I'm having surprising difficulty getting hold of a JWT library which works with Grails 2.2.x, and I'm hoping someone can point me in the right direction. Stormpath's JJWT looks promising (https://github.com/jwtk/jjwt), but I am running into all kinds of dependency issues which I can't resolve. There seems to be a plugin which latches on to Spring Security (http://plugins.grails.org/plugin/grails/spring-security-rest) but I'm not actually using Spring Security - not sure if I have to. Any useful pointers would be welcome!
Figured it out. Nimbus JOSE + JWT (https://connect2id.com/products/nimbus-jose-jwt) works fine. I downloaded the 2 necessary jar files, nimbus-jose-jwt-4.34.2.jar and a dependency, json-smart-2.2.1.jar, from the Maven repo.
Related
Is there any example out there for google plus oAuth2 for grails?
I see a plugin on github with documentation
This one seems to be 2 years old and I could not find any examples of using this plugin.
I am willing to try this. but want to know if there are any other plugins out there which are up-to-date?
I have had success using this one: http://grails.org/plugin/spring-security-oauth-google, but it requires the use of the Spring Security Oauth Plugin: http://grails.org/plugin/spring-security-oauth
I have an existing, eclipse based web servlet application that authenticates using http basic authentication. I am looking to convert this to Spring based security. I understand what has to be done programatically, but am having problems with the details of configuring the project itself in eclipse. I am using the Spring STS toolkit, and I am able to successfully import one of the Spring Security sample apps (openid-xml) and it works fine.
My existing application also works properly when run under STS, but without Spring support
I would like a recommendation for either a tutorial on making this conversion, or some useful advice. For example, is it easier to
a) create a new Spring application and try to migrate my existing code into it, or b) try to convert my code by importing the various spring libraries, etc? c) convert my existing app to use maven instead of eclipse (Spring just doesn't seem to want to work without maven, and i am at a loss here) - naturally, I have no idea how to do this.
Any advice will be most gratefully received, after a day of hit and miss frustration.
I have answered my own question, and will try to provide some details for those who may be having the same problem.
First, there is some relatively useless info available on stackoverflow, but some good stuff as well.
This (https://stackoverflow.com/a/14867188/1374167) is completely wrong. It is certainly possible to secure a servlet with Spring Security. The trick is to realize that you are going to have to use Maven and Gradle to build the libraries for Spring and Spring Security.
Once you have built these jar files, you simply import them into Eclipse (it doesn't really seem to matter which version) and set up your web.xml and security contraints.
I used this project as a starting point. It's not perfect, but it got me on the right track, after I updated the spring and spring security jar files. The full blog post is here
I had a frustrating experience getting to this point but I hope this information will help others. It's quite simple once you understand what to do.
I want a workflow/webflow plugin that needs to be integrated with an existing Struts2 application.
I found Struts-workflow-extension but looking in its source code I realized it is entirely based on the Struts1 and have there is no support for this plugin since 2003.
Basically my requirement is to handle the entire workflow through configurations that could be done at runtime. Spring webflow is also an option but it's much of a learning curve depending on the deadline that I have to meet.
So is there any workflow/webflow extension that can be easily integrated with Struts2?
Any help will be highly appreciated. Thanks
You can try https://github.com/aleksandr-m/struts2-actionflow which seems to be more up to date.
I'm working on an OAuth server implementation based on the jersey-oauth 1.16 contrib in GlassFish 3.1.2 container and I'm getting this exception when trying to connect to it via Scribe client API:
AuthFilter.filter:
com.sun.jersey.oauth.signature.UnsupportedSignatureMethodException: HMAC-SHA1
for com.sun.jersey.oauth.server.OAuthServerRequest#13a50796
https://wikis.oracle.com/display/Jersey/OAuth states "It supports the signature methods outlined in OAuth Core 1.0 specification: HMAC-SHA1, RSA-SHA1, and PLAINTEXT" so I'm confused.
Do I have some misconfiguration issue?
Any suggestion/pointer/idea would be welcome.
Thanks!
Should this happen to anyone else, I thought I would share how I resolved this issue.
GlassFish 3.1.2 seems to still be stuck to an old version of Jersey 1.11. I guess there's some sort of incompatibility between Jersey 1.11 and the oauth contrib 1.16.
http://jersey.java.net/nonav/documentation/latest/glassfish.html describes how Jersey may be updated in the GlassFish container.
It's a bit tricky to do, but I've now Jersey 1.17 and it's working like a charm. :)
Unfortunately, I cannot add comments yet, but I just wanted to point out that the latest Jersey libraries for GlassFish can be found in this location. I was able to follow the instructions and make OAuth+Jersey work with Glassfish v3. Thanks, TheArchitect!
Based on advice posted here and here, I looked into and installed MyFaces CODI with my application. My biggest concern was overcoming the shortcomings of Weld's implementation of #ConversationScoped feature. After some hiccups I got it running on my GlassFish 3.1 development platform, and I converted all my beans to use
import org.apache.myfaces.extensions.cdi.core.api.scope.conversation.ConversationScoped;
In the end it seems like I am now not much further along than I was before. I do not have to call the conversation.begin() method anymore, which is good, but the beans hang around after the browser has left the page and come back.
What I was hoping for was the functionality of JSF 2.0 #ViewScoped that works with CDI. Once the user leaves the page, the backing bean should be discarded and re-created again if the user comes back. Is there a way to do this with CODI?
Incidentally, the documentation says it will pick up the #ViewScoped annotations and process them properly. I tried this and got and Weld wouldn't deploy it.
P.S. I am using myfaces-extcdi-dist-jsf20 version 0.9.5. I tried installing the core and JSF 2 optional module akibe but it would not deploy on my GlassFish/Weld platform. Any advice here much appreciated.
UPDATE 1: I ended up trying the ViewAccessScope annotation supported by CODI, and that seems to do what I wanted.
Follow-up question. The latest bundle that the maven repository that Apache maintains is 0.9.5 -- Can someone post the pom.xml segment that fetches the latest version?
Call conversation.close() before returning - ensure that you imported the correct annotation org.apache... and not javax... - see Wiki or use the ViewAccessScope instead. We are using: bundle in Glassfish 3.1.1 without problems. myfaces-extcdi-bundle-jsf20-1.0.1.jar is the only jar you need. Please also note that there is no "it". With CODI you have fine-grained groupable conversations instead of the monolithic and inflexible stuff you get with standard CDI conversations.
The set-up for the latest version with a Maven build is also in the Wiki.