I want to only use the the authentication part of spring security and use email instead of username with mysql. does anyone has a code for that?
or maybe without spring security how to authenticate?
Without spring security that means that you will just check if user exists in the database with correct credentials, you can follow this tutorial https://www.baeldung.com/registration-restful-api
Related
I need to get user name without a login page( like ntlm authentication) using spring boot. Help me with a complete code structure or any reference.
I have a complex situation where I need to implement a security for web app on tomcat 8 that serve both static html and rest services. the app is spring mvc application (no spring boot)
the authntication ( sso ) process will go as follow:
if user jwt not exist in http header then authonticate with ldap, getting user authorities from db and create jwt back to user.
if jwt exist in header, skip ldap filtering , extract the user authorities from token.
I was thinking of first servlet filter that uses spnego library and get the windows domain name (user name to use in ldap) that filter will also check to see if ldap authontication is needed ( if token not provided) and pass it back to spring filter chine through http params..
I'm struggling to implement he ideal.
please help.
thanks
As I know, there is support for LDAP in spring security, might be it will help you.
Other than that, if you want to write your own filters then you have to add those in spring security filter chain.
I'm looking for a solution to add third-party provider OAuth2 flow like Facebook to my existing Spring OAuth2 authorization server and resource server using Spring Security which accept only password grant actually.
This work great with /oauth/token?grant_type=password&username=myuser&password=mypwd
Now, I need to understand how I can add provider OAuth flow, I tried many tutorials with Spring Social for example or with Filter to catch request but.. it's never for only API and/or never coupled with password grant and can't found how to do this, maybe I miss something ?
Again it's only for API, no need configure route /login? or so
If someone can explain me how to do this or github/tutorial example project ? Spring Social can help me here ?
I need to know If I can use JWT in grails application using spring security plugin. I want to generate token store it in cookie and than use it to login. Is it Possible through spring security plugin?
Please checkout https://github.com/alvarosanchez/grails-spring-security-rest the rest security plugin. It has support for JWT and is straight forward to configure.
Be aware that there's a possible security issue with JWT (the user is serialized in the JWT token and deserialized without checking the existence of the user), I made a pull request for this.
I wonder if its possible to config spring security with a ldap as authentication provider so that only some of the users in the ldap is getting access? Is it possible to config it so that I can write in the names of the users that is giving access?
Im using Spring 3.1
Yes, it is posible, see the spring documentation. Your second question is not clear for me. Do you mean that, once the user from ldap is authenticated you want to display the user name? Thas is possible.