I'm trying to encrypt on the application side the principal_name column in the oauth2_authorization table, but I couldn't find a way to do it.
When using Spring Data and Converter, it is quite easy to do on an classical Spring application, but I'm quite lost with Spring Authorization Server. How can that be done ?
Related
I'm trying to create cert based client authentication using spring 5, without spring boot. Is there a good tutorial on how to do it? (For example: how to specify a truststore, etc...).
I've ended up not using spring security, because I did not need many things it provides, and instead used a simple filter, that checks the data of the used certificate (I also configured the application server used, to allow that certificate).
We are currently trying to integrate Spring Security into our application.
Our application used to store data in native XMLs. We are in the process of integrating with MySQL.
However, certain sites are still having lots of data in XML and we want to provide backward compatibility.
So does spring security provide authentication mechanism for XML based database just like it does for SQL and LDAP?
Is there a way around this problem?
HI I am implementing oauth2 using spring security. This application will be deployed in a multi-node clustered environment. How spring will synchronize authorization code between multiple nodes? It can be achieved via jdbcAuthorizationCodeServices but I can't use relational DB. Requirement is to use NoSql DB. Is there a way to add custom plug-in custom authorization code generator which will be used by spring to create and consume auth code (Code example will be really helpful)?
Thanks
I developed an application with spring-data-rest.
I love it and it works like a charme.
What I want to do (to implement one backend for multiple customers) is to change the datasource of my repository depending on an apikey which is sent in a custom request header.
The connection info (url, credentials, database) can be retrieved from an external microservice which manages all the database configurations.
The idea is to retrieve all available database connections on startup and store them in a map with apikey as key and the connection info as value.
I´m not clear about how I can change the datasource of my repo for each incoming request at runtime.
Any ideas?
Depending on your JPA provider, what you are wanting will be multi-tenancy support.
For Hibernate, there is a nice multi-tenancy API available that plugs in with Spring very nicely for configuring what data source to use. MultiTenantConnectionProvider and CurrentTenantIdentifierResolver for some API details.
I finally found a solution using the AbstractRoutingDataSource.
This article saved my day. A really easy to use and to understand solution.
http://fizzylogic.nl/2016/01/24/Make-your-Spring-boot-application-multi-tenant-aware-in-2-steps/
I am new to Spring Security and am mulling over the idea of using it or not in my application.
The requirement is as follows :
In my web application i store a session information inside the database,a key for this is stored in a cookie
2.Now whenever someone tries to access a url which is not according to the flow i want to deny access.
3.Can i use Spring Security for this.
I am using Spring MVC,Mongo DB and MySQL as the develeoment environment.
Regards,
Abhishek
If you're trying to simply control the flow of an application, I'd suggest using Spring Webflow. This allows you to define set flows in a multi-page application.
Spring Security can be used to control flows, but only for access control. It integrates well with Webflow (and with Spring MVC) to ensure you can secure some or all of your flows.