How to secure web ui in spark embedded with spring boot application? - spring-boot

I have a spring boot microservices application, some services include spark (embedded). Actually, I secured all the application and I need to secure the access to Spark Web UI. I checked the spark doc and other resources and they say that I should implement a Filter but I don't know if this is the right way and for my case.
The main objective is to limit access to the ui interface. I already added authentication using Kerberos, ldap and jwt so i would like to use same process with spark and make access using ldap.
Any other suggestion are welcome.
Thank you in advance.

Related

Difference between spring-boot-admin server and client

There are no much resources on this topic so thought to post it. Also I myself am trying to understand the different. Previously we just had only spring-boot application. So can anybody explain the difference.
Spring boot admin is nice monitoring dashboard for spring boot application. To feed data to this dashboard spring boot admin provide two approaches:
1) Using client library: client libary will send data to spring boot admin dashboard.
2) Use service discovery (eureka)

How to configure Spring Boot Tomcat Basic Auth together with Spring Security?

I'm currently trying to make a Spring Boot app. I've managed to create successfully user authentication using LDAP and custom logic.
However, I'm trying to add another layer of security on top of that, something like "htaccess" to prevent unauthorized users from even seeing the web page (client requirement), as well as stop Google from indexing the page. This can be a single predefined user (doesn't need to be connected to ldap auth).
I've read about configuring the tomcat realm, tomcat-users etc. but since it's Spring Boot app with embedded tomcat, I can't find a place to successfully configure it.
Does anyone have any idea how to create such setup?

spring security oauth2 manually generate authcode

HI I am implementing oauth2 using spring security. This application will be deployed in a multi-node clustered environment. How spring will synchronize authorization code between multiple nodes? It can be achieved via jdbcAuthorizationCodeServices but I can't use relational DB. Requirement is to use NoSql DB. Is there a way to add custom plug-in custom authorization code generator which will be used by spring to create and consume auth code (Code example will be really helpful)?
Thanks

Spring XD REST Service

I would like to have a REST service to expose the data read and processed from Spring XD. Similar to the one in the Analytics Server.
For example I would like my own functions which can be exposed similar to Counters and be able to access the data from a web browser.
Is there any tutorial? I have searched and found that Spring Boot is the one but I am looking for help on how I integrate it with Spring XD.
Would be very helpful if someone can point me to the instructions on how I can achieve this.
You can use trigger as a source with http-client as a processor processor to access any web browsers info regardless if it is a web service URL or not.
Moha.

Spring Security - Preventing Users access to a page if an id is invalid

I am new to Spring Security and am mulling over the idea of using it or not in my application.
The requirement is as follows :
In my web application i store a session information inside the database,a key for this is stored in a cookie
2.Now whenever someone tries to access a url which is not according to the flow i want to deny access.
3.Can i use Spring Security for this.
I am using Spring MVC,Mongo DB and MySQL as the develeoment environment.
Regards,
Abhishek
If you're trying to simply control the flow of an application, I'd suggest using Spring Webflow. This allows you to define set flows in a multi-page application.
Spring Security can be used to control flows, but only for access control. It integrates well with Webflow (and with Spring MVC) to ensure you can secure some or all of your flows.

Resources