I need to add realtime updates to a system. I'm using Grails 2.5.0 with Grails Spring Security Core 2.0 RC4, which is based on Spring Security 3.2.3. There's a Grails plugin to add Spring 4.0 WebSocket support (https://github.com/zyro23/grails-spring-websocket/tree/1.3.x), but I'm unsure of how to handle authentication. How can I integrate the authentication?
Alternatively, I can start a separate web app to handle the realtime updates using Spring Security 4.0 with the latest WebSocket plugin, but I would prefer to use my current, production ready authentication system instead of attempting to clone the current one.
spring security support for websocket starts with spring security 4.
what you could do is securing message subscriptions and sending (client --> server) with a ChannelInterceptor. maybe this example helps: https://jira.spring.io/browse/SEC-2546
Related
I am developing a client application for client_credentials grant type flow in OAUTH2.
I am not able to decide on which dependency to use in my project for this purpose among the following.
spring-boot-starter-oauth2-client
spring-cloud-starter-oauth2
spring-security-oauth2
I referred this documentation from spring-projects in which under client-support section it had a table describing the available options. But I am not able to understand which column is referring to which of the above dependencies.
I want to configure a WebClient or RestTemplate which retrieves the OAUTH2 token from the auth-server automatically before accessing a resource-server.
Please guide me in choosing the right artifact for my project.
If you are using Spring Boot you should choose org.springframework.boot:spring-boot-starter-oauth2-client.
This includes Spring Security's OAuth 2.0 Client support and provides Spring Boot auto-configuration to set up OAuth2/Open ID Connect clients.
You can read about how to configure client in the Spring Boot reference documentation.
You can also find additional details in the Spring Security reference documentation.
If you are not using Spring Boot then you should choose org.springframework.security:spring-security-oauth2-client. This also provides Spring Security's latest OAuth 2.0 Client support, but does not include the Spring Boot auto-configuration.
The corresponding documentation is also the Spring Security reference documentation.
The third dependency you mentioned org.springframework.security.oauth:spring-security-oauth2 should not be used because it is part of the legacy Spring Security OAuth project, which is now deprecated.
The functionality that this library provided has now been moved into Spring Security.
That is what the Migration Guide describes, the migration from the legacy project to the latest Spring Security support.
You should not use the org.springframework.cloud:spring-cloud-starter-oauth2 at this time, because it relies on the legacy OAuth support.
This is likely to change in the future, as the Spring Cloud team updates to the latest Spring Security support.
I'm in the process of migrating away from the spring-security-saml module that has been deprecated to the new SAML support built into Spring Security 5+. I'd really like to not have to migrate this entire project from Spring Framework to String Boot at this time, so does anyone know if there is documentation on how to get Spring Security with SAML working on vanilla Spring Framework, everything I've seen has been only Spring Boot. Any help would be majestic!
I want to use Spring Cloud Gateway with SAML. Is this possible?
It seems that the Saml extension for spring security is based on the old Spring Stack and won't work with Gateway.
Has anybody got any experience on this?
I'm afraid SAML is not supported as of time of writing. Spring Cloud Gateway has been redeveloped using Reactive programming and is now based on Spring WebFlux. Only the following authentication methods are currently supported :
OAuth 2.0 or OpenID Connect 1.0
x509 authentication
This is stated on SCG page:
Spring Cloud Gateway is built on Spring Boot 2.x, Spring WebFlux, and
Project Reactor. As a consequence, many of the familiar synchronous
libraries (Spring Data and Spring Security, for example) and patterns
you know may not apply when you use Spring Cloud Gateway. If you are
unfamiliar with these projects, we suggest you begin by reading their
documentation to familiarize yourself with some of the new concepts
before working with Spring Cloud Gateway.
The previous gateway spring-cloud-netflix-zuul, based on Servlets and which supported SAML, has been removed from Spring Cloud 2020.
Here is an open issue on GitHub, SAML2 for reactive environment, where we can vote for asking for this to be implemented.
how to implement the oauth2 server using jwt to get clients from database in spring boot 2.0 M7 ? there is any example, I just found an example with spring boot 2.0. M4 but seems it is not compatible with M7 , could someone please provide me a example ?
Support for the spring-security-oauth2 dependency was removed from Spring Boot 2.0 in favor of Spring Security 5’s first class OAuth support. Functionality from the Spring Security OAuth project is still being migrated to core Spring Security. For Authorization server and Resource server support which has not been migrated yet, you will need to add a dependency on an additional jar. See this documentation for more details.
We want to use spring boot 1.5.8 with spring integration 5.x as it has one attribute(max-fetch-size) for sftp inbound channel adapter which allows you to control no. of files being downloaded locally from sftp server. Is it possible to use spring integration 5.x with spring boot 1.5.8?
I cannot use spring boot 2.0 M7 release in production as it is not allowed in our company and as spring boot 2.x is not release yet and we have to go to production in March , we need workaround.
If this is not possible, how can i implement max-fetch-limit with spring integration 4.x version?
There are not currently any plans to back-port that feature to 4.3.x.
As an alternative, you could use an SFTP Outbound Gateway to GET a single file instead of using the inbound channel adapter.
Spring Boot 2.0 is currently scheduled to be released in February so, perhaps, that fits your timeline.