I have a web application made using Oracle Apex that implements the session management itself transparently, and I have implemented two-way SSL configuration in tomcat.
So my basic configuration is following
database: oracle 11g
application server: tomcat 7
apex 5.1
Now I need to add a token-based authentication so I have added a filter in the "ORDS" (Oracle Rest Data Service) configuration files and added a Java class. Now I have my token attribute added to the tomcat sessions:
But I need to access those attributes from inside my Oracle Database (in Java or PL/SQL) so I can do the authentication with it.
The Session.getAttribute doesn't seem to work there because all I have (sent via cookie) from tomcat session is just its jsessionid
Related
I made a new Spring Boot project using the Spring Initializr. I'm building an On-premise backend so what I'm trying to achieve is that when the user opens the jar executable and the server starts, he should be able to configure the database connection by going to localhost:8080/ in his web browser. Basically the index.html will have a form with 4 fields for IP Address, Database Name, UserName and Password. When the form is submitted spring will try to connect to the database with the provided information.
I have all my entities, repositories and controllers but currently the only way i can connect to a database is with the application.properties file, but since the user wont have access to the source, there should be a way for him to configure his database.
Thanks for your time!
I would suggest to use the Spring cloud Config server to store database related properties which is capable of picking up configuration at run time. Although it is typically configured with a Git repository, you can store them locally as pointed out in this thread.
I want to create a solution based on that tutorial: https://www.baeldung.com/rest-api-spring-oauth2-angular
But it's not clear for me how several Spring Boot servers behind load balanced can share the same token session.
With session cookie the session data can be stored in MySQL and of server goes offline the session will be resumed by another Spring Boot server.
Can we have with OAuth2 the same setup with shared database so that the session data can be shared and switching of severs can be completely transparent for the end users?
Can we have with OAuth2 the same setup with shared database so that
the session data can be shared and switching of severs can be
completely transparent for the end users?
Yes, You just have to define a JdbcTokenStore and use it instead of the default InMemoryStore to store your OAuth tokens. The JdbcTokenStore must use a DataSource which is pointing to a MySQL Database.
Finally if you configure your Spring Boot apps to connect to the same MySQL Database to store Tokens by defining a DataSource you can get it working.
This post could be a good starting point.
I am currently working on a Spring MVC web application that is hosted on a tomcat server and is connected to an Oracle database.
I would like to know in what cicumstances does the Tomcat user session or the oracle DB connection get refresed. For example, does refreshing the webpage refresh both sessions? Does doing an ajax call refresh one or both sessions? Will doing an static action on a webpage refresh the tomcat session, and not the oracle one? In general where can one session be refeshed, but not the other?
I know this can potentally vary between configurations, but I would like a general guideline on how these interactions works.
I have a requirement wherein a user enters database connection details through a UI, and then from the application I connect to this database, extract the data, and import into my current application.
Users can enter any database connection information, hence these details are dynamic at a user level. I am using Spring boot and Spring JDBC currently, however I was looking for options to connect to other relational databases dynamically during runtime in order to extract data and import to my application database.
Which properties I should configure to disable access to the embedded Spring Boot LDAP server via external LDAP browsers ?
Currently I have the following settings in my application.setting file
spring.ldap.embedded.credential.username=uid=admin
spring.ldap.embedded.credential.password=secret
I expected, that such settings will disable anonymous access, but it is not true -- I am able to modify the LDAP tree entries in the LDAP browser anonymously connected.