I haven't done any UI setup at all, but when I go to localhost:8080 on a spring boot 2.1.3 app that I start up, I get redirected to localhost:8080/login. Is there something being bundled with spring boot on the frontend, and how do I get rid of it? I want to put my own frontend app in. Right now I am just testing API calls, but later I will want to put in my own frontend part.
The redirect to a login page is part of spring-security.
You can either remove the dependency to spring-security in your maven or gradle setup or disable the login redirection:
How can I disable spring form based login for RESTful endpoints?
How to disable spring-security login screen?
Spring security without form login
Related
Spring 5.1+ should allow me to configure Auth0's login without a 3rd party jar, I've done similar things before. problem is I haven't figured out all the right properties. What do I need to set in order for this to work?
Create a new Application in Auth0 Dashboard, select Spring Boot as framework.
Set the following callback URL, when adding the settings of your application.
http://localhost:8080/login/oauth2/code/auth0
In dependencies
runtimeOnly("org.springframework.boot:spring-boot-starter-security")
runtimeOnly("org.springframework.boot:spring-boot-starter-web")
runtimeOnly("org.springframework.boot:spring-boot-starter-oauth2-client")
In application.properties is
spring.security.oauth2.client.registration.auth0.scope[0]=openid
spring.security.oauth2.client.registration.auth0.scope[1]=profile
spring.security.oauth2.client.registration.auth0.scope[2]=email
spring.security.oauth2.client.registration.auth0.client-id=<your client id in your application in Auth0 Dashboard>
spring.security.oauth2.client.registration.auth0.client-secret=<your secret in your application in Auth0 Dashboard>
# I haven't found general documentation for this but it's in format https://<your domain in dashboard
spring.security.oauth2.client.provider.auth0.issuer-uri=https://<your domain in your application in Auth0 Dashboard>
For more information a technology documentation page should have opened up when you created the application. Seems to be available via Applicaton -> QuickStart.
I'm trying to adapt Vaadin Spring Boot QuickTickets Dashboard example with my project needs. Everything is working fine except I'm unable to access another (not Vaadin UI) URLs. For example, I have Spring Boot Actuator endpoint - http://localhost:8080/actuator/health but when I try to access it, the application wrongly redirects me to http://localhost:8080/actuator/health#!dashboard. Pretty much the same behavior with my custom login page(not Vaadin UI) - http://localhost:8080/login. I also unable to access it.
How to correctly setup Vaadin to be able to access Spring Boot Actuator endpoints and my custom login page also?
You need to map the servlet to a different path. I think the problem is that the Vaadin-Servlet is mapped to / an is processing all requests.
Adding the following to you application.properties should do the trick.
vaadin.servlet.urlMapping = /myapp/*
Of course the URL of the app changes accordingly.
I'm currently trying to make a Spring Boot app. I've managed to create successfully user authentication using LDAP and custom logic.
However, I'm trying to add another layer of security on top of that, something like "htaccess" to prevent unauthorized users from even seeing the web page (client requirement), as well as stop Google from indexing the page. This can be a single predefined user (doesn't need to be connected to ldap auth).
I've read about configuring the tomcat realm, tomcat-users etc. but since it's Spring Boot app with embedded tomcat, I can't find a place to successfully configure it.
Does anyone have any idea how to create such setup?
Is there any analogues of Spring Security tags form-login/always-use-default-target and form-login/default-target-url in java config?
I'm trying to disable redirecting on login page by default, but the whole application is written using java configs and I don't wont to dive in xml's.
I am looking for some possible solutions for my web application security.
The web application redirect the user to the login server. Then after authentication is successful the user will be forwarded back to a certain page within my application. The login credentials are forward with the user. My page is served via a controller that authenticates the user for my application. (Authentication is accomplished using Liberty ID-FF 1.2.)
Currently, I am using Spring 3 page interceptors for the redirection.
My question is; How can I accomplish this with Spring Security? Or, is there another comparable framework? I like Spring Security for how easy it is to configure and how it protects the resources. To use it I need to have the authentication controller redirect the user to the login server. How do I do that in the authentication controller?
I am using JBoss 4.0.5, Spring 3.0, Java EE 5, and ID-FF 1.2.
I am afraid there is any support for Liberty ID-FF in Spring. Currently, there is SAML2 extension module only available for Spring Security.
More info:
http://static.springsource.org/spring-security/site/extensions.html