I'm attempting to port over a huge website to Spring Boot. I have just about every piece of put in place except the security in JSP.
Unfortunately, the library that supports the security tag lib;
Causes my project to crash. I've tried looking for conflicts in the pom file but it's not to be.
I was able to get the principle using scriptlets but there are several times I conditionally display menus, based upon the authorization of the user. I even thought of writing my own tag libs but I it would take too long.
Are there any security tag libs that specifically work with Spring-Boot?
Related
I’ve been trying to set up a Spring MVC application from scratch, using Maven, in IntelliJ Idea. I know there are probably some nice Archetypes that can do this for you, but I really want to understand what’s going on. Here’s what I want to do:
Create a simple web application that shows displays “Hello World” under https://localhost:8080/, using an embedded Tomcat (with the Maven plugin). So, one controller, one request mapping, and one template. I’ve been able to get the spring application to boot (the Spring logo appears in the console) and Tomcat seems to run as well (the site responds). The problem is, I haven’t been able to get the request to map to my RequestMap method in my Controller. I’m quite sure that the controller isn’t the problem, but that it’s some configuration/setup issue.
Here’s the thing: I’ve been looking at tutorials, StackOverflow, Spring documentation, etc. for hours now, but I haven’t found a source that really explains how to configure a Spring MVC Maven project. Everyone seems to have a different opinion on what XML files you need, what they should be named, and where they should be located. The consensus seems to be that you need a web.xml file in a folder named WEB-INF, but even there, everyone has a different opinion on where that folder should go. I appreciate that there are multiple different ways to do this, and that there’s no “right” way, but in my experience, there are definitely many “wrong” ways =).
My question right now isn’t necessarily how to get my current project running (I don’t mind starting over), but what kinds of config files are out there (web, spring, app-config, servlet, …), what they do, which ones you need, where they need to go, what they should be named, how they connect, etc. Some people also use the Maven Compiler plugin, and others don’t, and nobody says why :D. Essentially: How do I let Spring know where to find controllers, templates, etc., and how to run and deploy all of this on the embedded Tomcat. I would like to find a source that explains the entire core-ecosystem of Spring MVC in a unified way. I have found many sources that provide “how-to” tutorials, but with little to no explanation (like “add the following servlet.xml file to your WEB-INF folder”). So, if your setup slightly differs from the tutorial (e.g. because you are using IntelliJ instead of Eclipse, Tomcat instead of Jetty, embedded Tomcat, a slightly different folder structure) nothing works, and, most importantly, you have no clue why.
Has anyone learned these setup-basics with anything better than copy/pasting or trial & error? :D
Easiest way to start is by using Spring Boot. Go to following link:
Spring initializr
Choose "Web" for "Selected Dependencise" and click "Generate Project". Download of maven project should start after that. Then import that project in IntelliJ IDEA as a Maven project. And that is a good starting point. You'll get main class that you can run and embeded Tomcat will start at 8080 port. Than you can add some controller, template etc...
Also good guides
I would like to set up a standalone swagger-ui application, to view the different APIs from different servers in one central place.
In a second step I would like to customise swagger-ui to show multiple APIs at once.
I don't want to add swagger-ui to all the servers that provide swagger api-docs though.
To do so I would like to use spring boot and thought this should be an easy task. However, I have trouble getting it to work.
Here is what I did:
Generated a Spring Boot application using https://start.spring.io
included spring-boot-starter-web
added io.springfox:springfox-swagger-ui:2.3.1 dependency
When opening http://localhost:8080/swagger-ui.html I see a 404 error and UI seems broken:
Is there any reason for using Spring-boot instead of a simple web server for this?
See for example here with Nginx, including some basic authentication (pretty old link but still looking alright), or in the ReadMe of the swagger-ui github reposiory directly for easily serving with Connect/gulp-serve inside Docker (the setup can also be reproduced directly without Docker if wanted).
Also I have no idea why you're getting resources requested by the page on a different port... Just ask in case you still need help now on this topic.
I am developing a jsp dynamic web project on eclipse.
I want to create an website with login functionality. I intend to store users' accounts and passwords in MySQL database. Of course, different users have different roles and rights to access different web pages. What is the best approach to implement it?
So far, I know these approaches:
1) Users enter accounts/passwords in login.jsp. LoginServlet then connects to MySQL database to check if it is correct. AuthenticationFilters will make sure only users with rights can access certain pages.
2) Use Role Based Authentication by declaring user roles in web.xml. I find this approach is not flexible, because I need to declare roles in advance.
3) Use HttpServletRequest's login/logout methods. I have not studied it.
Is my understanding correct? Could someone gives me some suggestions? Some clues would be very helpful!
Besides, I know that using POST alone to send passwords is not safe enough. Many websites suggest to use HTTPS connections. So if using HTTPS connections, does it affect the approach I choose to implement the login function?
Thanks!
--
Now, I know I need to use Spring. But Spring seems difficult for me... In Spring website I cant find out the link to download jar files. The user guide says I need to use Gradle or Maven, which I haven't used before, and have no idea why I need them. Besides, there are many Spring projects. Which one should I choose? Spring framework?
--
Have you looked into using Spring Security? It's built for just that. You don't need to be familiar with Spring but it may help.
Here are a couple of tutorials that use database authentication:
1: Spring Security Authentication and Authorization Example with Database Credentials
2: Spring Security Login Example with Database
Edit:
You don't have to Maven or Gradle. You can simply add the jars to your build path and they will work. The only projects you need to implement for the login to work is the Spring Framework and Spring Security.
To use Spring Security without Maven or Gradle:
Download the Spring Framework jars, unzip them, and add them to your project and build path. It's probably a good idea to find a hello world tutorial using Spring to get you started. A quick Google search should turn up many results.
After you have Spring implemented in your project, download the Spring Security jars, unzip those, and add them to your build path. The links to the tutorials that I previously posted will get you started. They may take a little while to go through and you may not understand exactly what is happening behind the scenes, but once you get it set up is works outstanding. I'm also not sure if you are using xml configuration or Java config but I believe those tutorials are for xml.
Spring Security was built so that it could be added to any project and have you up and running with basic configuration in about 15 minutes. After you get the basic login going (it will use the generic login form), you can search for how to implement your own custom login form, add permissions or restrictions to users and url patters, adding custom filters, etc. I encourage you to spend some time learning it as it is highly flexible and customizable.
We have several in-house developed application in Groovy/Grails and use a shared plugin containing code that is common to all applications. We're needing more advanced authentication (LDAP, CAS, etc.) so it's time to implement the Spring Security plugin. I've been doing a bunch of reading on it, but I'm stuck at something as simple as changing the URLs and GSP pages that are used for the login and logout. I'm assuming that we'll also need a custom controller to make these changes.
In a normal situation where an application is using the Spring Security plugin, changing the default controller and/or GSPs seems to be as easy as just creating a file with the same name and location as the original files (since application files override plugin files). However, we're including the Spring Security plugin in our shared plugin which then is included in the application ... so unless it's possible to have one plugin override another plugins files this sort of solution doesn't seem to work here.
What would be the correct approach for overriding the default login/logout pages, url, and possibly controllers being used?
The controllers and GSPs are part of the plugin in 2.0. If you want to customize them copy them from the installed plugin directory to your project in the same folders and make the changes there. App files always override plugin files because the plugins are compiled first, then the app, so the app's files take precedence.
This procedure worked successfully for me.
I've got a Spring MVC application and I've decided that I'd like to try using GWT for the front end. I'd like to continue using MVC as I'll also be using Spring Security and some other springy stuff.
I'm aware of the GWT-SL project, and I guess I'll use it. The documentation is light on examples unfortunately.
What I'm wondering now is.... how do I reconfigure my project so that I can use GWT? I'm assuming that I'll lose the ability to run in hosted mode, and I suppose that's ok. Do I just add the GWT and GWT-SL jars, reconfigure my web.xml, and add a package to my project for the GWT code?
I'm using Eclipse 3.4. My existing project is standard web project.
With the new version of the GWT plugin, you'd have all the benefits of the hosted mode browser without having to modify any options. The GWTHandler from the GWT-SL will take care of your rpc call mapping. However, you will have a problem with your existing domain objects structure. You will either have to put them in GWT's 'client' package, or mirror your existing domain objects to enable them to be compiled to javascript. I have been looking for a stable non-invasive framework for doing this, but have yet to find one. Gilead looks promising, but you will have to extend its classes on your domain.
I have posted a view month ago my simple project (3 classes) how to integrate GWT with existing Spring MVC application. Simple sample also provided.
Try it, it is clear and simple: http://code.google.com/p/gspring.
You won't lose hosted mode. I don't know if you're using the internal server for that - I use -noserver so I can't help you there.
Other than that, I guess the documentation is quite clear. Have you hit any specific problems?