i am trying to implement spring security in spring boot application.I am trying to get credentials over a basic auth request header and with those credentials invoking spring security LDAP authentication.whats the best approach to achieve it? Am trying to add a higher-order filter and parsing the header for credentials and invoke it as a dependency in class extending websecurityconfigureradapter class.
Related
I have been using spring boot security oauth to secure the api end points, but i need to allow certain apis to work without authentication others to work only after authentication.
Tried using overriding the configure(httpsecurity) with permitall option url level and all also configure websecurity ignore options, None of them working and irrespective of all the over riding all apis expecting auth token in headers
spring-security-oauth2
spring-security-oauth2-resource-server
spring-security-oauth2-jose dependencies are used and resourceserver.jwt.jwk-set-uri of auth2 being used for auth config
springboot version 2.2.4
need a solution where we can seggregate in the security filter which all api should use authentication and how to disable authentication for other apis
I need to get user name without a login page( like ntlm authentication) using spring boot. Help me with a complete code structure or any reference.
I need some understanding on over all flow of spring security.
I have implemented oauth2 Authorization Server and a Resource server in the same Spring Boot App.Where i am able to generate JWT tokens. And sample Rest api in this app is secured and accessible only with token.
I have another spring boot app which should be secured? What should i do in this. Also i need to read the token in this service to know the role of user.
Please clarify me how to implement the step2.
You can create a module where your spring security config is implemented.
In this module is the class that is annotated with the #EnableWebSecurity annotation, where you define the open routes. I guess you already have a class like this for your sample rest API, mentioned in step 1.
Now every microseconds that has to be secured uses this module by importing it, eg as maven dependency. By this it's api is automatically secured via spring security.
Your auth service serves a jwk endpoint where every microservice can verify a token via public key.
I have created Spring Boot application using Spring Security and JWT. I want to write a custom method to revoke a JWT Token, that was created and given to a user.
Is there any way to solve this problem? Please share the solution
I am using spring security for my spring multitenant application. I am using spring security 3.2
I am using spring security for my spring multitenant application. My requirement
is tenant1 should be authorized against oauth and tenant2 should be authorized
against ldap and tenant3 should be authorized against database. I will be knowing
the authorization method for the tenant through properties file. I am able to
authorize user against any single authorization method. But i am not able to
configure for multiple authorization methods. Please someone give any suggestions
on this.
In case of web application, you can use different login URLs and allow user to choose authentication method. Then separate security filters should be applied for each URL.
You can check this configuration: https://code.google.com/p/opendatakit/source/browse/eclipse-aggregate-gae/war/WEB-INF/applicationContext-security.xml?repo=aggregate