Can any one plz share me the working sample projects of both CAS cleint as well as CAS server. As I have been searching for working example but yet to fint any such a bundled examples clearly. please help me to understand the flow.
Have you looked closely at the documentation? The CAS wiki has a lot of info.
https://wiki.jasig.org/display/CASC/CAS+Client+for+Java+3.1
https://wiki.jasig.org/display/CASUM/Home (lots of how-to's in the left menu)
If you're planning to use Spring-security, there is a section in the documentation about CAS there as well
http://static.springsource.org/spring-security/site/docs/3.0.7.RELEASE/reference/cas.html
You can clone the Spring security sample from below Github link.
https://github.com/SpringSource/spring-security
To run CAS sample (Server and Client is included, you can refer the code in samples/cas/)
$./gradlew cas
Once you run that sample, you will get some idea about flow.
Related
I'm kinda newbie into the spring world, and I'm trying to run a POC for a SAML SSO assertion-type,
I've implemented locally this project https://github.com/vdenotaris/spring-boot-security-saml-sample
And ran it against SSOCircle, but eventually, I'm gonna need to use my own IDP what I'm trying to do right now, doesn't involve actually validating the user, I want the demo project from the GitHub to point to a different spring project.
That part is actually done, I've added to my IDP-demo page an XML-metadata which is consumed by the Service provider, then in my IDP-demo, I type any email address and it should take me back to the Service Provider (the vdenotaris sample project) with a valid assertion.
How can I dynamically generate this XML assertion? I've read the spring docs and the SAML docs with no luck, If anyone can point me into the right place or even the proper documentation I'll be thankful.
I am developing a jsp dynamic web project on eclipse.
I want to create an website with login functionality. I intend to store users' accounts and passwords in MySQL database. Of course, different users have different roles and rights to access different web pages. What is the best approach to implement it?
So far, I know these approaches:
1) Users enter accounts/passwords in login.jsp. LoginServlet then connects to MySQL database to check if it is correct. AuthenticationFilters will make sure only users with rights can access certain pages.
2) Use Role Based Authentication by declaring user roles in web.xml. I find this approach is not flexible, because I need to declare roles in advance.
3) Use HttpServletRequest's login/logout methods. I have not studied it.
Is my understanding correct? Could someone gives me some suggestions? Some clues would be very helpful!
Besides, I know that using POST alone to send passwords is not safe enough. Many websites suggest to use HTTPS connections. So if using HTTPS connections, does it affect the approach I choose to implement the login function?
Thanks!
--
Now, I know I need to use Spring. But Spring seems difficult for me... In Spring website I cant find out the link to download jar files. The user guide says I need to use Gradle or Maven, which I haven't used before, and have no idea why I need them. Besides, there are many Spring projects. Which one should I choose? Spring framework?
--
Have you looked into using Spring Security? It's built for just that. You don't need to be familiar with Spring but it may help.
Here are a couple of tutorials that use database authentication:
1: Spring Security Authentication and Authorization Example with Database Credentials
2: Spring Security Login Example with Database
Edit:
You don't have to Maven or Gradle. You can simply add the jars to your build path and they will work. The only projects you need to implement for the login to work is the Spring Framework and Spring Security.
To use Spring Security without Maven or Gradle:
Download the Spring Framework jars, unzip them, and add them to your project and build path. It's probably a good idea to find a hello world tutorial using Spring to get you started. A quick Google search should turn up many results.
After you have Spring implemented in your project, download the Spring Security jars, unzip those, and add them to your build path. The links to the tutorials that I previously posted will get you started. They may take a little while to go through and you may not understand exactly what is happening behind the scenes, but once you get it set up is works outstanding. I'm also not sure if you are using xml configuration or Java config but I believe those tutorials are for xml.
Spring Security was built so that it could be added to any project and have you up and running with basic configuration in about 15 minutes. After you get the basic login going (it will use the generic login form), you can search for how to implement your own custom login form, add permissions or restrictions to users and url patters, adding custom filters, etc. I encourage you to spend some time learning it as it is highly flexible and customizable.
I have been searching for an example Spring Webservice which is being protected using oauth 2.0..
Looking around I found https://github.com/spring-projects/spring-security-oauth/tree/master/samples/oauth2 but there some files seems to be missing from the project.
Two things that I am looking for is :
When user authenticates, user name and password goes to /login.do , now I can not understand how this Servlet is being configured, if its not controller. web.xml is missing.
When I try to see how beans configured then applicationContext.xml is also missing. I am not able to find those files in order to see how things are configured.
Help Required :
Should I use annotation in order to configure my web service or xml configuration. I am willing to use the latest version, and leverage advanced configurations, for better security.
I have another Single page application ( HTML5 ) , which accesses data from this spring web service, which is being hosted on Google App Engine. My ultimate objective is to create a chrome plugin of (html5) pages and use my service from there..
Please suggest a better path so that I can achieve my objectives.
Best regards,
Shashank Pratap
Apologize for late reply.
1) Regarding Oauth2.0 implementation : Since GAE does not support Servlet 3.0 therefore, developer is restricted to servlet 2.5. Therefore I found that we are restricted to 1.0.5.RELEASE. I was able to configure it successfully.
Best Practice on GAE : Rather than following this approach, I would suggest others to use Google Endpoints. As it supports oauth2.0 as well as we can develop REST API relatively quickly.
Scale ability and Response time : Since I was using Spring dependency injection along with spring security, application responded slower than the combination of Google Endpoints and Google Juice, as juice does injection just in time, where as spring prepares everything as soon as new instance starts, which created problem for me.
2) Chrome Plugin is completely different story. :-)
Please correct if I am wrong.
Thanks,
Shashank Pratap
I was thrown into a CXF-based project in which the basic HowTo tutorials are easy to follow and implement but the moment there is a problem or a bug in the system, all kinds of exceptions are thrown without me understanding any of the relationship between the various components.
I know that CXF builds on top of Spring.
But I have no experience with Spring and I don't know how it works.
I have also seen references to JAXWS in the cxf.xml but I don't know how it is related to either Spring or CXF.
I can build a perfectly working (simple) CXF-based web service. Contract first, using wsdl2java in a pom.xml (copycatting a sample).
But the moment I face a problem, I am stumped, relying on some tips and clues gleaned from the web.
Ideally, I would like to have a tutorial that walks me through the history of how web services evolved from Java only, to J2EE, to JAXWS, to Spring, to CXF.
But I couldn't find any.
I did find the official Apache CXF documentation but it assumes a lot of prior knowledge that is more than just knowing the Java language.
Any recommendations on how to get to a point of truly understanding what I am doing when I build a web service?
A recommended book? Online tutorial?
Thanks.
Yip it is a bit of a learning curve but well worth it. As far as books are concerned you can try the following.
Apache CXF Web Service Development
Spring In Action
Please be aware that J2EE and Spring are not evolutionary linked to each other Spring was more a reaction to the heavy weight J2EE specification of old. CXF is a web services toolkit/API that can be used outside of J2EE as well.
I would suggest you also join the user lists of the CXF projects and ask questions there. Also why not post some of the code causing exceptions here so we can help you with more detail?
I am new to Spring and webflow.
I was looking for some demo application and someone suggested me to look at petclinicplus
# http://code.google.com/p/petclinicplus/.
But I do not know how to download the project? I can see that it allows svn checkout.
I also dont know svn, but I tried to downloaded svn and executed
svn checkout http://petclinicplus.googlecode.com/svn/trunk/ petclinicplus-read-only
however it is not working.
Is there any other way to download?
Cheers
Examples are bundled with the source. You can sownload Spring Webflow from springsource.com.
You can browse the booking application online here:
https://fisheye.springsource.org/browse/spring-webflow
Getting started can be tricky, but I recommend this blog as a quick simple boot-up point:
http://jee-bpel-soa.blogspot.com/2008/12/building-spring-web-flows-2.html
Spring Web Flow samples on GitHub:
https://github.com/SpringSource/spring-webflow-samples