I have a spring boot REST service which is protected with Azure AD, so I'm using the Spring Boot Starter for Azure AD.
I'm also using the springdoc-openapi library to generate the API documentation. For now I'm hand writing the yaml file to describe the documentation.
I'm looking for help with getting swagger to authenticate with Azure AD so that I can try out the endpoints in the backend.
Is there someway to do this by either editing the yaml file or with the springdoc-openapi library?
For getting swagger to authenticate with Azure AD you need to create registered two web application one is for webAPI and another is for your swagger.Then you shoukd require Delegated Permissions for your Swagger Web Site to ‘Access’ your WebAPI.As swagger is in-built configured in the .Net 5.0 template so that we don't need to take care of documenting our APIs in this latest .Net 5.0.
You can refer this Document here they have given in steps how to authenticate swagger with azuread.
You can also refer this document for how Setup Swagger to authenticate against Azure Active Directory is provided by devloper community of .net
Related
I have Spring application with Spring Security version 3.2.5 and spring version 4.3.7.
I want to remove the old fashioned login page and integrate it with Azure AD B2C. For the B2C part, I have the B2C tenant and necessary policies in place. I tried finding something on this for Spring, but all the examples and samples I found were based on spring boot.
Is it feasible to achieve B2C authentication & authorization integration with Spring?
Unfortunately there is no proper document where we have entire information for Spring to integrate with Azure AD B2C.
This sample demonstrates a Java web application that is secured using Azure AD B2C. And this sample demonstrates a Java Servlet webapp that signs in users with Azure AD B2C. You could refer to them.
is possible create authorization server for PKCE authentication in current version of spring security?
I did research and I found out this authorization server project https://github.com/spring-projects-experimental/spring-authorization-server but there is no usable sample for that project.
I also find out that spring recommends Keycloak as authorization server, but it is not fit for my case.
We need be able fetch and verify user against remote service, and then use authorization server only for generating and verifying jwt tokens. In my knowledge Keycloak should holds also users right? So the best solution would be custom spring standalone authorization server. Is it possible in some way? Thank you!
You may have a look to this project: CloudFoundry User Account and Authentication (UAA) Server.
UAA is a (Spring MVC) component of Cloud Foundry but it could be used as a stand alone OAuth2 server. It can support external authentication service. And there is a Pull Request that implements PKCE: https://github.com/cloudfoundry/uaa/pull/939 (not yet merged, but under review).
You can find an example on how to use UAA on baeldung.com.
As far as I know, Spring framework has one more implementation of the authorization server. It is a part of spring-security-oauth project. But this project was moved into maintenance mode.
According to this migration guide, the new authorization server project (that you have already found) will be created to change the legacy solution.
From my point of view now there are several possible options:
Using old legacy spring-security-oauth. More examples with old auth server
Using external services like Keycloak, Auth0, Okta and etc
I'm confused about Spring Cloud Data Flow Server deployment...
We are planning to run it on cloudfoundry, and the instructions say one should download the final server artifact (a jar) and deploy it.
On the other hand another section in the documentation describes a way on how to customize the provisioning of roles to users with some custom code. But there is no explanation on how to embed the server in a custom application so I can provide my code (via #Bean).
On a very old blog post I found a mention of #EnableDataFlowServer but this annotation is not described in the official documentation anymore - is it still valid?
There is also no way described how I could use any other security then oauth, do I really need to use oauth? how about using my own security config or even only basic authentication?
I kind of expected the same flexibility as spring cloud config server provides...
You can check the Spring Cloud Data Flow site on how to install SCDF on Cloud Foundry. The instructions in this site have the correct information set up SCDF on CF.
The #EnableDataFlowServer is intended for customizing Spring Cloud Data Flow server using/overriding the existing DataFlowServerAutoConfiguration and DataFlowControllerAutoConfiguration. This is not specific to CF though.
I have an app (A) exposing REST services secured with oauth2. (spring security oauth2/spring-web)
I want to create a second app (B) (spring-boot or normal spring), from where I can login then call the REST services from A.
How can I configure security in app B so I can use both social login (facebook, twitter, google) and call REST services from app A? Is there an example using spring security/oauth/social integration?
I've found some examples but none sais how to integrate them
Have you tries the Spring oAuth2 tutorial with FB and Google login? This also includes a local login. All code is available in git from the link in the right column of the tutorial.
I'd like to give users the option to login to a Spring Boot web application using their Google or Facebook account.
I checked The Spring Cloud Security documentation and also This GitHub issue to add such SSO functionality, but on both they only show how to configure one SSO server, so it's either Google or Facebook.
How can I add both options? on the web front-end I will add a button for each option so the users can choose which account to use, either Google or Facebook.
Or I am choosing the wrong package and should use something different altogether to achieve this?
Thanks!
You basically have to install a separate authentication filter for each provider. There's a tutorial here: https://spring.io/guides/tutorials/spring-boot-oauth2/.