I am trying to integrate Spring security authentication in my application. The problem I am having right now is after success login, I would like to retrieve the current user which is store in spring security context, I got the UserDetails instead of my User.
Related
i implemented an spring boot app with oauth authentication agains google and a remember me policy based on cookie, but i´m getting a weird bevahior in the UserDetailsService that is needed for the remember me.
In the loadUserByUsername() im getting the entire object instead of just the username of the user.
This is my configuration
And the userDetailsService implementation that im using
Any idea on how to get the username/email only?
Getting the username or email of the user in the userDetailsServiceImplementation class
I am creating website using Spring Boot, Spring MVC and spring-security-oauth2 and I am trying to authenticate my locally stored users against Google, Facebook, GitHub ... OAuth2 services. I also have standard username-password for them.
My idea is to store pair of [OAuth2_provider_type,OAuth2_subjectId] for each user to local database from the first success oauth login and then use this pair to find correct user when user authenticate himself by Google (or FB...) again. I have correctly authenticate with Google/Facebook but I don't know how to connect my local stored users to Spring OAuth2 Security and get them to SecurityContext.
Could somebody point me to some example or integration test where I can see something similar?
I am scanning spring-security-oauth2 sourcecode and I am confused little bit - do I need OAuth2 AuthorizationServer or ResourceServer for that?
Thanks for any help!
I have an application that uses Spring Security LDAP for User authentication.
What I'm trying to do is build a feature that requires the User to provide their password again for validation of credentials before performing an important process.
The user is already signed in, so I wouldn't want to kick the user out by killing their current session.
This sounds like it could be a tricky requirement to fill. I have one somewhat outside the box solution that could meet the requirement:
Create a sister Grails application that uses the same Grails/Spring Security/LDAP structure as your primary app.
Expose a /verifyLdapCredentials Service in the sister application to accept the user's LDAP credentials
Authenticate against LDAP
Sends a success/failure response back to the primary application
Unauthenticate from the sister application immediately to prepare for the next request
I ended up creating a separate service and controller to make a simple LDAP auth and lookup.
The service would login with the Spring config settings, then apply the username and supplied password and validate CN result.
I have implemented UserDetailsService and overriden loadUserByUsername(String username), here i need User entered password.
I want to authenticate against LdapTemplate authenticate(username,password).
I have searched a lot but dint get it.
Please help me.
Either use spring-security-ldap for LDAP based authentication or implement your own AuthenticationProvider instead of DaoAuthenticationProvider.
There are multiple authentication scenarios when using Spring Security LDAP:
either you can retrieve the user entry via connection authenticated by the provided credentials (probably scenario you are looking for)
or you can authenticate via technical account (usually you need to make LDAP search to get user's DN)
For more information check Spring Security LDAP documentation.
I have a Spring MVC web application, there are no secure areas so all users can see all pages however i do have a Facebook log, using spring social, in and i do identify each user by session id. the scenario is that a user can see pages as a guest where the application identify him (or her) by the session id, when the user log in with his (or hers) Facebook account, a record is save for the user with the corresponding Facebook data.
the next time the user visit the application i want to be able to identify him.
i thought about using spring security remember me feature (and an infrastructure for maybe future use).
so my question is, is spring security the right solution for me? and if so is it possible to set authentication by session id?
Spring security is good for authenticating users. If you were just to authenticate by session id, there is the possibility that bogus users could access user info by spoofing their session data.