How to use Spring Security in Spray routes? - spring

I'm wondering whether or not it is possible to integrate Spring Security with Spray as a REST layer. I found examples with Play Framework, but I didn't manage to find anything for Spray.

Sure you can. Just use spray-servlet and configure Spring Security as usual.

Related

Combine OIDC and SAML in Spring Boot

I'm wondering if we can have a single Spring Boot application that supports both OIDC and SAML as authentication protocols at the same time. I could not find much help on this on the internet. If this is not possible, what are my options?
I integrated both in my local Spring Boot application and built it, but it did not work. I'm not sure if I did something wrong or if this is completely unsupported. Please guide.

Can I use "Spring Webflow" without "Spring Security"?

I need to add a workflow engine on my web application.
I use Form-Based Authentication for my login.
I tried to use Spring Webflow, but as I was searching, I realised that every link I have found, refers also to Spring Security.
Therefor, I would like to know, if I can use Spring Webflow without Spring Security.
Does Spring Webflow work without Spring Security or not?
In case you know the answer, please leave a comment below.
Thank you in advance.

Spring REST API for web- and mobile-clients

This is my first question on StackOverflow and I hope someone can help me. :-)
I am planning to build a web-application (backend) with spring roo. For the backend I will use Spring and Hibernate/JPA. In the future I will implement a web client (JSF/Primefaces), a mobile client (Android) and a Windows App.
With spring roo it is easy to create a layered architecture with domain classes, repositories and services. This part is fun.
But now I am thinking about remoting and how to connect all the clients (web, mobile, windows) with my backend.
1.) What do you prefer for the remoting between client and backend? SOAP-Web Services or a REST-API (e.g. with JSON).
2.) If REST-API: How should the API look like for authentication/login functionality? REST is resource-oriented but how do you implement authentication with REST API?
At the moment I think a REST-API is a good idea. Because I am using spring it is easy to create a Spring MVC controller with REST support. But is this the correct way to implement a REST API for all the three devices? The web client e.g. should be implemented with JSF and Primefaces and I donĀ“t use spring MVC for the web layer.
3.)Can I nevertheless use Spring MVC controllers to build the REST API (together with JSF in the web layer)? Or is there a better way?
1.) What do you prefer for the remoting between client and backend? SOAP-Web Services or a REST-API (e.g. with JSON).
I don't have too much experience with SOAP-WS, but I have a ton of experience with REST-APIs using JSON. There are many implementations for mobile, web and server side clients that are fairly simple to implement.
2.) If REST-API: How should the API look like for authentication/login functionality? REST is resource oriented but how to implement authentication with REST API?
If you are already using spring, I recommend securing your API with Spring Security. You can use spring security even if you don't end up going with Spring MVC for your API implementation. There are many ways to secure a rest API with spring security, but I the simplest is to send the basic auth header with every request to a secure URI
3.)Can I nevertheless use Spring MVC controllers to build the REST API (together with JSF in the web layer)? Or is there a better way?
Spring MVC Controllers will work fine, but I would recommend going with RestEasy or Jersey. I find them to be more flexable.
I agree with #mad_fox. Additionally, i want to add another option regarding your question#2. If you dont want to use Spring security, you can write your own token based authentication mechanism using spring and basic java interceptors.
You can store the token in your browser local storage.

why we use jersey with spring? What are the benefits?

I want to know that why we use jersey with spring and what are the benefits of using it.
I have searched on google but not getting proper answer so i am asking this question here.Sorry because i know my question is old but i am very confused now.
Please suggest me the example of jersey with spring and hibernate.
Thanx in advance.
I use Jersey2 with Spring in one of my projects and in the other Spring MVC4. The advantage of Jersey is its simplicity. If you are creating only RESTful Web services - use Jersey, if you have to generate also some web pages for users, consider to use Spring MVC.
Additionally, I develop my applications on Google Cloud, so the warm up time is very important (if there is a traffic spike, many instances have to wake up in the background to be ready for incoming requests) - according to my tests Jersey is a bit faster than MVC.
Here you have an example of complete configuration:
Integrating Jersey 2 and Spring with Java Based Configuration

How to implement Spring Security on my Spring 4.0 RestFul web service?

I just developed a simple restful web service by using Spring 4.0 and Hibernate 4.0, so it is without beans.xml file.
I would like to implement a Spring Security on the web service, since the roles will be performed on the HTTP functions GET, POST and DELETE, i.e. only admin who is allowed to DELETE, manager is allowed to do both POST and GET and the user can only GET data.
I'm looking for a detailed tutorial with example to implement Spring Security? or Do you think there is an easier security mechanism regardless it's strength?
I just found that they in Spring.io added a detailed tutorial with real example developed by Java 8 in their own website, so it is completely annotation-based, which helps for building a RESTful webservice with Spring, testing it and also securing it.
It is really awesome, located HERE

Resources