I have a Spring boot-angularjs. I have secured the the application using Spring Security. The problem I am facing now is , The home page (/home.html) is secured so the user has to login before he can see the home page. Now I want to add Google Plus Login to my application and I can't figure out how as the home page is secured and even if the user login's using google he/she cant access the home page as I am using jdbc authentication (username,password). Can anyone please tell how I can solve this?
You can use OAuth in combination with your JDBC login. If the user chooses to login using Google he will be redirected to Google Login page. This is absolutely possible.
Examples: https://github.com/spring-guides/tut-spring-boot-oauth2
https://github.com/Baeldung/spring-security-oauth
Related
I am working on a project to implement spring boot authorization server using federated login google and Facebook.
I have successfully login using google and Facebook, and store user information in database also, it works fine for me.
Now I am facing an issue, In this project after login using Facebook/google I need to get a jwt token with user information in that token.so that I can use that token in other microservices.
I don't know how to get that .
Any help appreciated.
Thank You
I am using Laravel 5.1 and Stormpath for User management.
I followed this documentation to implement google login
Configuring Your Social Provider = DONE
I created project in Google Console and in “Authorized redirect URIs” I've added
https://{DNS-LABEL}.apps.stormpath.io/authorize/callback
Create a Stormpath Social Directory = DONE
Initiate Social Login - In my form when I click on Google Sign In it redirects to
https://{DNS-LABEL}.apps.stormpath.io/?response_type=stormpath_token&
account_store_href=https://api.stormpath.com/v1/directories/{id}
&redirect_uri=https%3A%2F%2Flocalhost
and returns
{"status":404,"message":"Resource not found."}
As per this documentation:
The user clicks on a “Login with Google” link pointing at your application’s /authorize endpoint
Stormpath handles the login to Google and redirects the user back to your app with a Stormpath Token JWT response
What am I doing wrong? Why isn't stormpath redirecting to the google login page?
It looks like the URL that you are creating is missing the /authorize part. If you update your URL to be
https://{DNS-LABEL}.apps.stormpath.io/authorize?response_type=stormpath_token&
account_store_href=https://api.stormpath.com/v1/directories/{id}
&redirect_uri=https%3A%2F%2Flocalhost
It should begin working for you.
In a future release of the PHP SDK (which powers the laravel integration), we will be able to generate this URL for you.
If you are using our Stormpath/Laravel integration, the views provided will automatically handle social logic for you. If you are doing this from scratch, it may be worth a look at https://github.com/stormpath/stormpath-laravel
-Brian
I am developing spring MVC application, in my project, i have login page where I can successfully log in, the problem is that if I open new tab and log in with different username it's logging in, means at a time in the same browser I am able to login in multiple users which I don't want ,I want my application to single user login per browser how to make it.
While rendering login page, you check authentication. If you are using Spring security, you can check for principal auth present or not. If auth is present render home page else render login page. I think this can solve your issue neatly.
I suppose that Spring Security session management is what you're looking for:
Spring Security is able to prevent a principal from concurrently
authenticating to the same application more than a specified number of
times. Many ISVs take advantage of this to enforce licensing, whilst
network administrators like this feature because it helps prevent
people from sharing login names. You can, for example, stop user
“Batman” from logging onto the web application from two different
sessions. You can either expire their previous login or you can report
an error when they try to log in again, preventing the second login.
For more information, read the following docs:
http://docs.spring.io/spring-security/site/docs/3.1.x/reference/session-mgmt.html
Control the Session with Spring Security
I am reading the docs in the Stormpath website. They have documentation about how to create account, application...
But I cannot find the overview the big picture of the Stormpath
especially how can my web application can integrate with it.
I need a picture that describe the flow of the authentication between my Web Server, browser, and stormpath API.
I have a web application and a login page.
My specific questions are:
When a user clicks the submit button of the login page, should I call the RestAPI to Stormpath to authenticate or I need to send username and password to my web server, and web server will send it to Stormpath to authenticate?
If when a user clicks the submit button and I need to call the RestAPI of Stormpath from JavaScript, after login successfully do I have a returned Access token? And what can I do with that token.
Please help me.
Heyo -- I work at Stormpath, so hopefully I can explain this for you a bit.
If you're building a website, and storing your users with Stormpath, here's how authentication works:
A user visits your website, and clicks the login page.
You show a login page and collect the user's email and password (or username).
The user clicks Login, and that form data is transferred to your web server (not Stormpath!).
On your server-side code, you would then use one of the Stormpath libraries to authenticate the user's account. You would take the form data the user submitted to your server, and then call the proper Stormpath method to authenticate the user.
Stormpath will log this user in, by creating an access and refresh token, and securely storing cookies for your user in the browser.
This is how the flow typically works.
How can I achieve such functionality in java ee (servlets, web.xml):
In database there are user credentials (username and password). All users that like to access my service should be prompted to login. When session expires user should be logged out and see login page again. All resources under my WEB-INF should be protected.
I read about user roles and realms, but this is not what I need. It limits users to defined in application container.
I'd like to provide my users functionality to register and login.
How can this be achieved in java ee? Can this be done by configuring web.xml ?
I tried servlet mapping on /* and authentication in servler (redirect to login page in case of session expiration) but it didn't worked for my static content (i.e. index.html)
Examples appreciated. Thanks for all answers.
Using google app engine and gwt.
You can use container based authentication like JDBCRealm for login/logout functionality but you have to implement the register functionality yourself. A simple CRUD-application for your user and group table in the database should be a good starting point.
If you use JSF, Tutorials for creating CRUD applications with JSF can be found here for Netbeans IDE.