I need to get user name without a login page( like ntlm authentication) using spring boot. Help me with a complete code structure or any reference.
Related
I am working on a Spring Boot application where existing user authentication is based on Oauth2 with 2FA. Now, I would like to call the APIs in my application from the third-party client as well, say from another service.
Basically, I would like to develop one auth API, where on providing a valid client name, valid API key, and API secret, the client will get an auth token, which will be valid for say 1 hour. Then this auth token can be passed in all successive API invocation until the token gets expired.
I found a few articles here:
a. Securing Spring Boot API with API key and secret
b. How to secure spring Boot API with API key and secret
c. how to implement api key secure in spring boot?
d. How to config multiple level authentication for spring boot RESTful web service?
But, I am not getting any concrete idea regarding, how to achieve this.
Could you please suggest how can I achieve this? Thanks
i am trying to implement spring security in spring boot application.I am trying to get credentials over a basic auth request header and with those credentials invoking spring security LDAP authentication.whats the best approach to achieve it? Am trying to add a higher-order filter and parsing the header for credentials and invoke it as a dependency in class extending websecurityconfigureradapter class.
I want to only use the the authentication part of spring security and use email instead of username with mysql. does anyone has a code for that?
or maybe without spring security how to authenticate?
Without spring security that means that you will just check if user exists in the database with correct credentials, you can follow this tutorial https://www.baeldung.com/registration-restful-api
I am using spring boot with angular for azure ad authentication. In angular i have used Microsoft adal library for authentication. From that I am getting an access token, and passing as header with request to spring boot app. But When i am retrieving SecurityContext object, i am getting anonymous user.
Now how does spring security knows about this user login. Do i need to explicitly do any code for this to get done?
Configure properly azure-spring-boot (ad client id and secret) and then in WebSecurityConfigurerAdapter filter your requests with AADAuthenticationFilter. Check out a sample here.
I have a complex situation where I need to implement a security for web app on tomcat 8 that serve both static html and rest services. the app is spring mvc application (no spring boot)
the authntication ( sso ) process will go as follow:
if user jwt not exist in http header then authonticate with ldap, getting user authorities from db and create jwt back to user.
if jwt exist in header, skip ldap filtering , extract the user authorities from token.
I was thinking of first servlet filter that uses spnego library and get the windows domain name (user name to use in ldap) that filter will also check to see if ldap authontication is needed ( if token not provided) and pass it back to spring filter chine through http params..
I'm struggling to implement he ideal.
please help.
thanks
As I know, there is support for LDAP in spring security, might be it will help you.
Other than that, if you want to write your own filters then you have to add those in spring security filter chain.