Currently, I am Using Spring Security with LDAP authentication. But I want to Create one Rest API which will do LDAP authentication and will then I will generate JWT token so for upcoming request I can valid JWT tokens.
Any suggestions to achieve this ?
Related
We are trying to implement spring boot oauth2 authentication and then role based authorization for the front-end application routing.
following is an example what we are trying to achieve. after authentication is done we want to get the groups from jwt or from an api by using the access token and if the groups are there user will be be able to login otherwise will get 403. We have done this for on prem security but trying with oatuh2 but not luck so far.
.antMatchers(getProtectedURIs()).hasAnyAuthority(userConfig.getUserGroups())
I am using spring boot security and spring boot keycloak starter to secure rest APIs and authenticate users.
My first question is how to handle access token expiration if user's session is still valid.
The second question is getting the access token from keycloak into spring boot app is done by calling this line
AccessTokenResponse response = authzClient.obtainAccessToken(username, password);
in the same way how to call refresh token api
I registered the app in an azure ad, and I have application id(client id) and directory id (tenant id), and secret key.
using this need to generate the jwt token in the azure ad and need to validate that token.
once the token generate need to call the third-party API's using that token in spring boot application.
please provide some example
To achieve the above requirement. You can take Reference of this Post to call the third-party Api using the JWT token using spring boot application.
In the above, there is tutorial they have built a Spring Boot Application that supports Token based Authentication with JWT. Please refer the section How to configure Spring Security to work with JWT that might be solution of requirement.
I have followed below URL to configure SAML SSO to the existing spring boot application, which already have User name - password authentication and JWT authorization for APIs.
https://github.com/pateluday07/saml-sso-and-slo-demo-idp-azure-sp-springboot
Also in onSSOSuccessHandler() I have generated custom JWT token and returned to the Angular front end as cookie. The JWT token expiry set for 1 Hour. The spring boot application is configured with stateless session policy.
On JWT token expiry how we can refresh the token by validating the SSO session? Do we have to call /saml/login endpoint on token expiry?
I have JWT token which is RSA256 signed. I need to validate this token in my my microservice.
Can anyone give a example of how to implement this using Spring Security.
You can setup a springboot resource server to handle the JWT token and security. Check spring document for resource server