I've deployed 1 webapplication (WAR) to Tomcat behind context root /myApp
The application is exposed to the public by means of 2 public HTTPS URLs:
Eg. https://a.this.that and https//b.this.that
Both these public requests arrive in that same application (/myApp).
Now I need this webapplication to support 2 SAML service providers.
Both will use the same IDP.
How should I configure Spring SAML in order for this application to support two SPs, one for the first URL, and one for the second ?
What ACS location URLs should I put in my service provider XML ?
Do I need multiple SP XML files and/or do I need to define extended service provider metadata to get this working ?
Do I need a spring saml multi-tenant setup to get this working and if so what is the relationship between the entityId and the URL ? Or can all this be achieved in a different way without a multi-tenant setup ?
Could somebody provide some sample xml metadata, spring saml config that demonstrates how the above could be achieved ?
Kr,
EDH
You'll need to generate SP metadata for each of the instances separately, and add it to the metadata manager. The URLs will be a.this.that in the first one, and b.this.that in the other. You also need to set entity alias to differentiate the two instances. See the manual for more details.
Related
i have a spring boot application that provides an API consumed by a frontend app (CRUD operation). This spring boot app is based on oauth2.0 authentication standard to verify the JWT access token received in the header of each API against an authorization server. I want to provide another API to be consumed by a backend (M2M usage). This API will rely on same database (same entities) but it will be slightly different (only Read operations are allowed here and responses contain more fields). Also this new API will rely on an another authorization server to verify the JWT token.
Firstly, i was thinking to provide both API with the same spring boot application, but it looks like it will a hack to support both (for instance issuer uri of the token are diferent, port can be different, path of API are different..).
So, I'm now thinking to separate the 2 APIS into 2 different spring boot application, so that the apps are isolated by nature, but i'm not sure it's a good practice at the end? For instance, what about the concurrency issues that can occur with such design ? In the opposite, can i build easily teh 2 spring boot apps that share the same code repo (some code should be common for both apps). Those are the questions i have, so any suggestion will be appreciated.
You can try with multiple authentication providers. Example given in following -
Java Spring Security config - multiple authentication providers
I'm splitting up a monolith web service into several microservices using spring boot. To reduce duplicated code I extracted shared parts in a maven module that is used in the different microservices.
The monolith application had a healthcheck page that showed various information about the state of the service and some debbuging infos. It is implemented with Spring MVC and jsp.
I'd like to use this view in each of the microservices. Whats the best way to do this without duplicating the view/controller?
I was thinking of adding a web module to the shared maven project that contains the controller, view, spring mvc settings,...
But I'm not sure if it is good to have two web modules in one microservice.
Have you considered using spring boot actuator to retrieve health (and more) application information?
http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#production-ready
You could then have another microservice that retrieves that information from each of your services, or just simply check it on then hitting the different endpoints (/health, /env, etc.).
UPDATE:
If you have you custom health logic you can even implement your own actuator endpoint for it. Furthermore, you can create your own library to reuse it in all your microservices:
http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#production-ready-customizing-endpoints-programmatically
46.4 Adding custom endpoints
If you add a #Bean of type Endpoint then it will automatically be exposed over JMX and HTTP (if there is an
server available). An HTTP endpoints can be customized further by
creating a bean of type MvcEndpoint. Your MvcEndpoint is not a
#Controller but it can use #RequestMapping (and #Managed*) to expose
resources.
[Tip]
If you are doing this as a library feature consider adding a
configuration class annotated with #ManagementContextConfiguration to
/META-INF/spring.factories under the key
org.springframework.boot.actuate.autoconfigure.ManagementContextConfiguration.
If you do that then the endpoint will move to a child context with all
the other MVC endpoints if your users ask for a separate management
port or address. A configuration declared this way can be a
WebConfigurerAdapter if it wants to add static resources (for
instance) to the management endpoints.
We have a single application which is used by multiple customers. It's every time the same app, but with a different database.
Our current setup consists of:
Apache 2 Web Server
Tomcat 8
Spring 4.1
The Web Server routes specific URLs to Tomcat, i.e.
/customer1 -> tomcat/customer1
/customer2 -> tomcat/customer2
Now we'd like to keep those entries within Apache Config, but somehow configure Tomcat and Spring. Basically Tomcat should take every request (maybe defined by regex - not necessary) and route it to one application.
Currently one application runs at /webapps/customer1 and another instance at /webapps/customer2.
In the future the application should somehow run at /webapps/*, so within spring I can have a look at the request URL and choose db_customer1 for requests at /customer1/... and the same for customer2.
Is this possible to achieve?
If I understood you correctly, you want single application that uses 2 (or more) databases, depending on the customer. Customer is determined via URL.
If that is the case, you should take a look at AbstractRoutingDatasource and create your own implementation of that class. It allows you to use different datasources in a single application. You should then create a Filter or maybe Interceptor that would intercept the URL and then, based on the URL, route the routing datasource to the appropriate underlying datasource.
Take a look at this example linked below: it has a customer routing datasource that uses different database for different logged in user:
https://spring.io/blog/2007/01/23/dynamic-datasource-routing/
I have a working Spring BOOT application that has a custom security provider and REST API controllers. I would also like to add a GUI interface to the application for access from a browser through jsps, html, and a login page which uses my existing custom security provider I used with the REST APIs. Maybe using Spring MVC since that is needed for the REST API support. I could not find a single example of doing this on the web. Also, I do NOT want to use any web XML based configuration files - as I am currently only using Java config for the implementation of the REST APIs. I am also currently using SSL for REST API access through SSL in a Jetty embedded web container. Please help if you can? Thanks in advanced.
Paul there is a rather large amount of information on view technologies that are compatible with Spring BOOT. You need to decide what you want to use and do relevant research for it.
As a guiding hand here check this page out for just one of the many types:
http://kielczewski.eu/2014/04/spring-boot-mvc-application/
You may follow this procedure :
lets assume that u have an endpoint for which you need both REST and view controllers,your REST endpoint exposes your data in JSON as RESTController and your view Endpoint returns the view name as Simple old controller.
lets say your base url is at localhost:8080 and your endpoint of interest is /students
you could have both in same application but at different endpoints like this :
REST : localhost:8080/api/v1/students -- exposes json
VIEW : localhost:8080/students -- returns a view
hope this make clear ..
I am new to Spring Security and am mulling over the idea of using it or not in my application.
The requirement is as follows :
In my web application i store a session information inside the database,a key for this is stored in a cookie
2.Now whenever someone tries to access a url which is not according to the flow i want to deny access.
3.Can i use Spring Security for this.
I am using Spring MVC,Mongo DB and MySQL as the develeoment environment.
Regards,
Abhishek
If you're trying to simply control the flow of an application, I'd suggest using Spring Webflow. This allows you to define set flows in a multi-page application.
Spring Security can be used to control flows, but only for access control. It integrates well with Webflow (and with Spring MVC) to ensure you can secure some or all of your flows.