Adding security (SSL) to a Spring web service - spring-ws

I've followed this guide: https://spring.io/guides/gs/rest-service/ to create a web service using Spring Rest. But now I need to add a SSL to the communication, I've tried following this other guide: http://www.radcortez.com/ssl-tls-rest-server-client-with-spring-and-tomee/ but a lot of code is in the web.xml file, wich the first guide said isn't used. I imagine now it's supposed to be in some kind of annotation. I would really appreciate some help with this!

Related

How to use spring security rest grails plugin to authenticate form-based login

Preface: I created the following issue in GitHub of the plugin and Alvaro Sanchez, the author of the plugin, recommended me to ask here which is the dedicated discussion channel for it.
We are migrating our Grails-based application to Kubernetes to allow multiple instances running simultaneously. The inherent problem is that the application will ask users to re-login if the request is served by the other pod that is not the previously same pod. We want to replace session-based authentication with token-based authentication.
I have come across writing on medium explaining how to use this plugin come long the source code published on GitHub, however, this tutorial didn't show how to customise the form-based login or something along those lines.
The key point here is to verify the existence of the defined token in order to redirect the login URL. However, I don't actually understand how and where we could intervene LoginController spring security core to check both username and token.
Apart from that, I cannot find any tutorials as well as documentation relevant to our need, so then I have raised this problem which someone experienced users can share their solutions.
If you have any idea, helpful tutorials or source code, could you please share with us?
Thank you in advance!

Implement Basic Auth in ASP.NET 5

I’m using ASP.NET Identity with Forms auth in an MVC6 application, and trying to implement Basic auth for the API endpoints.
I would have thought there’d be a pre-built middleware that does it, but haven’t been able to find it. I’ve had a look at the Filters test website https://github.com/aspnet/Mvc/tree/dev/test/WebSites/FiltersWebSite and I can’t seem to work out what it’s doing/which parts are important.
I’ve tried using the pre-5 approach of manually doing basic auth in an authorizationfilter, but SuppressFormsAuthenticationRedirect seems to be gone, and the CookieAuthenticationHandler keeps redirecting to the login page.
Basic auth is not there by design. Security team is against it. They will probably make a sample later.
you can read a discussion on the issue here : https://github.com/aspnet/Security/issues/209
Since you are targeting IIS, I suggest leveraging IIS for basic authentication. You can drop a web.config file into your wwwroot folder with a section to configure your basic authentication options.
If you want to remain host agnostic, you will need middleware. Here is someones implementation: https://github.com/Kukkimonsuta/Odachi/tree/master/src/Odachi.Security.BasicAuthentication

Spring Data Neo4j in combination with Spring-Social and Spring-Security

I am in an early stage of a small Spring-based project which utilizes Spring Data Neo4j with an embedded database (but possibly could use a server instance in a later development , too).
My data model and relationships have been designed, Spring Security (with Neo4j), MVC and tiles are set up and also seem to be fully functional.
Now I have the additional requirement to allow login with social networks.
I'm really stuck with trying to integrate Spring Social with my above mentioned setup. Basically I have a rough idea that I need to make use of the cross-store Neo4j component but have no real clue, how I could start with it.
I tried to find something useful for my case (SDN Neo4j + Spring Social Security) on github but was not really successful with that either.
Can anyone provide me an example configuration or even point me to some examples (I obviously didn't find before) ... any help is highly appreciated.
I don't think there is a Spring Social connector yet, but it shouldn't be too hard to write (there is one for Mongo). If nothing else, you can use the https://code.google.com/p/google-api-java-client/ directly form a service, exposing the google oauth callback from a Spring Controller, should work too.
https://code.google.com/p/google-api-java-client/
Neo4j connection repository for Spring social has been implemented here using neo4j-ogm. You can reuse that. https://github.com/maciossek/spring-social-neo4j

Tivoli Access Manager with Grails spring security

Does anyone over here has experience integrating TAM with Grails spring security for single sign on. If so can you help me get a quick start or point to any tutorials.
Thanks
You would probably want to use Spring Security's pre authentication feature and examine the header sent from TAM. To do so you would write your own authentication provider which is really simple and just looks for the header. See this for some more information

Spring Web Service

I want Spring Webservice program in details. I have visited many websites , no website is providing me in proper. I want that program to be detailed and clear explained. It is better if you use any one of the Netbeans of Eclipse Ganymade IDE's
Please look at a very simplified post on how to build web services using Spring-WS[Title: Building a web service with Spring-WS] at
http://justcompiled.blogspot.com/2010/09/building-web-service-with-spring-ws.html

Resources