I've been reading a lot about micro-services and modules but still I can not figure out how can I achieve this scenario.
I've got many Spring Boot projects and almost all of them having the same features like:
Login and Registration
Email for password reset
Email for account confirmation
JWT Access
Web UI
Even the database structure of those features is identical across them.
I imagine there must be a way to take it out from the app and re-use it in every project, instead of duplicating it on every project.
I was also thinking in having it on a separate repo.
Can please someone point me in the right direction?
Right now what I'm doing is: I have a base (boiler-plate) Spring Boot project and use it as starting point of any app. The problem is that whenever I add a new feature or fix a bug on the boiler-plate I need to "cascade" those changes to every project using it
Thank you!
Related
I created one of the spring application project (a simple login form). where I recently added "logout" functionality. I was wondering how to add a logout timer so the user will be logged out fo inactivity after a certain interval of time. I tried looking resource on stack overflow as well as spring documentation but couldn't find one. Please note that I am using ALL JAVA CONFIGURATION (NO XML bsaed configuration).
So far I have designed a simple login functionality, which works as desired but I am trying refactor the "logout functionality" so user won't have to click on logout functionality all the time. I am attaching link for my codebase, please review it.
project: https://drive.google.com/file/d/1K1yhxsrUWxJe6iaeEL_Pj2HJ9C41vYaT/view?usp=share_link
*Note
while importing my project from DRIVE, you will have to add tomcat server (v9.0) and add the path of the server in the project as well.
I have never really done authentication yet. At this moment, I'm stuck and not really sure on what would be the best and most secure way to handle it.
To get an overview on what I'm working with:
For the backend/REST API I'm using Spring Boot and for the frontend NextJs.
Furthermore, Two types of users are needed, some who can either create, analyze or manage content (basically different roles) in our custom CMS. And on the other side, app users who are consuming this content (on a iOS app).
That's what I'm trying to achieve as a minimum requirement, but it would be even better if it would somehow be possible to manage only a list of specific content for a specific role (e.g. analyze). Like for example, only blog articles that are in this list.
I know it's a really broad question, but I would be happy with some general directions or links to resources that could guide me in a way.
I have to implement a login authentication & user registration feature for my product.
What is the standard and effective way of doing this using spring which would provide standard security (meaning nothing super fancy, but nothing easy to get around as well)?
As this has been done so many times there has to be a standard way to achieve this ?
The implementation should include :
user registration form after registering through g+ or fb etc
login form
storing user profiles, passwords, preferences in some backend
db or system
role management : different roles like admin would have
access to all etc
Standard : that which can put in production.
I found too many things scattered all around the net and although this seems like a broad topic its difficult to get started with especially when this going straight into production and not as a hobby project. The tutorials are always good to get started however are a starting point only. I want to know whats the best route or path that can be used for a product in production.
Securing a web application is not small topic, so you will need to read some tutorials.
You'll find very quick an easy to understand guides (with working examples)
at Spring Boot guides web site.
Spring Boot guides
Securing web application
JPA for your hibernate requirement
If you want going deeper you could read these great tutorials:
Spring security form login
I want to implement Single signon between Spring application and Netsuite using cas. Seached many things on net but nothing was fruitful. kindly help me on this with some links or documents.
Thanks in advance.
I just completed two SSO's in NetSuite for our firm. (You will find this under Setup>Integration>SSO) We ended up having NetSuite send a specifically crafted URL to our internal PHP intranet. The web app' there receives the incoming URL and does stuff on it, and the user gets what they need.
Forgive me for not knowing anything about Spring, but if you can run your web app' to receive an incoming URL (post), then you will create a new SSO object inside of your ERP instance, and pass the values that you need to pass to your web app' from there. Those can be built-in values that come right out the system (ie: "{entityid}") or these can be values that you create with a script, pass them to the SSO, then the SSO passes those to your web app'. You can "place" an SSO "object" on to a "custom Tab" on your "custom Form". Or you can create an entirely new Form. Or you can place your SSO in some other location. I chose to place ours on a custom Tab, as that was effective for our use case.
The only other two places you can "place" your SSO is on to a "Portlet" (say, like a custom panel on your Dashboard or similar) or a "SuiteLet" (which I havent done yet but am working on right now).
If you have any "bundles" installed in your instance, some of them have SSO inside of them, and some of them are "protected" and some of them are not, and the unprotected ones can be downloaded as JavaScript to your machine for examination, consideration, & emulation.
The help in SuiteAnswers is decent but doesnt give many working examples for your to adapt. The PHP Tool Kit has a working sample of an SSO inside of it & I highly recommend getting that, unzipping it, and reading all of those files, even if it has no table of contents, you can easily follow all the includes and references amongst those files.
If you have a specific follow-up question about something in there, please post, and while I'm an intermediate at it, I'll give it the ole college try to answer. And if you need anything past that, ping me.
Cheers.
I am trying to integrate two separate web applications - one is an existing custom web application with it's own security paradigm and the other is a reporting platform (JasperServer). I want to be able to use Jasper's web services interface to integrate the reporting functionality into our application. Our security model is complex and is home grown but I think there is hope.
We set a cookie that is an encrypted string containing a web service URI as the authentication source and a token which is stored in the database that is created when the user logs in and is destroyed when he/she logs out. I think I can leverage this to implement a kind of SSO in Jasper since it uses Spring Security.
What I THINK I should do is implement a pre-authentication filter that checks for the cookie I mentioned above. It could then decrypt it, make a web service call to the authentication source provided to verify the token is active in the database. If it is, that token can be used to point to user and role information that could be returned as a UserDetails object.
Unfortunately, I know enough to be dangerous but not enough to be effective. Am I on the right track? Does this solution sound tenable? If so, where would be a good place to start and are there any examples of something similar you could point me to? I've searched around quite a bit and have found nothing that quite fits the bill.
Thanks in advance to any and all who can provide me a glimmer of hope
Cookies are tied to a domain/subdomain/path and port. It is possible to set a cookie at the domain level so if you have something like webapp.mydomain.com and jasper.mydomain.com you may be ok assuming they are on the same port.
However be very careful about implementing your own SSO/Authentication framework. It requires a great deal of thought. As it stands your proposed implementation would be vulnerable to: replay, man in the middle, and XSRF attacks ... there may be other vulnerabilities but these are just 3 that come to mind ... sorry! :D