i am trying to facilitate field-level encryption with quarkus mongodb panache, but struggle to find a guideline or example.
Is it possible to en-/decrypt specific fields with quarkus mongodb panache?
Or does a converter exist that i can attach to a field and implement the encryption inside the converter?
Or is it possible to provide quarkus mongodb panache with a specifically configured MongoClient to use the mongodb "client side encryption"?
Quarkus creates the MongoClient for you and make it available via CDI.
MongoDB with Panache uses this MongoClient.
There is currently no way to provides an AutoEncryptionSettings for the creation of this MongoClient so Client Side Encryption cannot be used.
You can open an enhancement request to Quarkus to provides a way to configure client side encryption for MongoDB. But be aware that this will not currently work in native mode as the mongocrypt library needed for client side encryption is a native library so will not works OOTB with GraalVM native images.
Related
I'm trying to create cert based client authentication using spring 5, without spring boot. Is there a good tutorial on how to do it? (For example: how to specify a truststore, etc...).
I've ended up not using spring security, because I did not need many things it provides, and instead used a simple filter, that checks the data of the used certificate (I also configured the application server used, to allow that certificate).
I would like to use client-certificates to communicate between spring-boot applications. My problem is, that don't know how to configure RestTemplate to use a client-certificate to authenticate against the other application.
If possible i would prefer to solve this problem with the Spring Boot properties instead of writing code - but any solution is better then none.
You are looking to implement a two way SSL authentication. It will have to be supported by whatever ClientHttpRequestFactory is configured in your RestTemplate.
If you use Spring Boot defaults, that is standard javax.net stack, take a look at Spring Boot Client authentication demo. Apache HttpClient and other libraries might require a different setup.
We are currently trying to integrate Spring Security into our application.
Our application used to store data in native XMLs. We are in the process of integrating with MySQL.
However, certain sites are still having lots of data in XML and we want to provide backward compatibility.
So does spring security provide authentication mechanism for XML based database just like it does for SQL and LDAP?
Is there a way around this problem?
I am trying to integrate Bonita with Spring in order to implement a custom UI for my workflow processes.
I know Bonita provides a REST API out-of-the-box for this matter but I was thinking maybe there is already a java library for this API ready to use with Spring.
A first option would be to use the Bonita Java client library that can talk to Bonita Engine API using direct Java calls, HTTP or EJB. But this Java client does not enforce some security rules defined at an higher level. Moreover the current evolution focus on the Bonita Engine REST API.
So my recommendation would be to rather use the REST API and add a library (such as retrofit) to do the wrapping between your Java code and the REST API calls.
For my suggestion I recommend to keep a Bonita server running independently of your application. You just need to make sure that Bonita service is actually available before trying to call it.
HI I am implementing oauth2 using spring security. This application will be deployed in a multi-node clustered environment. How spring will synchronize authorization code between multiple nodes? It can be achieved via jdbcAuthorizationCodeServices but I can't use relational DB. Requirement is to use NoSql DB. Is there a way to add custom plug-in custom authorization code generator which will be used by spring to create and consume auth code (Code example will be really helpful)?
Thanks