Let's say we have a site called example.com
Here, for example, I want to use some static content such as blog etc. and some pages in Wordpress. Wordpress build is using session-based authentication, with username and password strategy, also with third-party. (OAuth and OpenID).
I will design a custom and dynamic website section in Java Spring. And I want to use the same authentication mechanism with Wordpress.
For example, there is this path named examle.com/test. It is running from different server, which is based on Java Spring. But the session is shared with Wordpress. If there is a login from Wordpress (from example.com), it works on this server as well. Vice versa is also correct.
Login/logout should be possible from both Wordpress's pages and Java Spring's pages. Session must be shared. Wordpress already exists and the authentication mechanism is working. How can I use this in Java Spring? Or how can I do achieve this in some another way?
If
your Spring and WordPress apps are on the same top-level domain (for example https://spring.example.com and https://wordpress.example.com), and
your Spring app can read rows from the wp_users table in your WordPress MySQL database, and
your Spring app has access to the Authentication Unique Keys and Salts section of your wp-config.php file in your WordPress installation, and
your users always log in to WordPress before they use your Spring app ...
Then you can use the wordpress_logged_in_... cookie to authenticate your WordPress users to your Spring app. You'll have to rewrite the wp_validate_auth_cookie() in Java to do that. Explaining how to do that is far beyond the scope of a StackOverflow answer.
If any of those conditions aren't met you probably should explore some sort of federated login scheme. WordPress has several SAML plugins. Spring also supports SAML login. Again, it's too big a topic for StackOverflow.
Related
I have a Rest API developed with Spring Boot and neo4j as a database. There is no Frontend in the Spring Boot App. It only serves as a Backend. The Frontend is developed in Flutter.
In my app, the end user has to sign up and login with theis user credentials. The user management is currently handled with Spring Security and JWT, generating and storing the tokens with AuthenticationProvider, UserDetailsService and so on.
Now, we are migrating our whole infrastructure to Microsoft Azure. We already managed to get the DB, the Backend (as the Spring Boot App) and the Frontend there.
The question now is whether it makes sense to migrate the User Management to Azure Active Directory. Is this the right use case for that, or is Azure Active Directory actually there for other use cases?
Also, I want to use my Login and Signup Forms built with Flutter. I only found solutions so far where you get redirected to this Microsoft Login Form. I want to signup/login directly from my Flutter App, and then use the token for my requests in the Spring Boot App.
Does this even make sense? If yes, how can I realize that? I was searching for hours but I didn't find any proper solutions.
If you use AAD you will have to use the OAuth redirect based Microsoft login experience. There is no way around that.
If you can't think of any way you or your users will benefit by migrating to AAD, then there's no reason to do that. You're doing a bunch of work, and incurring risk, for no real benefit.
In many of the SaaS web applications (ex, Atlassian JIRA), a user can have dedicated subdomain. For example, if my user name is helloworld, then after I log in to the web application, I am redirected to helloworld.atlassian.net
How to implement this in Spring Framework?
Do I have to have one application server instance running for each customer?
But this dosent seem to be the cheapest solution. Does Spring have such feature that I can create dynamic subdomain based on the username, and in the backend, only one instance of application server is running?
Create a custom filter which parses whole url and extracts subdomain, then check if the user is on proper domain with proper rights. Also worth mentioning Nginx should redirect "*.yourdomain.com" so all subdomains don't have to exist in Nginx, they could exist in database and each user has his unique or can be multiple sudomains attached, your custom filter does the checking on each request.
I have a web portal built with spring security 3.X. My web portal has links of external web applications also built with spring. Id like to know if there are any working examples or code snippets on how i can automatically POST users login credentials from my portal to my external web applications in order to simulate SSO
I assume you are not looking for an SSO solution for which you could use http://projects.spring.io/spring-security-saml/ with OpenAM/OpenSSO.
In your case you could use the AbstractPreAuthenticatedProcessingFilter, here the documentation:
http://docs.spring.io/spring-security/site/docs/3.2.5.RELEASE/reference/htmlsingle/#preauth
Here a practical example I found:
PreAuthentication with Spring Security -> Based on URL parameters
Answering my own question.....
Solution was to create a table in the db containing username,password,and application name..
On a click event of a link the controller checks if the user has a record in the table with the corresponding application name, if so the user credentials is pasted into the form and submitted automatically.
We're developing an API and a single page application (that is one of more possible future consumers of it).
We already started on the web API, and basically implemented a system very similar to the one John Papa made in his course on pluralsight, named "Building Single Page Apps (SPA) with HTML5, ASP.NET Web API, Knockout and jQuery".
We now need to implement authentication and user managing in this application and need to find the easy way out to implement this in as little time as possible as we are in a hurry.
We realized the SPA template included in the ASP.NET update had very similar features to our needs, but we wonder what the best approach to implement a similar feature in our existing code.
We are novice developers, as you might figure.
Is it possible nstall some packages using the package manager, and voila, a simple membership and OAuth auth option be readily available?
Our use case is that we need to protect some resources on our API based on roles, and that one should be able to log in using a username and password, but also log in using ones facebook, google, or twitter account.
Found an interesting talk regarding the subject here: https://vimeo.com/43603474 named Dominick Baier - Securing ASP.NET Web APIs.
Synopsis: Microsoft’s new framework for writing RESTful web services and web APIs is appropriately enough called ASP.NET Web API. As the name applies, this technology is part of ASP.NET and also inherits its well-known security architecture. But in addition it also supports a number of new extensibility points and a flexible hosting infrastructure outside of IIS. There are a number of ways how to do authentication and authorization in Web API - from Windows to usernames and passwords up to token based authentication and everything in between. This talk explores the various options, and puts special focus on technologies like claims, SAML, OAuth2, Simple Web Tokens and delegation.
We eventually went with the SPA template, doing authentication on the API (separate MVC part).
Then the API would generate a unique token and redirect the user to the front-end with the token in url parameters.
The front-end then needs to send this token on every subsequent request.
Have a look here - Identity Server done by the security experts. This is all you need in one package.
In terms of OAuth, you would need to use Client-Side Web Application flow which the access token is issue immediately to the client and can be used.
I have a website already running made with CakePHP, which has its own login system using the Auth component.
Now I'm going to create another website using moodle, hosted in the same server. Is there any way to share the user session between those 2 websites?
For example, if a user logs into the moodle website and clicks a link to a page of the other website, he is not asked to log in again, since the system recognises that he is already logged in.
I guess that one thing to do would be to tell moodle (somehow) to use same table of users in the database that the CakePHP website is already using. And then tell the CakePHP website to accept the sessions created in that other website. Something like this right?
But I don't know how to do those things or if they even possible, any advice on how to approach this would be very helpful.
Single sign-on (SSO) is not currently a trivial thing to do in Moodle.
Some other approaches you may consider are:
Use external authentication in Moodle and configure it to use Cake's database. Does not provide SSO but tells Moodle to use Cake's user accounts.
Configure both Moodle and Cake to use a common authentication system like LDAP, POP3 or CAS. Depending of your choice it is possible that you may achieve SSO.
More information about Moodle authentication plug-ins in this page:
http://docs.moodle.org/dev/Authentication_plugins