I am currently using Quarkus in combination with "quarkus-security-jpa" to realize a form based authentication. No problems here so far. I now got another requirement to enable user impersonation in my app. For example the admin can impersonate the user A to get the same access rights and see the same data. In Spring I would use the SwitchUserFilter for this feature.
Now to my question. Does Quarkus has a similar function? And if yes how can I use it? Does anybody have an idea how to realize this feature in Quarkus?
Best regards and thanks in advance
Related
I have a spring application with a login screen that authenticates credentials that the user has entered with users on our Active Ditectory(using LDAP).
However I'd like to add the capability of SSO , specifically with the Windows Credentials that the user has entered upon logging into Windows.
I'm aware that since AD uses Kerberos it wouldn't be such a "hard" task to do and I've found one possible solution as to how to implement it , specifically this guide , with what I want to achieve being on this part of the page.
But honestly I don't seem to be able to understand how to implement it...
I have the following questions:
1)Which parts/classes should I implement for what I actually need , meaning which of the following classes are needed in reality?(AuthProviderConfig , SpnegoConfig , KerberosRestTemplate , KerberosLdapContextSource)
2)If all my users are on a Windows environment do I really need cached tickets(kinit) or keytab? In that case application.yml is also not needed , right?
3)What does the AD admin need to do on his side to configure/enable this SSO with Kerberos?(For the login screen Adapter that works I have the domain, url, rootDn, service user, user searchbase, service user password in my application properties)
Based on this thread , specifically on what the highest scored answer shows , I'm missing only step 1 and 2(I suppose?).
If anyone has maybe a better "guide" or tips that I can follow in order to implement this I'm all ears.
In any case thank you for your time and appreciate any feedback you could give me.
I realised similiar task using tutorial:
https://www.baeldung.com/spring-security-kerberos
You need modificate only WebSecurityConfig extends WebSecurityConfigurerAdapter - Add there Spnego filter from point 6.2 form this tutorial and beans with KerberosAuthenticationProvider. Spring has built-in kerberos machines that generate and decrypt spnego tokens themselves. On this case in filter you should authenticate all paths but In my case I used kerberos authentication on first time, and later I used JWT token what I had implemented before I implemented SSO.
You need keytab file and ServicePrincipalName. You can generate it by kinit with user who have got access to users in AD.
I found something like this:
https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-single-sign-on-with-kcd
I am learning Spring and have written a simple RESTful web service that is not intended for browsers but for native mobile apps only. When trying to implement basic authentication for users. I've hit a wall, because the sources (even official tutorials) assume (and recommend) using OAuth2 through a browser with SSO and\or social logins.
All I want is to create an API RESTful endpoint that will take an email address and a password and return a token (possibly JWT). I do not need extended support for roles (but am not against it) and dynamic token revokation if that matters.
Is there any easy library/solution/tutorial that focuses on something similar?
Edit:
Thanks for the answers — all of them shed more light on the auth process and are quite useful and on point!
Please check here, I have a working example for the spring security on my github. You may need to change the spring.active.profiles=jwt, to enable the jwt configurations on this project.
There are many tutorials available on internet for implementing JWT token based authentication using Spring Boot. Please find below some of them
https://dzone.com/articles/spring-boot-security-json-web-tokenjwt-hello-world
https://www.javainuse.com/spring/boot-jwt
Please go through them and try to implement. If you need a working code for reference, you can search GitHub for code. This is one of them https://github.com/murraco/spring-boot-jwt
I am using an IDP which supports Oauth and SAML BOTH
USER ---->SP--Oauth-->IDP--Oauth-->google(oauth2)
above flow is working fine where i am logging in to system from google.
now what want to achieve is
User ------>SP----oauth--->IDP---SAML--->Another IDP
now my question is ...
Is that possible...? if yes please provide me some guide lines how to achieve that.
how can i achieve same thing IDP Initiated flow.
Thanks in advance
You can used other way around like below. It named SAML2Bearer assertion profile, You can found more details here[1].
User---->SP----SAML2Bearer--->IDP---Oauth--->Federated IDP
[1] http://xacmlinfo.org/2014/10/31/saml2-bearer-assertion-profile-for-oauth-2-0/
i am a beginner programmer and want to know how session management and login logout functionality can be incorporated in jsf project. Right now i can authenticate users from a table in the database but giving the direct url of the pages in the browser takes any anonymous user to the requested page of mine. i want only authenticated users to access the pages while their sessions are active. how is this done and what exactly i need to study to get this functionality in my application.
bundles of thanks in advance.
I suggest looking at something like Seam Security: http://seamframework.org/Seam3/SecurityModule
I was able to resolve this issue. There was a statement in my HibernateUtils class
session.close which was commented out and this is now working as expected after removing this comment.
Thanks for your help.
I'm using Spring Security 3.04 to authenticate the users of my system using 3 Roles, while all of them are allowed to access something like a landing page.
From this landing page, there should be another system which can only be accessed by one Role and by a TAN-authenticated user.
So my question is: What would be the best way to add a third login-attribute to spring security? Or is there a way to store attributes within the security context?
Or is there any other way to add a multi-level-authentication to my application using spring security?
Thanks in advance for any help!
Best regards,
Robert
There is an excellent walkthrough on how to integrate an external authentication mechanism here:
http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/
That should get you on the right track.
Grant