I have a webapp which is created using Spring and Maven. Which means it does not have a web.xml. I need to know how to secure this web app using spring security. Basically I need to connect to a LDAP server and cross check the credentials against it. I am a complete beginner in this scenario. So please help. Any guidelines or tutorials are welcome.
The best starting point would be the excellent reference documentation. There's also a getting started guide here. If you have specific problems or questions about details in the documentation or the guide, feel free to ask again :)
Related
I'd need to use keycloak in my Spring Boot project. I can see from the many tutorials that it should be available in the Spring Boot Initializr:
However I cannot find it (anymore?) neither with the Cloud app, nor with "spring init". Has it been removed as starter?
Thanks
Yes it has been removed, see this issue for more details. In general going to https://github.com/spring-io/start.spring.io and searching in issues could be an effective way to get some information about the evolution of the service in general.
I'm studying in details the use of spring security (not only oauth), so I'm following this official guide: https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle.
This guide have Oauth section and following it I got everything works. But after another research in internet a found a another guide (from pivotal too): https://spring.io/guides/tutorials/spring-boot-oauth2/.
This second guide use others classes that don't exist in first guide, and other way to configure spring Oauth.
I'm very confused what guide should I follow and what is "more correct".
Both guides are correct.
The first guide you mentioned (https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle) uses the newer OAuth 2.0 functionality in the Spring Security project, so it's recommended you use that one.
To give you some background, functionality from the Spring Security OAuth project is being migrated to core Spring Security.
The first guide you mentioned uses core Spring Security, and the second guide uses the Spring Security OAuth project.
For more information on the features available in the various projects, as well as FAQs, you can check out the OAuth 2.0 Features Matrix.
Is there a way to create a simple CRUD App using Spring Boot and an Existing Database?
You could look at Spring Roo. Its entire purpose is to allow rapid application generation. There is also support for reverse engineering an app from an existing database.
Version 2 will apparently also support Spring Boot, but I don't know if database reverse engineering already made it into v2. You could always try generating your application and adding Spring Boot later on.
I haven't much used it myself so unfortunately I can't offer you much guidance on its actual use - but you should be able to find some tutorials on Google, and StackOverflow contains several questions and answers on Spring Roo as well.
This question already has answers here:
Shiro vs. SpringSecurity [closed]
(3 answers)
Closed 4 years ago.
What I have researched so far most people are saying Apache Shiro is easy to use and easy to integrate with CAS (for SSO etc). Just to ask if anyone has experience using both of them and which one to use and why one is better than other?
Many of the Shiro developers use Spring for their applications, so Shiro works beautifully in Spring environments. The general feedback we've received thus far is that Shiro is also far easier to understand (for most people) than Spring Security.
If you want full Session clustering support across any web container however, only Shiro will support this easily. Shiro's crypto is also very simple/easy to use.
Choose which fits your mental model best - both will work great in Spring environments.
I have recently had to evaluate both shiro and spring security. We went with spring security (in fact we extended spring security to use the shiro permission strings in a better way - with instance variables on annoations).
Spring Security
under active development.
has much more community support.
Spring security has extensions providing support for both Oauth and kerberos
and SAML.
Shiro
Does not support saml or Oauth.
Makes no mention of supporting before and after security policies.
Active development seems limited, the website still
contains erroneous information.
I have evaluated both Shiro and Spring security. The main advantage that people claim about Shiro is simplicity, but I believe that Spring Security (3.0) is not crazy complicated. It took me almost the same amount of lines of configuration to set up. Also Spring Security is much better documented than Shiro.
But the main issue with Shiro it is that it doesn't support OAuth or Digest Authetication (they are planning to include it in the future https://issues.apache.org/jira/browse/SHIRO-20 ).
My conclusion: Today I would go for spring security.
Shiro is better to use. Its code much simple which provides you flexibility to extend it and provide your custom behaviour wherever needed. It also provides internal cache implementation of Ehcache through which you can replicate session on server clusters.
If you are going to design RBAC(Role based access control) system for your application it will provide you flexibility to handle asset level permission and its access control mechanism is much flexible as compared to spring security.
Spring Security and Shiro both sets awesome with Spring framework. i have tested both of them . for me spring security was easy to integrate and is totally understandable according to developer points of view. and Shiro is also easy to integrate but for me Spring is more easy to integrate.
I have been working on mobile platforms j2me , android , etc. I have sound knowledge of core java and android. but now the situation is like I need to take on projects on spring and hibernate framework.
Can someone suggest me how should I start my preparation. What all technologies I need to understand before starting spring and hibernate?
Here is a Step-By-Step Spring tutorial. It's a little outdated but it should help you get started with Spring.
This blog has some good examples of Spring/hibernate which I have found very helpful.
Here is another tutorial/sample application. At the bottom of the page you will find some more links that could help you.
Good Luck!