i implemented an spring boot app with oauth authentication agains google and a remember me policy based on cookie, but i´m getting a weird bevahior in the UserDetailsService that is needed for the remember me.
In the loadUserByUsername() im getting the entire object instead of just the username of the user.
This is my configuration
And the userDetailsService implementation that im using
Any idea on how to get the username/email only?
Getting the username or email of the user in the userDetailsServiceImplementation class
Related
I have implemented spring security for UsernamePassword based authentication.
Tables like oauth_access_token, oauth_client_details etc are created by spring.
Tokens generated by tokenEndpoint.postAccessToken(principal, parameters); are stored in oauth_access_token table.
Scenario:
I need to have both usernamPassword based authentication and Google OAuth support.
Now I have to integrate Google OAuth in my application.
I can't use Google's API for every request validation so once I get the user profile from Google I'm trying to generate the token using tokenEndPoint and give it to client (Mobile App/Front end).
Problem:
-> I can't use "password" as grant type, as there is no password in this case and if I use password as grant type then Spring security uses password in DB for password validation
Is my approach correct.? what should I do here to store tokens in oauth_access_token table?
What is the best practice to support Social login and generate custom token which will be shared with the client.?
I'm developing a Grails REST API to use with an Angular app. I used Spring Security Rest Plugin for authentication.
I'm implementing a reset password feature, and after the user resets their password, I want to retrieve the JWT token, in order to send it to the Angular app, so the user will not need to authenticate manually.
How can I retrieve the token? Couldn't find it on the plugin docs. The commented line is what I want to achieve:
if(passwordReset?.isValid()){
passwordReset.password = request.JSON.password
User user = User.resetPassword(passwordReset)
springSecurityService.reauthenticate(user.username)
//springSecurityService.getJwtToken()
}
I am creating website using Spring Boot, Spring MVC and spring-security-oauth2 and I am trying to authenticate my locally stored users against Google, Facebook, GitHub ... OAuth2 services. I also have standard username-password for them.
My idea is to store pair of [OAuth2_provider_type,OAuth2_subjectId] for each user to local database from the first success oauth login and then use this pair to find correct user when user authenticate himself by Google (or FB...) again. I have correctly authenticate with Google/Facebook but I don't know how to connect my local stored users to Spring OAuth2 Security and get them to SecurityContext.
Could somebody point me to some example or integration test where I can see something similar?
I am scanning spring-security-oauth2 sourcecode and I am confused little bit - do I need OAuth2 AuthorizationServer or ResourceServer for that?
Thanks for any help!
I am trying to integrate Spring security authentication in my application. The problem I am having right now is after success login, I would like to retrieve the current user which is store in spring security context, I got the UserDetails instead of my User.
I have implemented UserDetailsService and overriden loadUserByUsername(String username), here i need User entered password.
I want to authenticate against LdapTemplate authenticate(username,password).
I have searched a lot but dint get it.
Please help me.
Either use spring-security-ldap for LDAP based authentication or implement your own AuthenticationProvider instead of DaoAuthenticationProvider.
There are multiple authentication scenarios when using Spring Security LDAP:
either you can retrieve the user entry via connection authenticated by the provided credentials (probably scenario you are looking for)
or you can authenticate via technical account (usually you need to make LDAP search to get user's DN)
For more information check Spring Security LDAP documentation.