I have an application which is completely written in Java with Spring framework. Right now I need to integrate this application with some other application that is written on WordPress. Both applications have their own user database.
I need to implement Single Sign-on for both of these applications. I'm looking to CAS Jasig for this purpose(for example for WP I have found following plugin CAS Maestro).
Right now, I don't understand where users for WP and Spring MVC applications must be stored in order to pass authentication via Jasig CAS? I mean is it a single store(for example the same mysql database) or it can(must) be a different stores for each application ? Or Jasig CAS will have own users database and WP and Spring MVC application will also create the same users in own databases after successful authentication by CAS ?
i've made WP Cassify. This is a WordPress CAS Authentication plugin compatible with the latest CAS Server Version.
Plugin hosted on Wordpress.org : https://fr.WordPress.org/plugins/wp-cassify/
The Online documentation : https://wpcassify.wordPress.com/
Best regards
Related
is possible create authorization server for PKCE authentication in current version of spring security?
I did research and I found out this authorization server project https://github.com/spring-projects-experimental/spring-authorization-server but there is no usable sample for that project.
I also find out that spring recommends Keycloak as authorization server, but it is not fit for my case.
We need be able fetch and verify user against remote service, and then use authorization server only for generating and verifying jwt tokens. In my knowledge Keycloak should holds also users right? So the best solution would be custom spring standalone authorization server. Is it possible in some way? Thank you!
You may have a look to this project: CloudFoundry User Account and Authentication (UAA) Server.
UAA is a (Spring MVC) component of Cloud Foundry but it could be used as a stand alone OAuth2 server. It can support external authentication service. And there is a Pull Request that implements PKCE: https://github.com/cloudfoundry/uaa/pull/939 (not yet merged, but under review).
You can find an example on how to use UAA on baeldung.com.
As far as I know, Spring framework has one more implementation of the authorization server. It is a part of spring-security-oauth project. But this project was moved into maintenance mode.
According to this migration guide, the new authorization server project (that you have already found) will be created to change the legacy solution.
From my point of view now there are several possible options:
Using old legacy spring-security-oauth. More examples with old auth server
Using external services like Keycloak, Auth0, Okta and etc
I've written a software system that uses Spring Cloud Netflix. Due to Spring Security 5 not offering support for writing an Authorization Server (pls shout out here https://github.com/spring-projects/spring-security/issues/6320) I need to write my own Authorization server. I want my application to permit Social login and username/password registration, have a custom login page but also use keycloack. I don't even know from where to start, if you have any documentations or code samples please provide.
You can use the cas project. By using the overlay it is easy to set up and to customize:
https://github.com/apereo/cas-overlay-template/blob/master/README.md
It serves a frontend where your user can be redirected to and can login. After successful login, the user is redirected back to your web page. The frontend is completely customizable.
It supports all kinda of authentication providers like keycloak, database or Google/Facebook.
After basic setup you just add the dependency inside the gradle file, configure your keycloak/database/... in the application.properties and can start using it as authentication server.
It fits perfect into a microservice landscape and is curated by professionals implementing security best practice.
https://apereo.github.io/cas/6.1.x/planning/Getting-Started.html
I work with jboos 7 and I use spring in my application
currently I want to use CAS (Central Authentication Service)
I download cas-server-3.5.2 and I download apache-tomcat-7.0.47-windows-x64
and I make cas-server-webapp-3.5.2.war under apache-tomcat-7.0.47-windows-x64\apache-tomcat-7.0.47\webapps
and I have the interface of login when I make in browser this link :
MyIpAdress:8080/cas-server-webapp-3.5.2/login
I want to know how can I integrate the concept of CAS with my application
ans also I want to know if it is better or not to use CAS with jboss 7 or with tomcat
From your question I am assuming that you have the CAS server running and and you can login etc.
So what you wanna do next, is letting your applications talk with the cas server, in this context your application is a client of your cas server. To do this in a Java/Spring Application you have two main options:
CAS Client for JAVA
Spring Security CAS Client
For some general information about CAS Client integration you could also have a look at this tutorial.
I am new to Spring Security and am mulling over the idea of using it or not in my application.
The requirement is as follows :
In my web application i store a session information inside the database,a key for this is stored in a cookie
2.Now whenever someone tries to access a url which is not according to the flow i want to deny access.
3.Can i use Spring Security for this.
I am using Spring MVC,Mongo DB and MySQL as the develeoment environment.
Regards,
Abhishek
If you're trying to simply control the flow of an application, I'd suggest using Spring Webflow. This allows you to define set flows in a multi-page application.
Spring Security can be used to control flows, but only for access control. It integrates well with Webflow (and with Spring MVC) to ensure you can secure some or all of your flows.
I am looking for some possible solutions for my web application security.
The web application redirect the user to the login server. Then after authentication is successful the user will be forwarded back to a certain page within my application. The login credentials are forward with the user. My page is served via a controller that authenticates the user for my application. (Authentication is accomplished using Liberty ID-FF 1.2.)
Currently, I am using Spring 3 page interceptors for the redirection.
My question is; How can I accomplish this with Spring Security? Or, is there another comparable framework? I like Spring Security for how easy it is to configure and how it protects the resources. To use it I need to have the authentication controller redirect the user to the login server. How do I do that in the authentication controller?
I am using JBoss 4.0.5, Spring 3.0, Java EE 5, and ID-FF 1.2.
I am afraid there is any support for Liberty ID-FF in Spring. Currently, there is SAML2 extension module only available for Spring Security.
More info:
http://static.springsource.org/spring-security/site/extensions.html