I have spring MVC rest application and front application that consumes services from rest application. If not connected user try to use service from rest app then connection web service will be invoked.
Connection webservice use spring saml to connect user to Active directory.
How can I propagate the connection to the front application?
To implement that I use Spring oauth2. My Rest Api is the resource server and the client Api is oauth2 client. Hope that will help
Related
We have developed an WEB API application by enabling HTTPS requests and deployed the same in a different machine in IIS. But when we try to call the WEB API methods in our MVC application we're actually getting the error and unable to connect either through the postman. When we're requesting through http, it's working but not using https.
Here is my situation:
There is a API service and it'll publish a new version once a season.
I create a web application for each version. So there's a list of web applications under default website that looks like:
API_2016S1
API_2016S2
API_2016S3
...
For clients, the url of API should be the same, even its version has been changed.
The version info won't be a part of the API url.
And the relationship between client and API version is storing in a database.
So the flow of a client's request may looks like:
client
send request(with client id in the header and session's cookie)
a portal application that do:
authentication
determine which API application should be
send client's request to specific API application
specific API application do:
receives request(regardless of authentication)
process request
response to portal application
the portal application responses to client
So for the upcoming new version of API service, I just need to create web applications for them and setting relationships in the database.
For now I'm trying to build the portal application by myself.
My question is: Is there any similar structure or mechanism can handle this kind situation? Or any idea for me. Thanks!
What you are looking for is called API Gateway or API Middleware. Instead of sending requests to the actual APIs, all clients send those requests to this middleware and it serves as a proxy and forwards the requests to a correct APIs.
There are some open source solutions such as KONG, Tyk (and others ) that you can deploy and manage by yourself or you can consider AWS API Gateway as a managed service.
I have developed an API using ASP.NET Web API 2 to be consumed by applications in my domain. I want to secure the access to the API endpoints. I've decided to use the OAuth token based token authentication for mobile app clients and web app clients.
However there are some non-interactive windows service clients that need to consume the API. I do not want to store login credentials to get a token in the service config, however a Windows authentication suits this type of client.
Is it possible to use a hybrid - windows and token-based authentication in ASP.NET WebApi? How?
I think the Windows authentication service from Identityserver might be a good solution for your problem
You can find more information on : WindowsAuthentication repo
I have decided to break up the API into two. One for normal OAuth based access and the other with specific resources using Windows authentication to be consumed by non-interactive windows service clients.
I am developing a Spring Boot application that will provide a web app and a REST interface for an iOS application that a colleague develops.
The Spring Boot MVC web application already uses Spring Security with a form based login and a JPA entity for authentication of users with roles. Everything pretty straightforward.
We want to use OAuth2 for connecting the iOS app to the server for accessing the REST API so that we do not have to store the username/password on the device.
What would be the easiest configuration for this?
Do we need to call /oauth/authorize or would it be enough to call /oauth/token to get an access and a refresh token by sending the username/password the user provides once in a form in the iOS app?
I want the iOS application to be authenticated as the user via oauth token afterwards so that it can access the entities assigned to the user.
How implement an Component that publish secure services Rest , conditions:
These services should be secured by OAuth 2.0.
This component will is the Resource Server.
The Authorization Server is third party component implemented with Spring OAuth2.0 and Deployed in JBoss Server.
The client app will be called to resouce server, using JavaScript or RestTemplate Client.
Since you are already developing other legs of the OAuth2 solution using Spring Security, there is no reason to not use it as OAuth implementation for Mule as well.
http://www.mulesoft.org/documentation/display/current/Configuring+the+Spring+Security+Manager
There is some also prepared things in Mule, if you run the commercial version, check htis out: http://www.mulesoft.org/documentation/display/current/Mule+STS+OAuth+2.0a+Example+Application