any one please explain me what is the exact use of 'j_spring_security_check' in spring security and how it works - spring-security

am trying to implement the code using spring security with database there I found this topic but seriously i didn't understand this concept.why they add post method within this 'j_spring_security_check'
so please anyone explain me with example.

It's a preconfigured URL in spring security to authenticate via form input.
It can be configured in your spring security configuration to point to another URL if needed.
If a form submits to this URL it needs to have the relevant parameters for the AuthenticationManager to use, such as j_username and j_password
These were changed in later versions to use username and password.
The best example of this using Spring MVC is in the Spring Docs.

Related

Spring Security using OAM (Oracle Access Manager) SSO (Single Sign-On)

I am new to Spring world and with the help of lots of information available online, I have pretty much developed Spring MVC Application I am working on currently.
Last piece I have to implement is to integrate OAM SSO in my application to use as authentication.
I searched a lot on web but couldn't find single example of implementing third party Authentication provider.
I finally realized that I have to use PreAuthentication but I am not sure how I would implement it.
I am unable to share my code because any thing I tried until now is not working and I feel that I haven't got right path yet.
Any help would be much appreciated.
To give you brief idea about OAM, OAM authenticates user ID and Passwords and sends you authenticated requests with a cookied, OBSSOCookie. Using this cookies, you need to contact OAM and get User ID and password and also User Roles (Authorities). Any request coming to your application is already authenticated so you do not need to authenticate again. all you need to do is, using this cookie, need to retrieve user Authorities.
For Spring MVC, you could use the spring-webmvc-pac4j security library, instead of Spring Security. Use a CookieClient to deal with the OBSSOCookie and create your own Authenticator to check this cookie against OAM.

spring session rest security

Spring session seems like a very interesting project but I have not been able to find much information on how to properly incorporate it in a spring security application. The readme on project github page has some information but I dont think thats applicable to spring security. Another example thats mentioned on the same page is to utilize this mechanism for REST access. Thats another use case that i think can benefit from an example. I would appreciate if some information on the subject can be shared. Thanks.
You can use Spring Session with Spring Security by simply ensuring to place the Spring Session Filter before Spring Security's filter. There is also an security sample project that demonstrates the use of Spring Session with Spring Security within the distribution. You can run it by cloning the repository and running the following:
./gradlew :samples:security:tomcatRun
The application will be available at http://localhost:8080/

Custom user authentication for specific screens in grails

I am using spring security core plugin in my grails application. but now I have a custom requirement.
I need to re-authenticate the user for some secret screens each time before opening these, even user is signed in already.
On re-authentication auth screen, I also want to add a secret pin code after username and password.
What will be the best way to implement this or is there any plugin available with this functionality ?
As far as I know there isn't any plugin that would address this for you. However, Glen Smith posted a few years ago how to implement your own custom authentication for specific URIs using the Grails Spring Security core plugin.
What he outlines there is very similar to what you will need to do:
Create a custom authentication object to hold the request.
Create a custom authentication provider to authenticate the request.
Create a custom security filter to apply to your URIs.
You should also note Burt's comment on the mentioned post about how to register custom authentication filters. This eliminates some of the code Glen provided.
Your implementation will be slightly more complex since you will need an additional filter to catch an authentication failure and route the user to the special login page. This is where things get quite tricky, but with the information above you should be able to get started and ask questions as you hit roadblocks.

Spring Security and CAS

I have some question that depends on initegration Spring Security 3 and CAS technology.
I know that SS gives me abilities to setup CAS auth with some providers and filters. But I didnt see examples that describe how can I use my custom login form or page.
CAS gives options to setup custom design of login page, but this solution isnt for me.
I need to implement pop-up login form in my applications. This is requirement and I can`t change anything.
So, my question is:
How can I integrate Spring Security and CAS with my custom login form/page?
Give me some examples or thematic links about this question, please.
Or maybe I mustn`t use CAS. Maybe some OpenId techonology?
Thanks!
One of basic principles of CAS: actual application does not know anything about user password. So if you absolutely want to have login page with password then consider using some other technology. For example if you can add for each your application a sub domain then authentication based on domain coockie will be good enough (consider Google with docs.google.com, mail.google.com, etc...)

Tivoli Access Manager with Grails spring security

Does anyone over here has experience integrating TAM with Grails spring security for single sign on. If so can you help me get a quick start or point to any tutorials.
Thanks
You would probably want to use Spring Security's pre authentication feature and examine the header sent from TAM. To do so you would write your own authentication provider which is really simple and just looks for the header. See this for some more information

Resources