I have a rest endpoint (Application A) which is getting called from UI and ServletRequest from UI has all the cookies. From application A, I am calling Application B through FeignClient. How can I pass all the cookies to application B using Feign?
Related
I have a Keycloak instance in which i created an EventListener (Provider & ProviderFactory) that responds to register events.
But now I want this EventListener to call an endpoint in my SpringBoot app which is secured by this Keycloak instance (as client).
For this I can simply send a Http request from inside the EventListenerProvider. However, I am wondering how I can secure the endpoint so that only this Keycloak event listener can access the endpoint.
Can Keycloak authenticate itself for a client endpoint ???
Maybe u guys have an idea.
It's just like other apps that calls each other using a token they got from Keycloak. You can define a client for your even listener in Keycloak realm (or for your Keycloak as a whole in case it may want to call other endpoints in future). Then before making a call to your Spring endpoint, you get a token from Keycloak via the client-id/client-secret (by calling the /token endpoint of your realm) and put it as the Authorization header in your request.
I have three micro-services
Proxy service - spring boot app for auth verification and requesting nginx app to serve requests
UI : angular app hosted on tomcat
nginx as reverse proxy with other service endpoints and UI
When user makes request from browser, It first comes to proxy and then proxy sends response back by making rest call to nginx.
I can serve api calls from UI via proxy service by using rest template calls to nginx. However when UI is requesting static content then UI receives corrupted resource.
resttemplate response entity to nginx is string object, I also tried using byte[] for just static content but it did not help.
resttemplate call looks like this:
ResponseEntity<String> restResponse = restTemplate.exchange(uri, method, httpEntity, String.class);
appreciate quick help here.
I have one Spring Boot application (application A) with Oauth2 (Legacy stack - Authorization + Resource Server). I want to enable user on second app (application B) to be able to use said application if he is logged in on app A (SSO). If I understood correctly, I need to use authorization_code flow to get authorization code in app B so I can exchange it with access token (app B client communication with app A auth server). The problem is, I don't know how to use the access token on the client B side, how should I enable access to endpoints to the user who has access token. I tried using #EnableResourceServer but I don't know how to get an authentication based on access token. From what I read, I would need an introspection URI pointing to the app A auth server, but I don't know how to get said URI.
Is the #EnableResourceServer the solution, and if so, what is required for authentication to be loaded? Should I be using something else like #EnableOAuth2Sso or OauthClient in my app B?
Edit: I am using opaque tokens.
I have the below structure for my spring boot 2.5.5 application where the client request reaches Server A which is then forwarded to Server B and then Server C.
I have implemented Spring Security and AD SAML Authentication using (spring-security-saml2-core)
Nginx (Server A) -> nginx.conf as been configured for proxy pass to Server B
Nginx (Server B) -> nginx.conf as been configured for proxy pass to Server C
Tomcat (Server C) -> Actual Spring Boot App deployed here
Now in Azure AD we create the App and get the Entity Id, Metadata URL and Reply URL [https://serverA/appName] the same are configured in my Spring Boot Application.
After all this configuration when we access the app from the client I am able to get the SSO Login page and I can enter the credentials. Once I try to log in I get the below exception listed on the Server C logs
SAML message intended destination endpoint 'https://serverA/appName/saml/SSO' did not match the recipient endpoint 'https://serverB/appName/saml/SSO'
SAML is very restrictive.
When you send a SAML request to AD you also specify where you want to answer to go back to.
You also configure on the AD side to where to send the response to.
These MUST match. If the response end point does not match, then you will get this error.
I guess your problem is that your request comes from SERVER A and AD is configured to return it to SERVER B.
Check your metadata return endpoint match what is configured in AZURE, your problem is probably there.
I have a REST API which calls another REST API using the Feign client. Between the two calls I have a reverse proxy which add Cookie in the Header's response.
In my next calls the Cookie is still present in the header although I only add Bearer using a Spring's Interceptor.
I don't understand how this can happen because my Feign client is a Singleton managed by Spring.