I'm new on ruby, i use the restful authentication plugin and that works perfectly, Now, i have an authentication based on LDAP, and i want to combine ldap and restful authentication.
Ldap also
Any examples ?
Thank you for help.
authlogic is preferred by many over restful_authentication (there are plenty of comparisons around), and a cursory search yields http://lbi.lostboys.nl/prikbord/ruby-on-rails-ldap-integration. I have not attempted it myself by it may be a starter.
Related
I'm just wrapping my head on Oauth2. I have a Spring boot app with its own users and roles system handled by Spring Security 5. Internally I use email to identify users, I want people who registered with their gmail addresses to be able to log in through Oauth2. Or, more generally, how do I make one of my users log in to my app using Oauth2? If you need code or more information just ask. Thanks in advance.
As far as I understood your question, you are looking for a general approach to authenticate users for using your Spring Boot application with the help of OAuth2 protocol.
In your case you will probably use Google as an authentication provider and your application as resource server, according to the OAuth2 standard wording. First at all to answer your general question, there are different ways of using OAuth2 to authenticate users. A good starting points are these links:
https://www.rfc-editor.org/rfc/rfc6749
https://auth0.com
To find the proper way of implementing OAuth2 for your usecase I recommend using this decision tree: https://auth0.com/docs/api-auth/which-oauth-flow-to-use
For starting to implement OAuth2 in Spring Boot you can use several Spring Security projects with further documentation:
https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-security.html#boot-features-security-oauth2
https://docs.spring.io/spring-security-oauth2-boot/docs/current-SNAPSHOT/reference/htmlsingle/
Hi I am really new to Spring boot and Oauth2. I need to understand how to authenticate Spring boot web service with Oauth2 authentication with refresh token and access tokens. Likewise I need to know how to limit the access of different users (accessing resources) dynamically as well. I have searched in many articles on line and ended up with nothing that I really need to learn. I do not need SSO config with facebook or google. I want to know how to make our own authorization server.
Can anybody please help me to guide or send me a link of a useful tutorial that helps me to learn.
thank you.
This is a very open-ended question. So few links to start with:
Ok, start with OAuth2 Guide then OAuth2 Grant types. These are generic stuff you need to know.
Then In Spring Security OAuth 2 using Spring Boot .
You can basically restrict the API access in Resource Server by using a combination of OAuth scopes and Roles.
And finally, this is an amazing example which shows you how to manage OAuth clients, their grant types, tokens and so on.
Please get back with specific queries, it would be easier to help.
I have a Rest API backend (Rest based) which I want to secure now. I have looked into both Spring Security (for which I know implementation) and Apache Shiro. After learning that how shiro has a easy to use API, I want to implement it. However, there are no clear authorization tutorials to do this as I wanted to implement not just Basic Auth but Digest Authentication to have a more secured api. I have read that shiro has support for it. Also, I want to store my username and passwords in a databse and not in the ini file of shiro as shown in examples. Can anyone help me with this implementation? I have used Spring Rest for my apis.
Any suitable tutorial will help.
There are no digest examples yet in the Shiro samples dir. It can be done, but you would need to dig it a bit (take a look how the BasicHttpAuthenticationFilter works)
As for storing your users in a Database (or anywhere for that matter) Shiro uses the term realm for this. Here is an example gist that uses the JdbcRealm.
Developed Rest API using Java/Spring MVC
Can we provide authentication for RestAPI? If yes, How?
Now I am struggling with authentication for RestApi. Can anyone send some examples regarding the same.
Accessing rest API through AJAX request.
Since you are already using Spring, you can use Spring security to provide security related functionality. This can give you one stop solution for your security needs. Common security mechanisms for Rest API's (basic, digest) and features are supported out of box and it's very easy to add your custom security too. For a start tutorial you can have a look here
In our organization we are developing an ldap based Authentication, and Authorization
with Single Sign On on feature. Upon developing this generic module, there will be tens of other modules which will be dependent on it. The tool sets are -
Spring
Hibernate
Tomcat 7
openAm/openSSO
openldap
postgresql
We will have simple authentication mechanism but very complex authorization scheme. We are not sure what will be the right approach for authorization. Should we put the authentication as well as authorization logic in LDAP or should we use it for authentication only? In that case we will have to mess around with the OpenAM/OpenSSO. Is there any other approach? like spring security, CAS, JOSSO, .. ? Whatever the approach, it has to be very scalable and maintainable. Any suggestion or help would be greatly appreciated.
Thanks,
Nazrul
You may have a look at Apache Shiro: http://shiro.apache.org/. It is a easy-to-use security framework that supports most of the existing security technologies including LDAP and Single Sign On.
Also, through subtyping AuthenticatingRealm and AuthorizingRealm (from the Shiro API), you can implement your authenticating and authorizing strategies no matter how complex they are.
Most commonly, you will implement your own:
AuthenticatingRealm
AuthorizingRealm
AuthenticationToken
AuthrozationToken
PremissionResolver
and so on...
You probably would want to look at this before you move on in making any decision.
http://grzegorzborkowski.blogspot.com/2008/10/spring-security-acl-very-basic-tutorial.html
For the authorization, you can look at externalized authorization frameworks based on XACML, the eXtensible Access Control Markup Language.
It is an OASIS standard that implements attribute-based access control which gives you a lot of flexibility into how you design your authorization.