Currently the swagger UI is exposed without any security scheme.
Need to implement basic auth for the swagger UI. So that everytime its pops for username and password before displaying the UI.
I have implemented ApiKey authorization but not able to configure for BasicAuth .
Very new to spring
Related
The API is deployed without any Security Scheme provided in the swagger.json, however, the API is accessed over reverse proxy with Basic Username/password Authentication. Since the security scheme is not provided, the swagger UI won't display the "Authorize" button. Is there any way to enable/show "Authorize" button without Security Scheme or provide such proxy configuration in Swagger spec itself?
I am trying to implement sns login with Spring Security. The api server is spring-boot and the front is android and iOS.
From my understanding, it seems that spring-security-oauth-client supports the process of issuing an access token with server side rendering. (authentication code grant or implicit grant ..etc)
This is where my troubles begin.
First of all, I want to use OpenId Connect because I know that authentication should not be processed with oauth's access token.
Because android needs to use the sdk, the front (android) issues the idToken and gives it to the backend server.
So I wanted to implement it using the oauth2 function supported by spring-security, but I couldn't find a good way. So the following question arose:
Can it be implemented with the oauth-support function of spring-security?
So, I am trying to process authentication by creating an Authentication Provider for each oauth provider through a custom filter that directly extends OncePerRequestFilter.
Another question arises here.
Is there any difference between implementing the filter directly in spring-security and performing authentication in the controller of the spring container? performance or other aspects
thank you.
I am building a new application using microservices with a frontend UI using React JS. I have created an auth microservice using Spring Boot and OAuth 2.0. For single page applications I have read that I should use the implicit grant instead of the password grant. The auth microservice will support this but my question is where would I implement the UI for the user to put their username and password? Would it be within the auth microservice or would I have to create a separate UI application?
The authentication form will be on your auth microservice. Think for example as you use google login. You'll see google login page even if you have your own microservice. It's because authentication provider is google and you redirect user to login to google.
I implemented all grant types a while back. May be this will help you.
I'm developing a Grails REST API to use with an Angular app. I used Spring Security Rest Plugin for authentication.
I'm implementing a reset password feature, and after the user resets their password, I want to retrieve the JWT token, in order to send it to the Angular app, so the user will not need to authenticate manually.
How can I retrieve the token? Couldn't find it on the plugin docs. The commented line is what I want to achieve:
if(passwordReset?.isValid()){
passwordReset.password = request.JSON.password
User user = User.resetPassword(passwordReset)
springSecurityService.reauthenticate(user.username)
//springSecurityService.getJwtToken()
}
I am newbie to OAuth2 and understood its implementation theoretically very well. I followed this link to handle OAuth2 callback URL Build Authorization Callback Handler. But i am using Spring Security in my project, so i don't have to do much work myself. I am using salesforce API. Whenever there is UserRedirectionRequiredException, the spring security OAuth2's ClientContextFilter handles it and redirects for authorization.It all works very Well. I am able to get contacts , tags from salesforce account using RestTemplate and salesfore Resource.
The question is how to handle oauth2 callback URL using spring security. whenever i call any salesforce api e.g getContacts, if access token is available it works. But if i don't have accesstoken, the user is redirected and when authorized, the access Token is obtained from provider but the control goes to my Oauth2callback url and finishes there. Now i have again to call the getContacts Api and it retrives the contacts.
Help me in implementing OAuth2Callback URL using spring security so that when i call any Api, if unauthorized, after authorizing and retrieving accesstoken it automatically calles back to that API rather than stoping on my OAuth2callback URL.