Get spring security oauth to access askToLinkOrCreateAccount.gsp - grails

How can you access the askToLinkOrCreateAccount.gsp inherent in the SpringSecurityOAuthController?
I am trying to access the functionality to link oAuth credentials to an existing Grails account as opposed to creating a new one.
grails 2.4.2
spring-security-core-2.0-RC4,
spring-security-oauth-2.0.2
spring-security-oauth-google-0.1

Related

Java Spring Application - Integration with Azure AD for SSO

I have a Java Spring MVC application (note that its not spring boot).
We have a requirement to implement SSO for the users of our application. I did some research, the identity provider (IDP) in our case is Azure AD. The service provider would be my application in this case. I am thinking of using SAML protocol for SSO.
Also note - The application is http based (not HTTPS)
What I've done so far -
I've created an Enterprise Application on Azure and configured entityId and replyURL. I also added a user for this application.
Where I'm stuck -
Although I did read the related Spring documentation to achieve this, since I'm a newbie here, I still don't have a clear path as to how can I take this forward in my application. I found some solutions, they seem to be examples for spring boot. Can someone please help me with guides as to how this can be done in Java Spring? Which maven dependency I could use and any sample example to start working with SAML? A step by step explanation would be highly appreciated, thankyou.
Also, any other options than SAML would also be fine.
The Spring Security SAML extension (https://docs.spring.io/spring-security-saml/docs/1.0.0.RELEASE/reference/html/index.html) had an example web app. You may read the referenced doc and apply it to Spring Security SAML. It should not be too much difference.
I’m very glad to register the flow in the event of implementing Azure AD B2C OIDC/OAuth protocol with existing Spring MVC architecture.
Below Spring docs reveal that how was our existing project's spring-security layer being served in the context of filter-chain.
Pre-requisites
Authentication Filter - Form Based Login with Legacy IDP
Authentication Manager – Providing the user details authorities along with http session object
For accomplishing this Azure B2C Integration, we've gone thro' lot of repos but most of them are relying with Java config based but we were interested on Spring namespace with limited code/architectural change.
Then finally we came to the conclusion that how to extend the spring default auth-filter/manager for getting valid session object from security context based on the Azure provided (id/access) token after the successful user authentication.
Customizing Spring-Security
The detailed documentation on how to extend auth-filter/manager is available here with © reserved by terasoluna.org
We customized the spring security in such a manner that auth-filter will carry the token_validation against the given token from Azure and authentication manager will extract user details such as roles/privileges w.r.t to the object-id mapped in our DB's user entity.
Once the Spring security customization is done then we can able to integrate the Authorization-server [Azure in our case] and Resource-server [Existing Spring Application] by following the conventional methods.

Custom authentication overriding Spring Security

I have my 2.5.4 grails version application secured by Spring Security and working very well. I need to change that and grant access to the user only if the reply of a rest service allows that. That is, instead of using the spring security functionality of asking for a username/password, I want to call a rest service (that I have already) and if this service replies that the user has access to the application, I want to grant access to this user.
As far as I understand, I need to override the auth method of LoginController of spring security core. Will I also need grails filters?
Could you please provide me with some advice on this topic?
This works for me in BootStrap.groovy running grails 3.1.9. Not sure it will help you, but it might be a starting point.
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.context.SecurityContextHolder as SCH
...
SCH.context.authentication = new UsernamePasswordAuthenticationToken(admin.username, admin.password, admin.authorities)
Have you looked at the spring security rest plugin (version 1.5.3 for grails 2.5.x) and using JWTs to pass around the authentication?

How do I customize the credentials check in the Grails Spring Security Core plugin?

I'm currently creating a new application that requires users to login. I want to use the Spring Security Core plugin for this, but the only problem is that the credentials of the users are stored in a centralized system, and not locally in the database. This system can only be accessed by an API, and will tell me whether the credentials are correct or not.
Is there any way to override the credentials check of the Spring Security Code plugin, so I can check the credentials myself? Or in case this is not possible, is there any other workaround?
It belongs on what your system looks like.
You can write your own Authentication Provider.
Here is answer.
You can create your own User class with datasource set on your centralized system database.
Or you can use Spring Security CAS Plugin

Developing webapi in Grails using jaxrs plugin Spring Security settings needed

I am developing the webapi using jaxrs plugin in a Grails project (existing) in which there is Spring Security configured which is not allowing me to access the api urls i.e /api/**
I am getting You are not authorised to access this page though I have logged in as Admin but I am not able to configure the access to this path with/without authentication.
I guess you're using spring security?
Authentication is generally handled a little differently when implementing a rest api. Check out the excellent Spring Security REST Plugin. There's some really nice documentation here that explains the authentication lifecycle.

Spring Security integration with WSO2 Identity Server

Does Spring Security integrates with WSO2 Identity Server? If yes, then is there any sample or tutorial available for this?
Did you had any luck?? If so, could you point me in the right direction?
I'm researching on the same topic, you should take a lookt at:
Spring Security Extensions
Spring Security Extensions Git Web Interface
You could use either SAML2 or Kerberos to authenticate against WSO2 Identity Server, although I have not tested this yet, but should work.
If this is related Spring Security OAuth2 Integration with WSO2 IS.
Actually, there are 2 different ways to integrate Spring OAuth with WSO2 Identity Server:
using the WSO2 IS admin web services like OAuthAdminService, OAuth2TokenValidationService
sharing the database (not recommended, your application shouldn't have access to the identity provider database)
It's quite easy to integrate Spring OAuth with WSO2 Identity Server, of course, you could reimplement all TokenStore methods or the DefaultTokenServices to provide even more functionality and make the integration as transparent as you like but this sample is meant to show the very first steps.
You can refer the below blog https://www.yenlo.com/blog/wso2-spring-oauth2-integration-with-identity-server

Resources