I want to login from different different endpoint (
/customer/loginIssuer
and
/customer/loginUser
) using spring security with spring-boot rest api . these api generate different different JWT token so that validate it.
loginIssuer taking username and password from issue and loginUser taking mobile number and pin for authentication .
Some one can provide the help how can achieve these scenario
Login from different different login end point using spring security
Related
I wrote a spring boot webapp with spring security authentication over jpa. It uses jwt to grant access to a simple html/js application.
I'd like to add oauth2 flow in order to allow users to authenticate over github or google or whatever cloud system.
What kind of solution may I adopt to target it?
I see many applications like udemy, for example, or others. They allow multiple authentication types:
username and password
google account
facebook account
How may I replicate this behaviour in my webapp?
I am building a Spring Boot application with Vaadin as front end. The application uses a third party library to authenticate the user with his identity card via SAML.
After this authentication the user is redirected back to my service and I can fetch the authentication result and optional attributes.
My question is, how can I implement the protection of specific Vaadin views within my application based on the authentication via the user's ID card and how do I set the user as authenticated appropriately?
I am new to Spring Security and the majority of its examples shows authentication via a login form with username and password which does not fit in this case.
You can find two approaches to secure your Spring Vaadin Application with either filter based (so only Spring Security) security, or a hybrid approach in this Github repository: https://github.com/peholmst/SpringSecurityDemo
You can also find blogposts about both approaches here:
Filter Based Security
Hybrid Approach
For you especially the Filter based approach could be interesting. You could implement a Filter checking the token (or whatever) you get from your login server and then allow/deny certain pages on your server for certain roles.
I have a complex situation where I need to implement a security for web app on tomcat 8 that serve both static html and rest services. the app is spring mvc application (no spring boot)
the authntication ( sso ) process will go as follow:
if user jwt not exist in http header then authonticate with ldap, getting user authorities from db and create jwt back to user.
if jwt exist in header, skip ldap filtering , extract the user authorities from token.
I was thinking of first servlet filter that uses spnego library and get the windows domain name (user name to use in ldap) that filter will also check to see if ldap authontication is needed ( if token not provided) and pass it back to spring filter chine through http params..
I'm struggling to implement he ideal.
please help.
thanks
As I know, there is support for LDAP in spring security, might be it will help you.
Other than that, if you want to write your own filters then you have to add those in spring security filter chain.
We are using Spring Boot Actuator Endpoints with our services.
We want to secure certain endpoints which are to be accessed only by the admin/support team for troubleshooting issues.
For example, /logfile,/env,/shutdown,/restart.
As per Spring Boot Actuator documentation, sensitive endpoints are secured by ACTUATOR role. We can also enable basic authentication and provide username and password in application.yml by adding Spring Security as a dependency.
My query is this works fine for basic authentication, but we want to use Token Based authentication.
We want the Admin Support team to first obtain a Token from a custom Token Service and then pass the token while the sensitive endpoints like /logfile and so on.
I am not sure how I can securely access these endpoint because they will be accessed via browser and not using a REST client. With REST client I see there are options supported for securing the same.
If someone has secured these endpoints with tokens and accessed them via browser can you please help me on the same.
I have an api running on spring boot along with spring security.
The app manages state with JWTs. The initial call issues a fresh JWT and all subsequent calls need to have it to get through spring security.
There is a new requirement for a couple of new endpoints (with uniquely identifiable resource paths)that are secured through basic auth. There would be no need for JWTs in this context.
So my question is, is it even possible to get both JWTs & Basic auth going in a single boot application ? Is it valid to think that I could direct auth requests to different auth filters/providers using an antMatcher on the resource path ?