I want to refresh my Reactive Spring Security Application on the fly. I have application.yml file which gets some information and use them in a bean with the annotation #EnableWebFlux. The problem is when I want to change something at application.yml file the spring security also be updated without restarting the server.
Do you have any solution for that ?
Do you think there is way to refresh spring security on the fly without restarting the server?
Related
I'm currently creating a new application that requires users to login. I want to use the Spring Security Core plugin for this, but the only problem is that the credentials of the users are stored in a centralized system, and not locally in the database. This system can only be accessed by an API, and will tell me whether the credentials are correct or not.
Is there any way to override the credentials check of the Spring Security Code plugin, so I can check the credentials myself? Or in case this is not possible, is there any other workaround?
It belongs on what your system looks like.
You can write your own Authentication Provider.
Here is answer.
You can create your own User class with datasource set on your centralized system database.
Or you can use Spring Security CAS Plugin
We have a CMS running in one tomcat container, that is not a spring application. We also have multiple applications running on separate tc server instances that contain our custom code (account management, cart, etc.). These are all spring 4.0.x applications and are secured with Spring Security.
I would like to enable Spring Session between all of these environments. Do you foresee any issues using Spring Session in an environment such as this?
Spring Session should work on projects that are not otherwise Spring. If you take a look at the HttpSession Sample listed in the Samples section of the reference and you will see it works just fine with a standard servlet too.
In fact, depending on how you choose to integrate, Spring Session requires no additional dependencies on Spring at all. For example, the Hazelcast sample demonstrates how you don't need any Spring dependencies (other than Spring Session itself).
The possible problems I'd foresee:
If your CMS uses session very heavily, then the IO of retrieving your Session on every request can slow down things significantly
The SESSION cookie is how the session is stored in the browser and then passed back to the application. Spring Session by default writes this in a cookie with the path of the context root. This means that the SESSION cookie will not be visible to all of the applications. You can customize this with your own implementation. You can follow issue 87 for progress on making this available by default.
Spring session seems like a very interesting project but I have not been able to find much information on how to properly incorporate it in a spring security application. The readme on project github page has some information but I dont think thats applicable to spring security. Another example thats mentioned on the same page is to utilize this mechanism for REST access. Thats another use case that i think can benefit from an example. I would appreciate if some information on the subject can be shared. Thanks.
You can use Spring Session with Spring Security by simply ensuring to place the Spring Session Filter before Spring Security's filter. There is also an security sample project that demonstrates the use of Spring Session with Spring Security within the distribution. You can run it by cloning the repository and running the following:
./gradlew :samples:security:tomcatRun
The application will be available at http://localhost:8080/
I am trying to add the spring security management console which is shown in the spring security ui documentation.
It does not however tell you how to access it.
any ideas?
A good entry point is the user controller (grails.plugins.springsecurity.ui.UserController). If you are using the default URL mappings you will be able to access it at http://localhost:8080/<appname>/user in development mode.
i'm fighting with a strange problem using the spring security core plugin. after a successful login clicking on any secured link causes a automatic logout of the current user. it's very hard to determine the reason because this behaviour happens only in some cases. the application is secured by using request maps. there is no exception and the request maps are correctly configured.
grails 1.3.7, spring security core plugin 1.2.1
the problem was the misconfiguration of the server url. in some places www were used and in some configrations not. so make sure your are using the same server url for the app, e.g. in tomcat config, isa server config, app config, ...