In many of the SaaS web applications (ex, Atlassian JIRA), a user can have dedicated subdomain. For example, if my user name is helloworld, then after I log in to the web application, I am redirected to helloworld.atlassian.net
How to implement this in Spring Framework?
Do I have to have one application server instance running for each customer?
But this dosent seem to be the cheapest solution. Does Spring have such feature that I can create dynamic subdomain based on the username, and in the backend, only one instance of application server is running?
Create a custom filter which parses whole url and extracts subdomain, then check if the user is on proper domain with proper rights. Also worth mentioning Nginx should redirect "*.yourdomain.com" so all subdomains don't have to exist in Nginx, they could exist in database and each user has his unique or can be multiple sudomains attached, your custom filter does the checking on each request.
Related
Let's say we have a site called example.com
Here, for example, I want to use some static content such as blog etc. and some pages in Wordpress. Wordpress build is using session-based authentication, with username and password strategy, also with third-party. (OAuth and OpenID).
I will design a custom and dynamic website section in Java Spring. And I want to use the same authentication mechanism with Wordpress.
For example, there is this path named examle.com/test. It is running from different server, which is based on Java Spring. But the session is shared with Wordpress. If there is a login from Wordpress (from example.com), it works on this server as well. Vice versa is also correct.
Login/logout should be possible from both Wordpress's pages and Java Spring's pages. Session must be shared. Wordpress already exists and the authentication mechanism is working. How can I use this in Java Spring? Or how can I do achieve this in some another way?
If
your Spring and WordPress apps are on the same top-level domain (for example https://spring.example.com and https://wordpress.example.com), and
your Spring app can read rows from the wp_users table in your WordPress MySQL database, and
your Spring app has access to the Authentication Unique Keys and Salts section of your wp-config.php file in your WordPress installation, and
your users always log in to WordPress before they use your Spring app ...
Then you can use the wordpress_logged_in_... cookie to authenticate your WordPress users to your Spring app. You'll have to rewrite the wp_validate_auth_cookie() in Java to do that. Explaining how to do that is far beyond the scope of a StackOverflow answer.
If any of those conditions aren't met you probably should explore some sort of federated login scheme. WordPress has several SAML plugins. Spring also supports SAML login. Again, it's too big a topic for StackOverflow.
I have API backend and it will be consumed by different consumers like our own company website and even other website can use our API with certain quota/limitation and for this scope management we will be using express-gateway(eg), however this is not the only reason I am using express-gateway(eg). Now coming to my problem/miss-understanding, for our own website we can create api-key and user credentials using eg command. But for the other user who wishes to use our api, I don’t want them to contact me for this integration, rather they should be able to create a user credentials and API key themselves using some facility (let us call it key management) provided by us. Here I am stuck how to give a web platform or any other mechanism where a user can create account and then create api-key for their own website. I was thinking to extend the express-gateway app itself and create page where a website owner can fill the form with various input field that will serve as parameter for eg command and I can trigger eg command in node console and create credentials and save it in redis database and then fetch those information to show it to user as their use rid and api-key. But I want to know the best way how others are doing, like how google, twitter and many more are allowing to create api-key, delete key and regenerate the api-key on compromise. Some suggestion would be to use third party tool to manage user-credentials, I will have little inertia to accept that, even if I do so how will I hook those third-party solution to my express-gateway.
In general, API gateways and authentication servers are independent, or at least loosely-coupled. The typical workflow is:
A user browses to the Create Account page for a service.
The user creates an account with the authentication server
The user makes a request through the API gateway
The API gateway checks with the authentication server whether the operation is allowed, discarding it if the user is not authorized to perform the requested action
The API gateway dispatches the request to the appropriate server
The receiving server checks whether the user is permitted to perform the action (in case the API gateway has been compromised)
Express Gateway includes its own authentication server for convenience, but the steps are basically the same. The difference is that one uses the Express Gateway Admin API to create the user and credentials rather than going to a different server.
Note that Express Gateway and its default account database (reddis) are not persistent out of the box.
Well, I am new in security (SSO, SAML, etc).
The scenario We have a Web Application , we want to catch user name (for example windows user) before it has been sent to be authenticated with the Identity Provider (in this case Active Directory) to send this information to another Component which takes this information and send to ActiveDirectory. (This component is like a bridge)
Is this possible? and if the answer is yes. Do you think that we can make an API to integrate to any web application to handle this scenario and get the userName?.
We use Spring, Tomcat. (And we have not decided which tecnology use maybe SAML, Kerberos, etc).
Thanks.
what is use of soap/xml-RPC-user and soap/xml-RPC-roles?
in system menu there is one menu item web services contains 4-5 options like soap/xml-RPC-user and soap/xml-RPC-roles.
what is use of it? how to use that?
The original Magento API was implemented both in SOAP and XML-RPC. SOAP and XML-RPC are well known technologies for creating functions, classes, and methods client-programmers may call over HTTP. Explaining them in greater detail is beyond the scope of a Stack Overflow question.
The User and Roles menus are the for the authentication portion of the Magento API. To authenticate the API, you call a login method, passing in a username and password. You setup this user name and password in the Users menu you mentioned.
Each user you setup has access to a "role". Roles determine which API functions a user may call. You setup the roles in the Roles menu you mentioned. You assign a role to a User when you're editing it in the User section you mentioned.
In newer versions of Magento these sections are explicitly labeled with SOAP/XML-RPC to differentiate them from the newer REST APIs.
At first you'll need to know the use of web services. To acquire basic knowledge of web services,soap and xml-rpc read below url
http://nanostuffs.com/Blog/?p=1152
http://blog.manishchhabra.com/2013/04/rest-and-soap-web-services-analogy/
After getting basic knowledge of web services read how to use it in magento from below url
http://www.magentocommerce.com/wiki/5_-_modules_and_development/0_-_module_development_in_magento/introduction
http://inchoo.net/ecommerce/magento/magento-api-v2/
http://inchoo.net/ecommerce/magento/magento-v2-soap-demystified/
I am working on building a learners website (http:localhost:8080.xyz.com).This is being built on glassfish server using gwt.I need to integrate forums(http:localhost:8888.abc.com)into this site .The forum is built using php and is on Apache Server.
Both the websites share the same MySQL database and this database has a table named session table which has information about the user id and corresponding session id.
Now i am trying to integrate the forum into my website using an Iframe.
My first question here is,once the user logins into my website will my website and the iframe have the same session id?
If they dont have the same session id what would be the best way to implement the functionality that when user logins into my system he is also automatically logged in into the forum?
Thanks
Easy Solution:
Send the user (via iframe or ajax or whatever) to a page on domain B, providing the session ID as a get parameter (http:localhost:8888.abc.com/sso.php?sessid=the_sess_id), then create the cookie on domain B.
More complicated solution:
Setup one of the two servers as a reverse proxy so both apps share the same domain and cookies.