I'm just prototyping the migration from Spring MVC to Spring WebFlux using the latest milestone releases (also Spring Boot, Spring Data, and Spring Security). Using the Maven module spring-security-webflux I was able to setup BASIC authentication. However, I didn't find how to define a realm. Any hint is appreciated.
Related
Could anyone describe what is difference between openfeign/feign and spring cloud openfeign? I see spring cloud openfeign depends on openfeign/feign, but I couldn't get specific differences.
Is it always recommendable to use spring cloud openfeign rather than vanilla feign when I use spring framework?
https://github.com/OpenFeign/feign
https://github.com/spring-cloud/spring-cloud-openfeign
OpenFeign/feign is a complete http client binder solution which can use multiple different libraries
Spring Cloud Openfeign
provides OpenFeign integrations for Spring Boot apps through
autoconfiguration and binding to the Spring Environment and other
Spring programming model idioms.
"Spring Cloud Openfeign" is only for spring, "OpenFeign" can work without spring environment.
Conclusion, if you are using spring go with "Spring Cloud Openfeign"
PS:https://youtu.be/3NcmlrumSOc this video explains with all details.
Using Spring Boot, SpringMVC and Spring Security I can configure the security part of my Spring Boot app as follows: ...requestMatchers(EndpointRequest.to("status", "info")).....
Now I'm migrating from SpringMVC to Spring WebFlux. I see that I've to use pathMatchers() instead of requestMatchers. However, EndpointRequest is depending on HttpServletRequest (and thus on Spring MVC). Any hint is appreciated.
I'm in the process of moving my application from Spring Security's CAS client to JASIG's Java CAS client. This was due to our security group adding some custom functionality to the JASIG version.
I've seen on JASIG's website the examples of how to configure the CAS client using Spring's configuration. I've used this example:
https://wiki.jasig.org/display/CASC/Using+the+CAS+Client+3.1+with+Spring+Security
I'm using STS and it complains about numerous lines being incorrect or deprecated. Also, when using the spring security CAS client I configured my roles as part of the <sec:http> block using intercept-url tags like this:
<sec:intercept-url pattern="/api/**" access="hasAnyRole('ROLE_OPERATOR', 'ROLE_ADMINISTRATOR')" method="GET" />
However, in the example the roles are configured in the FilterSecurityInterceptor bean and while it uses the sec:intercept-url tags the expressions don't work.
I believe the issue is that the example is from an earlier version of spring security but I'm using a newer version.
Does anyone know of an updated version of the configuration for the above sample? I know I need to upgrade my config from what the example shows but I'm not a full time security guy, just a developer tasked with doing this move, so I don't live an breath this stuff every day. Any help would be greatly appreciated.
My env:
Spring Source Framework v3.2.2
Spring Security v3.1.4
JASIG CAS Client v3.2.1
-Richard Ward
Spring session seems like a very interesting project but I have not been able to find much information on how to properly incorporate it in a spring security application. The readme on project github page has some information but I dont think thats applicable to spring security. Another example thats mentioned on the same page is to utilize this mechanism for REST access. Thats another use case that i think can benefit from an example. I would appreciate if some information on the subject can be shared. Thanks.
You can use Spring Session with Spring Security by simply ensuring to place the Spring Session Filter before Spring Security's filter. There is also an security sample project that demonstrates the use of Spring Session with Spring Security within the distribution. You can run it by cloning the repository and running the following:
./gradlew :samples:security:tomcatRun
The application will be available at http://localhost:8080/
I have the Grails Spring Security ldap plugin working and connecting to my Active Directory. Now I am trying to add the Spring Security UI plugin to manage my AD users and roles. Is this possible?
It appears that the spring security ui plugin controllers only handle database user/role crud.
Right, there's no support for managing LDAP in the UI plugin. I'm not sure how well-maintained it is, but the http://grails.org/plugin/ldap can manage LDAP.