I'm working on sample webapp that I'm supposed to show to my CTO.
It's basically a spring-mvc HelloWorld kind of thing whose only request is that users (in order to actually get to see "hello world!") need to login into it using their twitter account.
I find it amazingly hard to set it up.
I'm tangled among 2 different docs (spring-security and spring-social-twitter) and I'm now wondering whether I should actually go checkout spring social oauth.
Any help will be much appreciated.
There are a few projects on GitHub that you can use for example code. The first is "Spring Social Security":
https://github.com/socialsignin/spring-social-security
This is a library you can use for implementing Spring Security using Spring Social as basically the "back end" system for your webapp's user accounts and login. There is a demo webapp using it here:
https://github.com/socialsignin/spring-social-security-demo
You may be able to just drop this library in, though I haven't tried it yet so I'm not 100% sure.
I also have a demo webapp that integrates Spring Social and Spring Security but a little differently. The idea is to add in Spring Social to an existing app that already implements Spring Security with its own user accounts and login info stored in a database.
https://github.com/sdouglass/spring-security-social
Related
How to integrate Magnolia CMS with Keycloak?
I need to have a Single Sign On with Keycloak, but haven't found a way (so far I was examining the configuration documentation and wiki pages for Magnolia).
I'm very new to Magnolia so this actually might be a noob question.
As a side note: Might not be best starter task if you are very new. Consider getting training where authentication and it's configuration is explained at length.
As for the task at hand, you would want to write your own authentication module and place it in the chain of JAAS modules Magnolia/Tomcat will evaluate when authenticating users.
There is similar module written looong time ago for NTLM based authentication that you can take as a blueprint (assuming you are enterprise customer and have access to enterprise code) for what you want to achieve. Otherwise, there's only stuff that is on documentation that might help.
- NTLM Module
- General security documentation
Might be frustrating starting experience tho.
I am developing a web app using SpringMVC. The app should manage several users with these traditional operations (for each user) : registration- login - logout - update account - etc...
So, my questions are:
Is Spring Security enough to manage these operations for several users ?
What is the best way to proceed?
Many thanks
This is what spring security meant for, it will work like a charm.
Follow this link for a simple example.
http://websystique.com/springmvc/spring-mvc-4-and-spring-security-4-integration-example/
I am developing a web application using Spring MVC. Since I am kind of done with the the basic functionality, I was going to add user management. By this I mean that I have to extend the logic of the application to support several users. However being new to Spring MVC I am lost... How and where to add session management? How to change my controllers? Could anyone please suggest a good resourse? Tutorials which I find on the Internet mainly deal with page access by using Spring Security. I need more than that. Thanks in advance!
This tutorial http://www.mkyong.com/spring-security/spring-security-form-login-using-database/ gives a good step by step direction on how to use spring security with a database based on user roles. I am not sure exactly what more you want that needs to be directly addressed in your question. The good thing with spring security is that you don't need to change your controllers. It uses a simple xml configuration and is independent of the platform you use.
My company uses Google Apps for our e-mail/business app provider. Every employee has an account here.
I'm looking into creating an asp.net web app that would allow users to sign-in (using their Google Apps account) and then accomplish certain things (first goal: keep a current record of the employee's skillset).
Before I get started, I wanted to find out if an OpenID login system using Google Apps is any more difficult than doing it the standard way, or if I need to be aware of any pitfalls.
We have one domain, and the only requirement would be that the user has an open account that exists.
Thanks in advance for your thoughts on this!
I have slides for you from a talk I gave a month ago: Google Apps Account As OpenID
http://www.slideshare.net/timdream/google-apps-account-as-openid
Basically there are two ways of doing this.
Follow the Google documentation, patch your ASP.net OpenID library to accept Google Apps OpenID that is not really discoverable from the claimed URL.
Install a set of discovery information on the claimed URL (/openid?id=XXXX on your website) to make your Google Apps OpenID behaviors the same way present OpenIDs do.
Either way, after completion user will be able to login to your ASP.net app with following URL:
https://www.google.com/accounts/o8/site-xrds?hd=[yourappsdomain]
My solution to this issue was to use the DotNetOpenAuth library -- I was unaware that the latest version has Google Apps support.
Highly recommend the product -- you can find it here.
I modified one of the example files and was up and running in no time.
Thanks to all who answered!
I started on Spring a few months back and the Security topic seems the most complex to me. With Acegi moving into Spring I could not find a single tutorial that tells step by step way to add security to a Spring app. Please help me. My requirements are as follows:
I have several roles in application, they are not hierarchical roles (meaning Role A not necessarily have all roles of Role B etc).
I want to integrate it to use my own User table where I would store Username, encrypted password (one way encryption) and I want to use either Hibernate or any Spring inbuilt component (read the class name JdbcDaoImpl somewhere, have no clue how to use it though) to access the DB data.
I probably don't want method level security because I want to use Spring taglibs to selectively show/hide menu items, however there should be way to prohibit unauthorized user to access a page directly through URL.
I don't want ready made code, (this tutorial for example confused me to hell, since it doesn't even have Spring security name-space declaration in security.xml), I would appreciate rather a step-by-step guide on how to achieve the above in a Spring2.5/Hibernate3 application using Spring security.
Thanks for your time.
Well without knowing what you've already read here are the articles I used to first start. Note that a lot of the Acegi Security articles are still relevant, Spring Security uses almost all the concepts from Acegi - the only thing they really added was simplifying [some] configurations - like the auto-config for security situations that exactly fit their use case.
Securing Java applications with Acegi
Acegi Security Fundamentals
Pathway from Acegi to Spring Security 2.0