedHTML);
This creates a policy that only allows formatting and links in the suspect HTML, everything else is removed.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
I have a Web Service and I'm trying to add a simple Web User interface with the ability of adding some text and uploading file. what is the simplest and easiest one to use and compatible with Java. I'm using eclipse to develop my application.
I don't need a lot of support I just want it to be easy to use.
I can recommend wicket (http://wicket.apache.org/) you won't have licence restrictions (it's an Apache licence) and it's a time resistent solution: JSF are too complex for simple use cases, and Struts is quite as complicated but a rather old technology. GWT is too complex and time conuming for small projects.
You can naturally use bare Servlets or JSPs if you're really in very simple use cases.
Best Regards,
Zied Hamdi
http://1vu.fr
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
This question does not appear to be about programming within the scope defined in the help center.
Improve this question
Am building a restful web service which needs to populate data (from a parsed JSON object) into a cache.
Question(s):
What are the cheapest (preferably open source) and easiest to use cache systems that support Java, Web Service (Restful), and tomcat integration?
Do they have an expiration policy?
Do they have support for in-memory and / or file system persistence?
I am seeking something that doesn't require a big learning curve.
Thank you for taking the time to read this...
I'll put Guava Caching solution on the table which:
Is lighter than Memcached and EHCache
Has size/time/ref eviction policies
Lives solely in memory. If you are after built-in persisting capabilities the creators themselves point you to other solutions like Memcached in this section.
On top of that I'll add my personal experience that is easy to use and intuitive through the use of the builder design pattern as you'll find out.
You should use memcached, it supports all the three requirement you have listed. Memcached use in-memory cache. It's open source and very easy to learn.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
I'm looking for a lightweight framework that builds on top of the Process Manager pattern:
http://www.eaipatterns.com/ProcessManager.html
I'm specifically interested in using this for doing event processing whereby I'm interested in the success or failure outcome of a particular event and passing a message on to another "stage" based on this outcome. There may be other outcomes aside from success and failure, so I want something that's a little flexible...
I'm not really looking for a heavyweight ESB to handle this sort of situation since it seems like complete overkill. Spring integration looks ok for this sort of thing. Can anybody recommend any other frameworks to help achieve this?
The alternative is to build something using the basic Spring framework...
The Apache Camel project implements the patterns from the EIP book. I think it does exactly what you need.
Camel can be used with Spring and can be deployed in several different containers, depending on your requirements.