Quarkus Security : Impersonate User - quarkus

I am currently using Quarkus in combination with "quarkus-security-jpa" to realize a form based authentication. No problems here so far. I now got another requirement to enable user impersonation in my app. For example the admin can impersonate the user A to get the same access rights and see the same data. In Spring I would use the SwitchUserFilter for this feature.
Now to my question. Does Quarkus has a similar function? And if yes how can I use it? Does anybody have an idea how to realize this feature in Quarkus?
Best regards and thanks in advance

Related

Spring Application with SSO using Windows Credentials(via Kerberos)

I have a spring application with a login screen that authenticates credentials that the user has entered with users on our Active Ditectory(using LDAP).
However I'd like to add the capability of SSO , specifically with the Windows Credentials that the user has entered upon logging into Windows.
I'm aware that since AD uses Kerberos it wouldn't be such a "hard" task to do and I've found one possible solution as to how to implement it , specifically this guide , with what I want to achieve being on this part of the page.
But honestly I don't seem to be able to understand how to implement it...
I have the following questions:
1)Which parts/classes should I implement for what I actually need , meaning which of the following classes are needed in reality?(AuthProviderConfig , SpnegoConfig , KerberosRestTemplate , KerberosLdapContextSource)
2)If all my users are on a Windows environment do I really need cached tickets(kinit) or keytab? In that case application.yml is also not needed , right?
3)What does the AD admin need to do on his side to configure/enable this SSO with Kerberos?(For the login screen Adapter that works I have the domain, url, rootDn, service user, user searchbase, service user password in my application properties)
Based on this thread , specifically on what the highest scored answer shows , I'm missing only step 1 and 2(I suppose?).
If anyone has maybe a better "guide" or tips that I can follow in order to implement this I'm all ears.
In any case thank you for your time and appreciate any feedback you could give me.
I realised similiar task using tutorial:
https://www.baeldung.com/spring-security-kerberos
You need modificate only WebSecurityConfig extends WebSecurityConfigurerAdapter - Add there Spnego filter from point 6.2 form this tutorial and beans with KerberosAuthenticationProvider. Spring has built-in kerberos machines that generate and decrypt spnego tokens themselves. On this case in filter you should authenticate all paths but In my case I used kerberos authentication on first time, and later I used JWT token what I had implemented before I implemented SSO.
You need keytab file and ServicePrincipalName. You can generate it by kinit with user who have got access to users in AD.
I found something like this:
https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-single-sign-on-with-kcd

Spring RESTful web service auth

I am learning Spring and have written a simple RESTful web service that is not intended for browsers but for native mobile apps only. When trying to implement basic authentication for users. I've hit a wall, because the sources (even official tutorials) assume (and recommend) using OAuth2 through a browser with SSO and\or social logins.
All I want is to create an API RESTful endpoint that will take an email address and a password and return a token (possibly JWT). I do not need extended support for roles (but am not against it) and dynamic token revokation if that matters.
Is there any easy library/solution/tutorial that focuses on something similar?
Edit:
Thanks for the answers — all of them shed more light on the auth process and are quite useful and on point!
Please check here, I have a working example for the spring security on my github. You may need to change the spring.active.profiles=jwt, to enable the jwt configurations on this project.
There are many tutorials available on internet for implementing JWT token based authentication using Spring Boot. Please find below some of them
https://dzone.com/articles/spring-boot-security-json-web-tokenjwt-hello-world
https://www.javainuse.com/spring/boot-jwt
Please go through them and try to implement. If you need a working code for reference, you can search GitHub for code. This is one of them https://github.com/murraco/spring-boot-jwt

SAML 2.0 TO OAUTH

I am using an IDP which supports Oauth and SAML BOTH
USER ---->SP--Oauth-->IDP--Oauth-->google(oauth2)
above flow is working fine where i am logging in to system from google.
now what want to achieve is
User ------>SP----oauth--->IDP---SAML--->Another IDP
now my question is ...
Is that possible...? if yes please provide me some guide lines how to achieve that.
how can i achieve same thing IDP Initiated flow.
Thanks in advance
You can used other way around like below. It named SAML2Bearer assertion profile, You can found more details here[1].
User---->SP----SAML2Bearer--->IDP---Oauth--->Federated IDP
[1] http://xacmlinfo.org/2014/10/31/saml2-bearer-assertion-profile-for-oauth-2-0/

Session management functionality in jsf project

i am a beginner programmer and want to know how session management and login logout functionality can be incorporated in jsf project. Right now i can authenticate users from a table in the database but giving the direct url of the pages in the browser takes any anonymous user to the requested page of mine. i want only authenticated users to access the pages while their sessions are active. how is this done and what exactly i need to study to get this functionality in my application.
bundles of thanks in advance.
I suggest looking at something like Seam Security: http://seamframework.org/Seam3/SecurityModule
I was able to resolve this issue. There was a statement in my HibernateUtils class
session.close which was commented out and this is now working as expected after removing this comment.
Thanks for your help.

Spring Security - Add TAN system

I'm using Spring Security 3.04 to authenticate the users of my system using 3 Roles, while all of them are allowed to access something like a landing page.
From this landing page, there should be another system which can only be accessed by one Role and by a TAN-authenticated user.
So my question is: What would be the best way to add a third login-attribute to spring security? Or is there a way to store attributes within the security context?
Or is there any other way to add a multi-level-authentication to my application using spring security?
Thanks in advance for any help!
Best regards,
Robert
There is an excellent walkthrough on how to integrate an external authentication mechanism here:
http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/
That should get you on the right track.
Grant

Resources