by default there is not an option to set maximum concurrent session propery in grails spring security plugin. That is available with spring security (spring security session control). How can i implement such functionality with grails 3 using spring security plugin?
Related
Using Spring Boot, SpringMVC and Spring Security I can configure the security part of my Spring Boot app as follows: ...requestMatchers(EndpointRequest.to("status", "info")).....
Now I'm migrating from SpringMVC to Spring WebFlux. I see that I've to use pathMatchers() instead of requestMatchers. However, EndpointRequest is depending on HttpServletRequest (and thus on Spring MVC). Any hint is appreciated.
I'm just prototyping the migration from Spring MVC to Spring WebFlux using the latest milestone releases (also Spring Boot, Spring Data, and Spring Security). Using the Maven module spring-security-webflux I was able to setup BASIC authentication. However, I didn't find how to define a realm. Any hint is appreciated.
We have a CMS running in one tomcat container, that is not a spring application. We also have multiple applications running on separate tc server instances that contain our custom code (account management, cart, etc.). These are all spring 4.0.x applications and are secured with Spring Security.
I would like to enable Spring Session between all of these environments. Do you foresee any issues using Spring Session in an environment such as this?
Spring Session should work on projects that are not otherwise Spring. If you take a look at the HttpSession Sample listed in the Samples section of the reference and you will see it works just fine with a standard servlet too.
In fact, depending on how you choose to integrate, Spring Session requires no additional dependencies on Spring at all. For example, the Hazelcast sample demonstrates how you don't need any Spring dependencies (other than Spring Session itself).
The possible problems I'd foresee:
If your CMS uses session very heavily, then the IO of retrieving your Session on every request can slow down things significantly
The SESSION cookie is how the session is stored in the browser and then passed back to the application. Spring Session by default writes this in a cookie with the path of the context root. This means that the SESSION cookie will not be visible to all of the applications. You can customize this with your own implementation. You can follow issue 87 for progress on making this available by default.
I have the Grails Spring Security ldap plugin working and connecting to my Active Directory. Now I am trying to add the Spring Security UI plugin to manage my AD users and roles. Is this possible?
It appears that the spring security ui plugin controllers only handle database user/role crud.
Right, there's no support for managing LDAP in the UI plugin. I'm not sure how well-maintained it is, but the http://grails.org/plugin/ldap can manage LDAP.
How can I use the Spring security management console to provide a Grails application with fine-grained security? Examples would be appreciated.