I just started learning spring cloud security and I have a basic question. How it is different from spring security? Do we need our application to be built on spring boot for using spring cloud security?
Thanks in advance.
Spring Security is a stand alone framework within Spring Framework. Spring Cloud Security is a Cloud Container and MicroServices focused Security Framework that provides Tokenised Security for Spring Boot applications.
Related
I have a Spring 5 MVC application without Spring Boot that I need to migrate it's current Spring Security LDAP implementatino to a new Spring Security OAuth2 Resource Server implementation. I tried for several days without any luck to convert this application to Spring Boot and I am hoping I can do this migration without Spring Boot, the problem is that all the resources I found so far (examples,guides,etc.) only work with Spring Boot.
Any help is greatly appreciate it.
I'm in the process of migrating away from the spring-security-saml module that has been deprecated to the new SAML support built into Spring Security 5+. I'd really like to not have to migrate this entire project from Spring Framework to String Boot at this time, so does anyone know if there is documentation on how to get Spring Security with SAML working on vanilla Spring Framework, everything I've seen has been only Spring Boot. Any help would be majestic!
I am new to spring framework. I have a confusion regarding spring boot and spring cloud.
I used https://start.spring.io/ to initialize a spring boot application. I think I am using the spring boot framework. However, I would like to use some spring cloud dependencies such as spring-cloud-stream-binder-kafka.
Question 1: If I added this dependency above to my spring boot application, I am wondering if I still can go with the spring boot framework, or I have to change to spring cloud framework.
Question 2: I am wondering if there is any difference when deploying the spring boot or spring cloud application. Or, they just have the different frameworks, and we could deploy them in the same way.
Thank you so much!
You can use together Spring Boot and Spring Cloud packages.
Spring Boot is just a preconfigured Spring Framework with some extra functionalities. It also uses library versions compatibile with each other. Spring Cloud is also the part of the Spring ecosystem, contains libraries that mostly used in cloud applications.
In the background, these packages will pull all necessary Spring (and other) libraries into your project, as transitive dependencies.
So you can use the generated pom/gradle, and add other dependencies. In this case Spring boot will be your core and cloud add extras.
I want to use Spring Cloud Gateway with SAML. Is this possible?
It seems that the Saml extension for spring security is based on the old Spring Stack and won't work with Gateway.
Has anybody got any experience on this?
I'm afraid SAML is not supported as of time of writing. Spring Cloud Gateway has been redeveloped using Reactive programming and is now based on Spring WebFlux. Only the following authentication methods are currently supported :
OAuth 2.0 or OpenID Connect 1.0
x509 authentication
This is stated on SCG page:
Spring Cloud Gateway is built on Spring Boot 2.x, Spring WebFlux, and
Project Reactor. As a consequence, many of the familiar synchronous
libraries (Spring Data and Spring Security, for example) and patterns
you know may not apply when you use Spring Cloud Gateway. If you are
unfamiliar with these projects, we suggest you begin by reading their
documentation to familiarize yourself with some of the new concepts
before working with Spring Cloud Gateway.
The previous gateway spring-cloud-netflix-zuul, based on Servlets and which supported SAML, has been removed from Spring Cloud 2020.
Here is an open issue on GitHub, SAML2 for reactive environment, where we can vote for asking for this to be implemented.
currently I'm working on spring boot admin and trying to monitor my REST APIs which I've written in Spring Boot and secured them with OAuth2.
Now I want to monitor my APIs with spring boot admin, how do I do that?