Spring Single Sign On with the same domain - spring

I have a multiple spring based web applications (Spring 3) running on the same Tomcat server instance, I would like to implement single sign on with out using CAS or any other thing because I only have one domain so it would be a real over kill.
Now I found Tomcat's single sign on valve attribute but I really don't know how to use it with spring correctly, I found a question here about it but really not much there for it.
Is the tomcat's method the best one ? and if it is how to do it correctly ?
What I Have So Far:
I have developed an application that should handle the log in for all the applications and will be on tomcat's root, but I can't transfer data between my applications.
Is there a way to make this application the center one ?
I am using MySQL,Hibernate,Tomcat,Spring MVC,Spring Security

Related

How to deploy Spring Boot MVC project for others to see?

I've made a spring boot project called student-management using spring MVC, Thymeleaf, spring data JPA and MySql. When I run it locally on localhost:8081 it works perfectly. I made CRUD operations so I see all the changes in database when changed on the website and vice versa.
Now, I need to get my website "out there" for others to see, specifically a company. I'm new to Spring boot and everything that goes with it but I don't understand how to deploy my rather simple website so the company can access it by not using localhost.
This is my project_hierarchy. As you can see it's quite simple.
This is my StudentController.java. I've used #Controller and maybe I should've used #RestController. If so, how do I change it to #RestController so that my website still works.
My thymeleaf html files students.html edit_students.html create_student.html
Deploying remotely means choosing a host (e.g. AWS), setting up infrastructure, deploying your executable JAR with dependencies, and running it on a server.
You'll need to set up a separate MySQL instance and connect your app to it. That means you'll set up the database server, create the database and schema, and start it up before your app starts.
You should be thinking about security and who should be able to access your app and data. Most developers who have only deployed locally tend to put off those considerations. I'd urge you to think about them sooner.
If your purpose is to provide access inside your company, only to employees, perhaps you'd be better off making your local machine available to others on the network OR choose a server that's already on your company network. You'll have to work with others to make that happen.

Update for JavaEE application

Our application are built on Spring boot, the app will be packaged to a war file and ran with java -jar xx.war -Dspring.profile=xxx. Generally the latest war package will served by a static web server like nginx.
Now we want to know if we can add auto-update for the application.
I have googled, and people suggested to use the Application server which support hot deployment, however we use spring boot as shown above.
I have thought to start a new thread once my application started, then check update and download the latest package. But I have to terminate the current application to start the new one since they use the same port, and if close the current app, the update thread will be terminated too.
So how to you handle this problem?
In my opinion that should be managed by some higher order dev-ops level orchestration system not by either the app nor its container. The decision to replace an app should not be at the dev-ops level and not the app level
One major advantage of spring-boot is the inversion of the traditional application-web-container to web-app model. As such the web container is usually (and best practice with Spring boot) built within the app itself. Hence it is fully self contained and crucially immutable. It therefore should not be the role of the app-web-container/web-app to replace either part-of or all-of itself.
Of course you can do whatever you like but you might find that the solution is not easy because it is not convention to do it in this way.

Secure Spring REST Service using spring-security-oauth2 2.0.5.RELEASE

I have been searching for an example Spring Webservice which is being protected using oauth 2.0..
Looking around I found https://github.com/spring-projects/spring-security-oauth/tree/master/samples/oauth2 but there some files seems to be missing from the project.
Two things that I am looking for is :
When user authenticates, user name and password goes to /login.do , now I can not understand how this Servlet is being configured, if its not controller. web.xml is missing.
When I try to see how beans configured then applicationContext.xml is also missing. I am not able to find those files in order to see how things are configured.
Help Required :
Should I use annotation in order to configure my web service or xml configuration. I am willing to use the latest version, and leverage advanced configurations, for better security.
I have another Single page application ( HTML5 ) , which accesses data from this spring web service, which is being hosted on Google App Engine. My ultimate objective is to create a chrome plugin of (html5) pages and use my service from there..
Please suggest a better path so that I can achieve my objectives.
Best regards,
Shashank Pratap
Apologize for late reply.
1) Regarding Oauth2.0 implementation : Since GAE does not support Servlet 3.0 therefore, developer is restricted to servlet 2.5. Therefore I found that we are restricted to 1.0.5.RELEASE. I was able to configure it successfully.
Best Practice on GAE : Rather than following this approach, I would suggest others to use Google Endpoints. As it supports oauth2.0 as well as we can develop REST API relatively quickly.
Scale ability and Response time : Since I was using Spring dependency injection along with spring security, application responded slower than the combination of Google Endpoints and Google Juice, as juice does injection just in time, where as spring prepares everything as soon as new instance starts, which created problem for me.
2) Chrome Plugin is completely different story. :-)
Please correct if I am wrong.
Thanks,
Shashank Pratap

Can I duplicate a web service for testing?

I have a REST web service exposed at http://server:8080/my-production-ws by JBoss (7). My spring (3.2) configuration has a datasource which points to a my-production-db database. So far so good.
I want to test that web service from the client side, including PUT/POST operations but I obviously don't want my tests to affect the production database.
Is there an easy way to have spring auto-magically create another web service entry point at http://server:8080/my-test-ws or maybe http://server:8080/my-production-ws/test that will have the exact same semantics as the production web service but will use a my-test-db database as a data source instead of my-production-db?
If this is not possible, what is the standard approach to integration testing in that situation?
I'd rather not duplicate every single method in my controllers.
Check the spring Profiles functionality, this should solve the problem. With it its possible to create two datasources with the same bean name in different profiles and then activate only one depending on a parameter passed to the the JVM.

passing objects between 2 applications in separate JVMs

I have a portlet application running on a portal server and an webapp running on application server. I want to make a call from the portlet application jsp to app application. I can make the call; no issues.. I can pass values in the request parameter; no issues.. I want to pass an object to the appserver application as well and I am not sure how to do this.
Try using Java RMI. After implementing couple of interfaces you can pass objects between JVM's quite easily. As Laird mentioned, that requires serialization, but it is often done implicitly by Java, so there's a good chance you won't have to worry about it.
Since your two applications are running on two separate application servers, and hence on two different Java Virtual Machines, the only way to pass an object from one to the other is by serializing the object in some fashion.
You may opt to use Java serialization, or you may choose to represent your object in terms of its state and then have a class--deployed separately to each application server somewhere--that knows how to build a new instance of your object out of that state.
Is your appserver a Websphere Application Server? Maybe Dynacache could be what you are looking for. A college told me a story from his current project, they need to access data from a Java EE app running on Websphere 7, Portal environment is 6.1.

Resources